LIMITED 1. Course framework 1.6.4. Holiday and overtime Learners shall not be absent for annual leave during the course. Repeated ab- sence will lead to exclusion from the course. No overtime during the course is collected. Occasionally, Saturday may be used as a training day. The training day starts at 09:00 and ends at 17:30. 1.6.5. Insurance No special insurance is provided by Frontex for learners; neither health, nor accident, etc. as this is a national responsibility. 1.6.6. National salary Frontex does not cover any national salary of participants during their partic- ipation in the course. 1.6.7. Dress code Frontex learner vests marked as ‘CIRAM student’ may be provided and they may be used for the entire duration of the course. They shall be exchanged at the end of the course, depending on the final result obtained, with stand- ard ‘CIRAM risk analyst’ vest. No other (special) uniform is required. No over- weight costs are reimbursed for flights. During official common dinners offered by the host (usually Friday evening after the course week is closed) smart cas- ual dress code is required (no tie). 1.6.8. Other requirements Learners are kindly asked to bring a laptop (Wi-Fi module ready), memory stick/external hard disk. At the end of each module, individual consultations are carried out by main trainers with every learner. As each module ends on Fri- day at 17:30 and in all situations an official dinner is offered by the host during the same day, departure from the course is established for Saturday morning. 21

LIMITED Frontex European course for CIRAM risk analysts 22

1. Course framework Common Core Curriculum 2 23

Frontex European course for CIRAM risk analysts 24

LIMITED 2. Common Core Curriculum 2. Common Core Curriculum 2.1. Risk analysis within integrated border management „„ Category   learning outcomes: „„ To explain the meaning of risk analysis generally and the meaning of inte- grated border management risk analysis particularly, including the role of CIRAM; „„ To connect the concept of integrated border management risk analysis to various legal provisions in force at EU level; „„ To justify the need for using risk analysis in border management and the importance of a common risk analysis model at EU level. 2.1.1. Introduction to risk analysis Chapter learning outcomes „„ To define the risk analysis concept in general and in border management particularly; „„ To list types of risk analysis in general and types of law enforcement-related risk analysis while highlighting the differences between them; „„ To explain risk analysis’ crucial role in border and security situation awareness; „„ To explain the added value of having harmonised procedures in risk anal- ysis at EU level; „„ To distinguish Frontex risk analysis procedures, their outcomes/similarities/ differences with other organisations with law enforcement tasks. 2.1.2. Schengen Border Code Chapter learning outcomes „„ To describe the connection between the Schengen Borders Code and risk analysis including the evolution through its amendments and supportive documents; „„ To list the CIRAM references under the Schengen Borders Code; „„ To justify the need for conducting regular and EU-compliant risk analysis for effective and cost‑efficient border management. 2.1.3. EBCG regulation Chapter learning outcomes „„ To list the main events of the historical process that led to the establish- ment of the Agency; „„ To list the main events of the historical process that led to the establish- ment of the CIRAM; 25

LIMITED Frontex European course for CIRAM risk analysts „„ To highlight the importance of CIRAM and its application in the Frontex environment; „„ To describe the meaning of ‘vulnerability assessment’ and the role of the Agency in this respect. 2.1.4. Eurosur regulation Chapter learning outcomes „„ To explain the scope and highlight the importance of the Eurosur regula- tion and its binding application at EU level, in relation to border surveillance including the benefits of a common border surveillance system at EU level; „„ To describe how risk analysis is applied; „„ To justify the risk analysis role in the Eurosur framework; „„ To explain the relevance of the information management process for an NCC operator; „„ To describe the principles, elements and concepts of information manage- ment process; „„ To describe analytical product and services, types of reports including their purpose and types of information and intelligence used in the context of Eurosur. 2.2. Intelligence cycle Category learning outcomes: „„ To explain the essential role of the intelligence cycle in the field of risk analysis; „„ To justify the broad use of the intelligence cycle by law enforcement community; „„ To describe the use of the intelligence cycle and concisely the procedure that it introduces. 2.2.1. Introduction to intelligence cycle Chapter learning outcomes „„ To describe the concept, the role and elements of the intelligence cycle; „„ To explain the meaning of information and intelligence including their features; „„ To describe the differences between information process and intelligence cycle; 26

