9/2011 Sb.
DECREE
of 10 June 1999. January 1, 2011,
laying down more detailed terms relating to electronic
tools and acts by electronic means in public procurement
and details regarding the certificate of compliance
Ministry for regional development, establishes, pursuant to § 159 paragraph. 3 of Act No.
137/2006 Coll., on public procurement, as amended by Act No. 179/2010 Coll.
(hereinafter referred to as the "Act") to implement section 149 paragraph. 8 and 9 of the Act:
PART THE FIRST
GENERAL PROVISIONS
§ 1
The subject of the edit
This Decree regulates the
and conditions relating to) more detailed electronic tools and operations
made by electronic means in public procurement,
(b)) the details concerning the conditions for the issuance of the certificate of compliance, data
in the certificate of conformity and the validity of the certificate of conformity.
§ 2
Definition of terms
For the purposes of this Ordinance, means the
and the public key of the contracting authority) unique electronic data that
uniquely correspond to the private key of the contracting authority and the supplier
to encrypt the contents of the menu under this Ordinance,
(b)) the private key of the sponsor unique electronic data that
uniquely correspond to the public key of the contracting authority and the contracting authority for its use
odšifrování menu content under this Ordinance,
(c) public key certificate) data message ^ 1), trusted
in a way it connects the public key of the contracting authority, the contracting authority is used to
to carry the public key and can be used to authenticate the identity of the
the contracting authority and its website address,
d) electronic Act in the tender Act of the acting person
carried out by means of electronic tools
e) operational parameters set of requirements related to the functional
characteristics of the electronic tools and to the environment in which it is
electronic tool is operated, arising from annex of this order,
(f) a summary of the functional properties of functionality) that electronic
the tool has,
g) conditions under which environment is an electronic tool is operated,
(h) the operator of an electronic instrument) natural or legal person,
that specifies the operational parameters and ensures operation of the electronic
the tools through which are or are to be carried out
electronic acts for the purpose of awarding public contracts or for the purpose of
get the proposal in the competition for the design that meets the requirements set out
the law and the provisions of this Decree,
I) by the applicant, the operator asks for the conformity assessment and the award of
the certificate of conformity,
j) unencrypted data message data message that does not
transmitted are hidden such as encryption and are directly readable,
to encrypted data message) data message in which they are transmitted
data hidden by using encryption and so are not directly readable,
l) time to record the date and time information of the electronic act with
indicating hours, minutes, and seconds
m) certification audit process of attestation of conformity the electronic tools
carried out conformity assessment body accredited by the national
accreditation body on the basis of other legislation ^ 2) (hereinafter referred to as
"certification authority"),
n) certification rules, a summary of the terms and conditions laid down by the
the certification body,
about) the announcement of the notice of initiation of the procurement procedure, the preliminary
notice, periodic indicative notice, the notice of design contest,
notification of the outcome of the procurement procedure, a notice of cancellation of contract
control or design contests or other information, which shall be published in the
the information system on public procurement, where appropriate, in the official journal of the
The European Union,
p) asset any component of the electronic tools and operational
environment, including resources that is necessary for the operation of the electronic
tools in the intended scope.
PART TWO
ELECTRONIC ACTS AND ELECTRONIC TOOLS
§ 3
General requirements for implementing electronic operations when entering
public procurement
In a tender procedure, the contracting authority shall designate the person authorized, which are behind the
the contracting authority authorized to do under this procedure, electronic acts, in particular,
do call for participation or to submit a tender, to provide input
documentation and additional information to confirm the receipt of tenders,
perform the opening of tenders and receive an invitation to negotiations on the menus.
§ 4
Provision of the contract documents and additional information
(1) the tender documents, which the contracting authority is provided through
electronic instruments, provides the contracting authority in the form of an unlimited
remote access to your profile or to other Internet address
pages without a prior request, or it provides upon written
the application bearing the electronic signature.
(2) if the contracting entity Provides tender documentation to unlimited remote
access to your profile or on other Internet sites without
the previous request, shall ensure that
and each could make sure) about the identity of the contracting authority and the identity of the
operator of the website in the form of a public key certificate
issued by the contracting authority or to a profile to the address of the website,
through which the contracting entity provides tender documentation,
(b)) of the specifications are protected against unauthorized modification and
(c)) of the specifications within a prescribed period can be accessed on the profile
the contracting authority or on other Internet sites.
(3) if the contracting entity Provides tender documentation on the basis of a written
request vendor shall ensure that the
and the contract documents was granted) only on the basis of validly delivered
the request of the person whose electronic signature was successfully validated,
(b)) of the specifications with an electronic signature authorized
persons of the contracting authority or contracting entity, an if
of the specifications given in the form to send to the desired
the e-mail address of the vendor, and
c) satisfy the requirements under paragraph 2, if the tender
the documentation provided in the form of an individual making tender
documentation through the profile of the contracting authority or other
the website.
