52008DC0710

Report from the Commission to the Council and the European Parliament on the Development of the Second Generation Schengen Information System (SIS II) - Progress Report January 2008 – June 2008 /* COM/2008/0710 final */


EN

Brussels, 10.11.2008

COM(2008) 710 final

REPORT FROM THE COMMISSION TO THE COUNCIL AND THE EUROPEAN PARLIAMENT

on the Development of the Second Generation Schengen Information System (SIS II)

Progress Report

January 2008 – June 2008

TABLE OF CONTENTS

1. Introduction (...)3

2. Project Status (...)3

2.1. Progress during the period under review (...)3

2.1.1. Global SIS II Schedule: (...)3

2.1.2. Preparations for Migration: (...)4

2.1.2.1. Migration Schedule and Legal Instruments (...)4

2.1.2.2. Migration Schedule and Converter Specification (...)4

2.1.3. Network Installation: (...)4

2.1.4. Testing Central SIS II: (...)4

2.1.5. Test involving Member States: (...)4

2.1.5.1. Connectivity Test (ICT) (...)5

2.1.5.2. Compliance Test (CT) (...)5

2.1.5.3. Operational Systems Test (OST). (...)5

2.1.6. Operational Management: (...)6

3. Management (...)6

3.1. Project Management (...)6

3.1.1. Scheduling: (...)6

3.1.2. Risks: (...)6

3.1.3. Project Management Board: (...)6

3.1.4. Financial Management: (...)6

3.2. Meetings (...)7

3.2.1. SIS II Committee meetings: (...)7

3.2.2. National Planning and Coordination: (...)7

3.2.3. Council Meetings: (...)7

4. Priorities for the Next Reporting Period (...)8

4.1. Testing (...)8

4.1.1. Provisional System Acceptance Test (PSAT): (...)8

4.1.2. Global Test Preparations (GT): (...)8

4.2. Migration Development (...)8

4.3. Operational Management (...)8

4.4. Security and Data Protection (...)9

5. Conclusions (...)9

1. Introduction

This progress report describes the work carried out by the Commission in the first semester of 2008 on the development of the second generation Schengen Information System (SIS II). It is presented to the Council and the European Parliament in accordance with Article 6 of Regulation (EC) No 2424/2001 of 6 December 2001 [1] on the development of the second generation Schengen Information System (SIS II). This report also constitutes a status test report as foreseen by Council Regulation (EC) No 189/2008 and Council Decision 2008/173/EC on the tests of the second generation Schengen Information System (SIS II).

The SIS II Project is divided into three phases. Phase 1 was concerned with system design and was completed prior to this reporting period. Phase 2 deals with development and testing of the Central System which is a significant part of the current work load, and is likely to be completed by the end of 2008. Phase 3 addresses final test and migration activities from the currently used SIS 1+ to SIS II. The preparatory work for migration is already underway. In order to provide a complete picture of the range of activities associated with the SIS II project, this report also addresses potential risks, financial, operational and project management.

2. Project Status

2.1. Progress during the period under review

2.1.1. Global SIS II Schedule:

Following the successful implementation of SISone4ALL and the subsequent lifting of borders of the new Member States, the JHA Council in February 2008 concluded that SIS II should be re-scheduled in such a way that the Council can anticipate the start of SIS II operations by September 2009. In the early months of this reporting period the Commission services, in very close co operation with the Member States experts and the 'Friends of SIS II' [2], focussed on revising the SIS II schedule.

During the preparation of this timetable, a number of open issues related to SIS II schedule were identified as potentially time consuming and / or implied other significant risks, examples include:

– development of a converter for migration from SIS 1+ to SIS II;

– migration during the holiday season ;

– use of external contractors.

These and other issues were comprehensively discussed by the 'Friends of SIS II', in the competent preparatory bodies of the Council and at the Council Meetings of April and June 2008.

2.1.2. Preparations for Migration:

2.1.2.1. Migration Schedule and Legal Instruments

The Commission (with the participation of SIS1+ countries) will ensure that the central elements of SIS II and the connections with national systems will have been tested and will function by the end of 2008. This is the deadline for the Commission for the completion of the development of the central elements of SIS II. However, the SIS II project goes beyond the development of these central elements. In 2009 the central SIS II will be tested in its entirety with the national applications.

