News :: Evaluation of ENISA
(13/06/2007) A public consultation has started on the future of ENISA, the European Network and Information Security Agency. This public consultation was announced on 1 June in a Commission Communication on the evaluation of ENISA. ENISA was established in order to enhance the capability of the Community, the Member States and consequently the business community to prevent, to address and to respond to major network and information security risks, from 14 March 2004 for an initial period of five years. The ENISA Regulation mandates an evaluation of the Agency by 17 March 2007, notably with the aim to determine whether the duration of the Agency should be extended beyond the period of five years.
The Agency was established with the main goal of “ensuring a high and effective level of network and information security within the Community, (..) in order to develop a culture of network and information security for the benefit of the citizens, consumers, enterprises and public sector organisations of the European Union, thus contributing to the smooth functioning of the internal market.”(Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency - OJ L 77, 13.3.2004, p. 1 )
In Article 25 the ENISA Regulation mandates evaluation of the Agency by the Commission before March 2007. To this end, the Commission “shall undertake the evaluation, notably to determine whether the duration of the Agency should be extended beyond the period specified in Article 27” (that is, five years). Furthermore, “the evaluation shall assess the impact of the Agency on achieving its objectives and tasks, as well as its working practices and envisage, if necessary, the appropriate proposals.”
In accordance with terms of reference agreed with the ENISA Management Board, the Commission launched an independent evaluation by an external panel of experts as the basis for the evaluation mandated in the ENISA Regulation. The scope of the external evaluation was to provide a formative assessment of the Agency’s working practices, organisation and remit and if appropriate, recommendations for improvements. As specified in the terms of reference, the external evaluation took account of the views of all relevant stakeholders.
The evaluation of the external panel of experts has produced many valuable findings on specific aspects that are critical for both the good functioning of ENISA and its impact on the situation of network and information security, in particular its internal market dimension. The Commission largely agrees with these findings that, altogether, highlight the validity of the original policy rationale and goals but underline also how the current size of the Agency and the organisation of its work do not appear to be adequate for its future challenges.
This Communication presents the findings of the external panel of experts and the recommendations of the ENISA Management Board regarding the ENISA Regulation. It also makes an appraisal of the evaluation report and launches a public consultation. The full text of the evaluation report and the document containing the recommendations of the Management Board are being forwarded to the European Parliament and the Council. The evaluation of ENISA is part of the practice of the Commission to systematically evaluate in a cycle of ex ante, intermediate and ex post, all Community activities.