Feature story from Bulgaria: Protection of classified information in the Bulgarian National Audit Office
The implementation of the activities related to creating, processing of and preserving classified information and the terms and conditions for granting access to it are regulated under the Protection of Classified Information Act (PCIA), the Rules on Implementation of the Protection of Classified Information Act (RIPCIA) and the Mandatory instructions issued by the State Commission on Information Security (SCIS).
In accordance with the requirements of the RIPCIA and the Ordinance on the measures, methods and tools of physical security of classified information and the terms and conditions for their use, the SCIS has granted a certificate to the Bulgarian National Audit Office (BNAO) to establish a Classified Information Registry with a unique identification number and a classification level "Secret".
In order to guarantee the physical security of classified information, the Bulgarian National Audit Office has established a system of organizational, physical and technical measures for preventing unregulated access to materials, documents, machinery and facilities classified as state or professional secrets. This includes protection of the buildings, premises and facilities where classified information is created, processed and preserved, and control over the access to them.
With an order of the President of the Bulgarian National Audit Office, the following have been arranged:
- security zones where classified information is created, processed, preserved or provided;
- administrative zones where control over people and motor vehicles is carried out (these areas have the lowest level of security);
- control regime of entering, movement and exit from the security zone, as well as obligatory accompanying in these zones of persons without right to access or with right to access to a lower level of classification;
- control over the security and administrative zones that is carried out by the security staff;
- special storing regime of the keys from premises, security containers and other facilities used for classified information storage.
The office building of the Bulgarian National Audit Office is under continuous 24-hour surveillance carried out by a specially assigned team of security staff from the BNAO Security Directorate.
The classified information registry is backed up with technical means for protection of documents, whereby technical security systems have been set up and operating, including video surveillance, alarm system against intrusion and a fire alarm system.
In order to ensure the protection of classified information, specific rules (approved by the BNAO President) are implemented. Those include internal rules for working with classified information; internal rules for the correct assessment of the classification level, as well as its amendment or revocation, and instructions for the actions of employees of the Bulgarian National Audit Office in case of unauthorized access to classified information.
In accordance with the PCIA, the BNAO President shall approve a list of positions or tasks, for which a permission for access to classified information representing a state secret is required. The BNAO employees who are part of the approved list shall undergo a security clearance for access to information classified as "Secret", for which an extensive check is required. The check is carried out by the State Agency for National Security, which grants the authorization to access classified information.
In addition to undergoing security clearance, granting access to classified information also requires conducting specialized training for gaining knowledge, skills and experience in working with classified information.
The BNAO information security officer conducts the following trainings.
- Initial training for acquiring the mandatory minimum level of knowledge and skills for working with classified information. Before gaining access to classified information, all persons must undergo initial training in the field of protection of classified information. After completing the training, they receive a certificate.
- Ongoing training for acquiring additional knowledge in the field of protection of classified information. The training is periodically conducted on a specific topic and all persons with valid authorization to access classified information can take part in it. After completing the training participants receive a certificate.
The certificates of the BNAO employees from the completed trainings are stored in the Security Directorate and are entered in a register that is kept and stored in the same Directorate.