The Commission presented the proposal for a Council Decision and a Council Regulation to establish the legal framework governing the migration from SIS 1+ to SIS II including final SIS II tests.

The Commission adopted on the 16th April 2008 proposals for the legal instruments on migration from the SIS 1+ environment to the SIS II technical environment which are currently discussed within the framework of the Council and of the Parliament.

2.1.2.2. Migration Schedule and Converter Specification

There is consensus on the general approach for the migration from SIS 1+ to SIS II, which is to perform a one-shot switchover of the national systems. However, the success of SISone4All requires the migration of many more Member States / users than originally planned.

The Council on 28 February 2008 confirmed a migration approach from SIS 1+ to SIS II that provides a fall-back possibility with a gradual migration to remedy unexpected problems and, for that purpose, invited the Commission to provide a converter, to be used for a very limited period of time, linking SIS 1+ and SIS II to ensure that the SIS can continue functioning in any scenario. Any Member State / user experiencing such difficulties will be expected to rectify the situation as quickly as possible.

2.1.3. Network Installation:

The SIS II project includes the provision of a wide area communications network, meeting the requirements of availability, security, geographical coverage and level of service, to enable the national and central systems to communicate [3].The Central Unit (CU) and the Backup Central Unit (BCU) have been accessible to Member States since end of 2007 and now all Member States and current users have their main sites and back-up sites connected to the s-Testa network. Switzerland connected on 3 June 2008 to the s-Testa network.

2.1.4. Testing Central SIS II:

The System Solution Test (SST) was designed to verify that the Central SIS II on the central site is compliant with the technical specification. These tests, conducted without national systems, were completed in December 2007, and accepted in early 2008.

2.1.5. Test involving Member States:

There are currently three types of testing being undertaken with the participation of Member States / users. The Connectivity Test checks the ability of the SIS II National System to connect to the SIS II Central System. The Compliance Test checks the interaction between the SIS II National System and the SIS II Central system separately, based on a set of pre-defined test cases agreed with the Member States. The national systems in each Member State may have different features e.g. (use of national copy,); therefore the set of pre defined test cases varies according to the MS profile. Operational System Test verifies that the Central System can operate with a set of connected national systems. This stage of testing involves actual Member States and users, instead of simulators. To date these tests are proceeding according to plan, although some adjustments to the detailed schedule had to be made.

2.1.5.1. Connectivity Test (ICT)

The Connectivity Tests checks the ability of the SIS II National Systems to connect to the SIS II Central System.

As of 30th June 2008 the state of play was as shown below:

The following twenty four Member States and users had completed the Informal Connectivity Tests:

AT, DE, PT, LU, EL, IT, SI, SK, IS, FI, NO, HU, NL, CZ, LT, DK, ES, CY, SE, BE, PL, EE, MT, LV

The following five Member States and users were in the process of conducting the Connectivity Tests:

Eurojust, Europol, FR, IE, UK

The following users had not yet started the Informal Connectivity Tests:

CH

2.1.5.2. Compliance Test (CT)

Compliance Test checks the interactions between the SIS II National System and the SIS II Central System for each national system separately, based on a set of pre-defined test cases agreed with the Member States. The national systems in each Member State may have different features e.g. (use of national copy, handling of biometrics); therefore the set of pre defined test cases varies according to the MS profile.

Eighteen Member States are currently participating in the Compliance Test:

The first group consisting of eleven Member States ( SE, NO, PT, IT, FI, HU, EL, NL, CY, DE, AT) have to a large degree completed compliance testing.

The second group consisting of the following seven Member States (DK, LT, EE, ES, IS, LU, LV) have recently commenced Compliance Testing and those remaining are scheduled to commence this task shortly. The target completion date for all Member States is October 2008.