(4) the provision of additional information to the entry conditions
the provisions of paragraphs 1 to 3 apply mutatis mutandis.
§ 5
Submission and opening of tenders
(1) in the contract notice or in the invitation shall be published e-mail address for
Administration menu, preliminary offers, requests to participate, in the design competition
on the design and administration of auction values (the "offer").
(2) the offer must be in order to ensure the confidentiality of data in them
contained their content encryption always protected in accordance with the requirements of
laid down in this Decree. This does not apply in the case of auction
values on the condition that it is technically in compliance with this Decree
confidentiality of the content of the menu.
(3) the sponsor shall ensure that the
and the public key specified by the contracting authority) to encrypt the content of bids
uniquely match the private key of the contracting authority,
(b)) it was not possible with reasonable efforts a public certificate
forged keys,
(c)) it was not possible with reasonable efforts to the private key
the contracting authority forged
d) private key sponsor has been secured against loss and the unauthorized
access throughout the period of validity of the corresponding certificate of public
the key.
(4) for the purpose of encrypting the content menu provides the sponsor vendors
through your profile, or other websites
or by sending a request based on a public key certificate.
(5) if it is fixed in accordance with the law, the deadline for submitting bids
the contracting authority shall ensure that the offers made to the address referred to in paragraph 1
a) before expiry of the deadline was further processed, in accordance with
This Decree and stored in an unchanged form by the time of its opening;
at the same time will be sent to the supplier, at his e-mail address notification
on its arrival and
(b)) after the deadline was marked as unacceptable; in
this case will be sent to the supplier, at his e-mail address
notice of this fact.
(6) the offer must be fitted with recording time information pursuant to §
7.
(7) following the submission of the bid will be verified the validity of the electronic signature.
the vendor and the result of the verification is recorded to the Inbox menu.
(8) the sponsor or the person entitled to the opening of tenders shall ensure
odšifrování the contents of the menus using the private key of the contracting authority.
(9) the sponsor shall ensure that the odšifrování and the opening of the tenders with the use of
the private key of the contracting authority are carried out by authorised persons, so that the
odšifrování or open) was performed with the participation of two or
multiple beneficiaries,
(b)) it was not possible to use the private key of the contracting authority to odšifrování menu bar
in any other way than with the participation of the beneficiaries.
(10) the operator shall ensure that the electronic tool did not allow
odšifrování and open the menu before the deadline to
opening. Time to odšifrování and open the menu must be in accordance with § 6
recorded.
(11) electronic offer, after its opening, reading, assessment, or
reviews must, together with the record of the validation of the electronic
the signature of the sponsor to remain in an encrypted form in which it was
delivered to the contracting authority. This does not affect the possibility for the contracting authority to keep next to the
It also quotes saved in odšifrované format.
§ 6
Keeping records on electronic acts
(1) on the electronic acts and any other activities
the contracting authority shall keep records of the electronic tools. Part of this
evidence must be at least
and the electronic document or) identification of further activities of the electronic
Tools,
(b) the time when the electronic Act) or activities referred to the nearest
on the second,
(c)) the identifier of the person who carried out the Act or operation of electronic
electronic tools launched
(d) a record of any error) the result of an electronic document or other
the activities of the electronic tools.
(2) in addition to the records referred to in paragraph 1 must be recorded and information about
the system status of the electronic instruments referred to in subparagraphs (b) and (c)))
putting time information under section 7. The system state is a State in
where at any given time or interval is an electronic tool,
and that corresponds to one of three possible values
and in operation)
(b)), the
(c) non-functionality to implement restrictions) electronic acts,
otherwise through the electronic tools to implement
can be.
(3) all the particulars referred to in paragraphs 1 and 2 shall be protected against
unauthorized access, alteration and destruction.
§ 7
The recording time information
(1) time information must be provided by the operating system-
the source reproducing the world coordinated time UTC, for example, the State
standard time and frequency, or by using the global system receiver
positioning (GPS).
(2) to sync time measured by the operating system referred to in paragraph 1 with the
coordinated universal time is carried out at least once every 24 hours in
during the procedure.
(3) to sync under paragraph 2 shall be ensured even in the event
the occurrence of leap seconds.
PART THREE
CERTIFICATION OF CONFORMITY OF ELECTRONIC TOOLS
§ 8
The certificate of conformity
(1) the conformity of electronic tools will be assessed in terms of functionality
electronic tools, and from the viewpoint of the environment in which it is
electronic tool is operated. The detailed requirements relating to the
functional properties of electronic tools and the environment in which the
be an electronic tool is operated are set out in the annex to this
the Decree.