LIMITED 2. Common Core Curriculum „„ To  define and list sources of information and sources of intelligence; „„ To describe the most common types of information (by structure/validation/ classification); „„ To describe the most common types of sources (open/official sources). 2.2.2. Tasking Chapter learning outcomes „„ To describe the meaning of tasking and its role in the intelligence cycle; „„ To divide tasks into small components based on defined rules; „„ To formulate a hypothetical running log of tasks, identify challenges and set priorities; „„ To define terms of reference and the relevance of terms of reference for risk analysis; „„ To describe the procedures required, the elements and the structure of terms of reference. 2.2.3. Collection Chapter learning outcomes „„ To recognise the fundamental role of information collection; „„ To explain the principles of data collection; „„ To identify the data eligible and the sources that could be exploited within the scope of risk analysis; „„ To examine the legitimacy and consistency of sources that could be ex- ploited within the scope of risk analysis; „„ To demonstrate the techniques for generating hypothesis; „„ To schedule the procedure, sources and time needed for the collection; „„ To identify the need and develop indicators; „„ To identify the need for security clearances; „„ To develop a collection plan based on existing techniques/rules; „„ To perform a downward progression of the analytical task through indicators. 2.2.4. Evaluation Chapter learning outcomes „„ To define the scope of evaluation within the intelligence cycle and within the analytical process; „„ To integrate the evaluation principles in the analytical procedures; „„ To distinguish between different types of evaluation; 27

LIMITED Frontex European course for CIRAM risk analysts „„ To conduct the evaluation procedures accordingly (e.g. of sources, information); „„ To  perform evaluation of sources and information within the scope of risk analysis; „„ To perform assessment of terms of reference; „„ To evaluate outcome’s impact to client’s needs; „„ To assess the added value of the risk analysis outcome in terms of novelty or insight provided. 2.2.5. Collation Chapter learning outcomes „„ To explain the meaning of ‘collation’ and its relevance for the intelligence cycle and the analytical process; „„ To justify the need for a formal and unified system of collecting information; „„ To compare available collation solutions; „„ To identify different types of data recording and retrieval systems; „„ To manage information/intelligence varying in terms of quality and quan- tity by the use of collation; „„ To implement flexibility of the collation system in order to suit to the vari- ety of the quality of data. 2.2.6. Analysis and interpretation Chapter learning outcomes „„ To define the meaning of analysis of the available information; „„ To define the meaning of interpretation of the available information; „„ To recognise the different approach among analysis and interpretation; „„ To demonstrate the pros and cons of each procedure; „„ To choose the appropriate process for each stage of analytical project; „„ To relate analysis and interpretation for a more exploratory result; „„ To apply them; „„ To distinguish the connection between concepts, values and facts; „„ To provide prediction according to solid reasoning; „„ To build better arguments and soundly based conclusions; „„ To develop probability statements; „„ To identify the interpretation methods; „„ To locate the need of logical thinking; „„ To assess the punctual approach in interpretation practise. 28

LIMITED 2. Common Core Curriculum 2.2.7. Reporting Chapter learning outcomes „„ To outline the importance of the reporting stage in the intelligence cycle; „„ To recognise the special features that reporting subject and procedure requires; „„ To list the types of reporting according to various classifications; „„ To categorise the methods of reporting according to presenting methods; „„ To describe the structure of reporting and its variations; „„ To report according to analytical requirements. 2.2.8. Dissemination Chapter learning outcomes „„ To explain the concept of ‘dissemination’ and it’s role for risk analysis; „„ To describe the dissemination options; „„ To classify products according to all related factors (e.g. recipients, sources, goal); „„ To justify the importance of handling codes; „„ To identify the relation between codes and sources used for the produc- tion of risk analysis reports; „„ To list and assess the channels used according to the classification and han- dling code of the risk analysis product. 2.2.9. Review Chapter learning outcomes „„ To explain the concept of ‘review’ and its role for risk analysis; „„ To explain the review procedure within risk analysis process; „„ To list the subjects of review; „„ To choose and make use of the methods of reviewing (oral, written). 2.2.10. Implementation Chapter learning outcomes „„ To justify the relevance of implementation for the risk analysis process; „„ To describe the intelligence cycle procedure in terms of implementation. 29

LIMITED Frontex European course for CIRAM risk analysts 2.3. Analytical toolbox Category learning outcomes „„ To make the distinction between tools and techniques; „„ To make use of analytical tools, techniques and services when developing analytical products. 2.3.1. Supporting tools Chapter learning outcomes „„ To describe the role of catalogue of available tools for analytical process; „„ To select the right tools to be attributed to analytical procedures; „„ To justify the need for tools during the CIRAM process; „„ To explain the purpose of the surveillance tools provided by the Agency; „„ To describe the purpose of various services; „„ To make a request of a service using existing tools. 2.3.2. Supporting techniques Chapter learning outcomes „„ To describe the techniques that could be used during the analytical procedures; „„ To make efficient use of supporting techniques in risk analysis process (e.g. creative thinking, predictive analysis, field based techniques). 2.4. CIRAM-based risk analysis Category learning outcomes „„ To perform CIRAM-based risk analysis. 2.4.1. CIRAM risk analysis concepts Chapter learning outcomes „„ To describe the main risk analysis concepts in line with CIRAM; „„ To identify threats, vulnerabilities, impact and risks; „„ To describe threats, vulnerabilities, impact and risks; „„ To measure threats, vulnerabilities, impact and rate risks; „„ To recommend measures based on the identified risks. 30