2.1.5.3. Operational Systems Test (OST).

The Operational Systems Test (OST) tests the Central System with a set of connected national systems. This stage of testing involves actual Member States and users, instead of simulators. The objective of OST is to ensure that the Central System meets the functional and technical requirements when using the real system. The OST phase commenced, on 21st May 2008. There are nine Member States / Users (AT, CY, DE, IT, NL, PT, SE, EL, NO) participating in OST functional test. The required number of Member States to conduct this test phase was six. Although the OST is scheduled to be completed at the end of August 2008, concerns about the stability of the central system are becoming apparent

2.1.6. Operational Management:

The preparations for operational management remain on track taking into account the synergies between SIS and VIS management. Various SIS II service contracts are yet to be completed with the national authorities hosting the main system (France) and the business continuity system (Austria) for a transitional period until the long-term management of SIS II is established. The second contract with France concerning provision of staff at the central site and training of staff in SIS II operations has been signed and negotiations on the third contract concerning activities to be carried out by the French authorities in the run up to go-live will commence shortly.

An operational management steering group (Commission-France-Main Development Contractor) was established in March 2008 and met three times during this reporting period in order to address any issues that arise and to ensure that the operational management preparations are on schedule. A blueprint for operational management organisation has also been commissioned – assessing the current organisational setup in Strasbourg and the desired organisational setup for SIS II and VIS.

3. Management

3.1. Project Management

3.1.1. Scheduling:

The complete SIS II Schedule was endorsed by the Council on 5 June 2008.

3.1.2. Risks:

At the meeting of the 'Friends of SIS II' it was noted that the schedule contains two major risks: first, the start of the phase where all the functionalities of the central system are tested together with the national systems, when errors could still exist at central and national levels; and second, an additional version of the technical specifications is not foreseen in 2009 before the start of the migration phase. The Commission wholly acknowledges this risk analysis.

3.1.3. Project Management Board:

In addition to Commission services and the project contractors, representatives of the German, Portuguese, Slovenian and French Presidencies as well as a representative of the C.SIS are invited to participate in the Project Management Board. This group addresses contract issues and monitors project deliverables and milestones. This board met four times during the period covered by this report.

3.1.4. Financial Management:

The total appropriations for SIS II activities provided for in the 2008 General Budget amount to €26,620,000. A financing decision with a total budget of € 19,000,000 for SIS II (operating expenditure of the Schengen Information System and other operating expenditure which may result from this incorporation) and € 7,620,000 for SIS 1+ (installation of a communication infrastructure for SIS 1+ and operation and management of a communication infrastructure for SIS 1+) was adopted by the Commission on 21 December 2007.

As the budget of 7,620,000 for SIS 1+ will not be used for this activity which has been taken over by the Council at the beginning of 2008, the amount has been transferred to SIS II for additional activities requested by the Council.

The other main components of SIS II expenditure during 2008 are preparations for operational management, training and tools, network, handover preparation of source code knowledge, preparations for operational management - contracts with France and Austria, external assistance for development and quality control, changes to SIS II, studies, legal consultancy services, information campaign, installation, operation and management of a communication infrastructure for the SIS environment. 54,60 % of the total SIS II appropriations have been committed and payments corresponding to 27,31 % of payment appropriations have been made.

3.2. Meetings

The SIS II project involves both the Commission and the Member States and can only be achieved if the SIS II national systems are developed and connected on time. Regular meetings and reporting mechanisms are fundamental constituents for effective project management, but progress will depend on transparent reporting of Member States about any problems they encounter nationally.

3.2.1. SIS II Committee meetings:

The Commission is assisted in the development of SIS II by the SIS II Committee. There were four meetings of the SIS II Committee in the period January – June 2008.

In addition to regular SIS II Committee meetings, meetings with Member States’ experts are organised to discuss detailed technical issues. These meetings generally focus on issues arising from specific project deliverables.

– The "Test Advisory Group" (TAG), provides the SIS II Committee with an opinion on issues relating to the organisation, implementation and interpretation of tests. This group held twenty four meetings in this reporting period.

– The "Change Management Board" (CMB), provides advice on classification, qualification and the potential impact of correction of reported issues. This working group, which also reports to the SIS II Committee, met five times during the reporting period.

– The Migration Working Group, established by the SIS II Committee in October 2007, was entrusted with the development of a coherent strategy and high level plan for the timely preparation and execution of migration from SIS 1+ to SIS II, including a risk analysis and contingency plan. The mandate for the Migration Working Group ended in December 2007. Seven Migration Workshops have been held to continue the activity on this critical topic.