(2) for the purposes of conformity assessment of the functionality of the electronic tools
are electronic acts divided into
and electronic acts not involving) transmission and receipt of tenders
1. sending and receiving data messages,
2. electronic acts of the contracting authority, without sending the data message,
3. the acts of the contracting authority or body designated by the contracting authority (the Commission) with
supplier means enabling remote access,
4. provision of documents via remote access,
b) electronic acts of the transmission and reception of tenders.
(3) the certificate of conformity shall contain at least the following information:
a) trade name or name, address, legal status, identification number
the person has been granted in respect of a legal person, and business
company or name and surname, place of business or place of residence
stay, the identification number of the person, if any, with regard to the
a natural person, the certification authority that issued the certificate of compliance
(b)) trade name or name, registered office and legal form of the operator,
in the case of a legal person,
c) name and surname or business name, and place of business
where appropriate, the place of domicile of the operator, if it is a natural
person,
(d) the identification number of the person) of the operator has been assigned,
(e) the trade name and version) of the electronic tools
(f) electronic group) putting the tasks broken down in accordance with paragraph 2, for the
electronic tool was certified in accordance with the requirements
laid down by this Decree, and electronic acts in the framework of this
the group,
g) date of issue of the certificate of conformity,
(h) the period of validity of the certificate of compliance) and
I) the signature of the person authorized to act for the certification authority.
(4) a certificate of compliance can be issued in paper form or in
electronic form with a valid electronic signature of the person authorized
Act on behalf of or for the certification authority.
(5) a certificate of compliance is issued in the Czech language.
(6) if the operator shall submit a valid certificate of conformity, attesting that the
in group scope of electronic transactions and data contained in the certificate
compliance meets it operated an electronic tool requirements laid down
the law and the provisions of this Decree.
(7) if it is an electronic tool operated by a person other than
by an applicant who has demonstrated compliance and has a valid certificate of conformity,
can for such an electronic tool that other person to prove
compliance with the requirements laid down by the legislation of the present valid
certificate of conformity of that other provider. In this case,
electronic tool meets the range of electronic operations group
referred to in the certificate of conformity the requirements laid down by the law on the functional
the properties of electronic tools. The presentation of a certificate of compliance
another operator, however, unable to demonstrate conformity with the requirements relevant to the
the environment in which it is an electronic tool is operated.
§ 9
Details concerning the conditions for the issue of certificate of conformity
(1) an application for the issue of the certificate of conformity the applicant served a certification
authority. The applicant shall demonstrate in the application and the subsequent certification audit
the conformity of electronic tools with the requirements of the legislation of the
in relation to the functionality of the electronic tools and in relation to the
the environment in which is an electronic tool is operated. The conformity of the
the electronic tools provided by the applicant, if the electronic tool
meets at least the requirements set out in the annex to this Decree.
(2) If an electronic tool has a valid certificate of conformity in respect of the
functionality and is operated by a person other than the applicant, which was
certificate of conformity has been issued by that other person as demonstrated by the applicant
only meet the requirements of the certification body in relation to the operational
the environment in which is an electronic tool is operated, as defined in annex
of this order.
(3) an application for a certificate of compliance must meet at least
the requirements set out in section 10. In the case referred to in paragraph 2 shall be
the annex to the application for issue of the certificate of conformity, a valid certificate of conformity,
that was for an electronic tool is issued. The certification authority shall issue
certificate of conformity for the electronic tool, if a match was found
electronic tools with the requirements set out in the annex to this Decree,
and to the extent established consensus. The certification authority is not authorised to issue
certificate of conformity for the electronic tool beyond the applications submitted
issue of the certificate of conformity.
(4) the detailed rules shall provide the certification authority certificate.
Certification rules must, having regard to the different types of certificates
of conformity contain at least
and the address for the submission of applications) on the issue of the certificate of conformity,
(b) the substantive and formal requirements) application for issue of the certificate of conformity,
(c) a description of each step) certification audit
(d)), the time demands of certification audit
(e) the substantive and formal requirements) output of the certification audit,
f) price list of rewards for acts by the certification body, which will
contain at least
1. the amount of remuneration for performing the certification audit,
2. the amount of remuneration for performing the certification audit on the extension of the
the validity of the certificate of conformity certifying compliance with the requirements of
on the environment pursuant to section 11 (1) 1,
3. the amount of remuneration for a change in the certificate as a result of changes to properties or
the terms of the electronic tools according to § 11 para. 2,
4. the amount of remuneration for a change in the scope of the certificate of conformity according to § 11 para. 4 and
5. the amount of remuneration in the event that the certification body will follow
§ 11 (1) 3,
g) remedial measures.