3.2.2. National Planning and Coordination:

A Working Group composed of the Member States’ national project managers (NPM) is organised within the framework of the SIS II Committee. The purpose of these NPM meetings is to deal with detailed planning issues, risks and activities both at the central and national project levels. During this reporting period four NPM meetings have taken place.

Member States have been asked to submit monthly reports, with a view to providing a detailed update on the state of development. There are still some Member States whose state of development of national system is unknown which may impact on the completion of the SIS II test. The January 2008 NPM meeting took place in Strasbourg and Member States' representatives visited the main site that will host the central SIS II.

3.2.3. Council Meetings:

Commission services take part in the meetings of the Council Working parties responsible for the Schengen Information System, presenting them with an oral report on the progress of the SIS II project and the associated risks on a monthly basis. The Commission services also provide a monthly written report to the SIS II Committee on the SIS II project covering progress with the project and risks.

The state of play of SIS II project was presented at the JHA Councils of 28/29 February 2008, 17/18 April 2008 and on 05/06 June 2008 and at all meetings of the Committee Article 36 of the EU Treaty.

4. Priorities for the Next Reporting Period

4.1. Testing

Assuring all aspects of SIS II are sufficiently robust and effective requires extensive testing.

Similar to this reporting period, testing will remain a high priority in terms of effort and workload for the second half of 2008.

4.1.1. Provisional System Acceptance Test (PSAT):

The PSAT is a contractual milestone that will lead to the Provisional Systems Acceptance of the Central SIS II. Its aim is to show that the SIS II can handle the load of at least 15 Member States with performance within agreed limits.

The preparations for the PSAT have formally started with a presentation at the June NPM meeting and a formal meeting with the member states held on 18 June 2008. In this last meeting, the preparations for the planning for the PSAT were discussed in detail with a view of producing the necessary documentation and procedures that will be required for the execution of the test. This process will carry on over the next few months and will be finalised in September 2008.

4.1.2. Global Test Preparations (GT):

The aim of the GT is to test the whole of the SIS II, that is the Central and the National systems and applications, to check whether the performance is at least equivalent to that of SIS 1+. Technical discussions are under way as to how the test results can be best evaluated.

4.2. Migration Development

The development of the converter for migration will take place during the next reporting period. Member States have agreed to provide the key technical details of SIS 1+ to support this activity.

4.3. Operational Management

Negotiations on the second contract with Austria, dealing with training and other services before go live, and fulfilling of the Backup Central Unit Administrator profile in Salzburg by France will be the subject of a future meeting between the Commission, France and Austria.

Member State experts will be consulted on the level of service they expect to be provided in order for the Commission to finalise arrangements well in advance of go-live date.

Proposals by Main Development Contractor (MDC), on the IT service management plan, covering matters such as the required profiles, skills staffing levels and organisational units for SIS II staff on the central sites will be submitted to the Commission in early July 2008.

4.4. Security and Data Protection

Preparations are ongoing for a joint visit of EDPS [4] staff and Commission services to the Support Operation Centre for the network in Bratislava. This will take place in October 2008.

Bilateral meetings with EDPS staff and the Commission services take place on a regular basis to discuss issues related to SIS II. In the coming months, the Commission will prepare for the EDPS inspection of the Strasbourg central facility; this is envisaged prior to the first transfer of personal data to the SIS II central system.

5. Conclusions

The development phase of the SIS II project remains a challenging task. Tests to ensure the connectivity and compliance between the Central SIS II with the national SIS systems have commenced. The key challenges at this point are to ensure the timely development of the converter for migration and the continuation of the various testing regimes.

[1] OJ L 328, 13 December 2001, modified by Council Regulation N° 1988/2006, OJ L 411/1 of 30.12.2006 (the modifications in the 2006 regulation do not concern Article 6).

[2] The Council established in February 2008 the Group 'Friends of SIS II' to follow the implementation of SIS II in the Member States. It is composed of high level representatives of Czech Republic, Germany, Spain, France, Italy, the Netherlands, Austria, Poland, Portugal, Slovenia, Finland, Sweden and Norway.

[3] The necessary arrangements for the use of the encryption box for SIS II have to be completed.

[4] European Data Protection Supervisor

--------------------------------------------------