(5) the certification rules is obliged to publish the certification body
its website.
§ 10
The minimum requirements for an application for the issue of certificate of conformity
(1) the request for the issue of the certificate of conformity, applicants shall indicate their
identification data, which are the business name or the name, registered office,
the legal form, the identification number, if any, with regard to the
legal person, and the business name or name and surname, place of
business, or place of residence, ID number,
If it was assigned, as a natural person.
(2) in the event that the applicant for the issue of the certificate of conformity is a person who
is not the manufacturer of electronic tools, the applicant in the application for the issue of
the certificate of conformity, the manufacturer identification data, which are the business
company or name, address, legal form, the identification number, if
granted, if it is a legal entity, and the business name or name and
last name, place of business or place of residence,
the identification number, if any, in respect of a natural person.
(3) the request for the issue of a certificate of compliance indicating the applicant business
marking and electronic instrument and the version in accordance with § 8
the group or groups to which the electronic tool falls, and enumeration
electronic transactions within this group, the electronic tool
provides.
§ 11
The validity of the certificates of conformity
(1) unless otherwise provided, the operator provides proof
the certifying authority for compliance with the requirements of the electronic tools
the functional properties of the computerised tools has
a certificate of conformity in the group scope of electronic transactions and data
referred to in the certificate of compliance that relate to functional properties
electronic tools, unlimited validity. If the operator
the certification body also proves the conformity of electronic instruments with
requirements on the environment in which it is or is about to be an electronic
the tool is operated, has a certificate of conformity in the scope of the data referred to in
the certificate of conformity, which relate to the production environment, force 3
years from the date of its issue. The expiration of the said period shall not affect the validity of the
the certificate of compliance to the extent data relating to functional properties
electronic tools. The validity of the certificate of conformity certifying
compliance with the requirements of the environment is possible on request
the operator may be extended by a further 3 years, even repeatedly.
(2) if there is a change in the properties or conditions of service of the electronic
compared to the characteristics of the tool, or the conditions of operation of the electronic
instruments, on the basis of which the certificate of conformity issued, and this change
could result in consequence if compliance with the requirements laid down
legislation in the specified range, the operator shall, within 15
days from the date of the change, notify the certification
authority and at the same time submit a proposal for measures to remedy. Otherwise,
the certification authority shall withdraw the certificate of conformity, or changes its range,
If this change the properties or conditions of service of the electronic tools
allows you to.
(3) a certification authority withdraws or amends a certificate of conformity in
If the operator
and conditions for the issue) does not meet the certificate of compliance, or
(b)) was used as a basis for issue of the certificate of conformity of documents or
information that proved untrue or incomplete.
(4) the applicant is entitled to submit a proposal to amend the scope of the certificate of compliance.
In this case the operator shall demonstrate to the certification body only
compliance with the requirements to which the modification is applied.
(5) the applicant shall be entitled to surrender the certificate of compliance. Waiver of
the certificate of conformity is required to notify in writing the applicant certification
authority.
PART FOUR
FINAL PROVISIONS
§ 12
Regulation (EEC)
Decree 329/2006 Coll. laying down more detailed requirements on the
electronic means, electronic instruments and electronic acts in the
public procurement, is hereby repealed.
section 13 of the
The effectiveness of the
This Decree shall take effect on the date of its publication.
Minister:
Ing. Jankovský in r.
Annex
SPECIFICATION OF REQUIREMENTS FOR PROOF OF CONFORMITY OF ELECTRONIC TOOLS
I. list of abbreviations
------------------- ------------------------------------------------------
ČSN EN ISO 9001 Czech technical standard-management systems
quality-requirements
------------------- ------------------------------------------------------
EN/IEC 27001 Czech technical standard-information technology-
Safety equipment-Systems Management
information security-requirements
------------------- ------------------------------------------------------
EU European Union
------------------- ------------------------------------------------------
GPS global positioning system
------------------- ------------------------------------------------------
The IETF Internet Engineering Task Force, "the Commission
the art of the Internet ".
------------------- ------------------------------------------------------
Is VZ-information system on public procurement-
uveřejňovací subsystem
------------------- ------------------------------------------------------
A negotiated procedure with the publication of JŘSU
------------------- ------------------------------------------------------
OJS eSender Official Journal Supplement. Official Journal of the EU
(i.e. the European uveřejňovací instead).
------------------- ------------------------------------------------------
The Publications Office (OPOCE) of the European Union
------------------- ------------------------------------------------------
PDF/A, the ISO 19005 Portable Document Format/Archive. Archive
Version PDF format defined by the ISO standard 19005
------------------- ------------------------------------------------------
SD competitive dialogue
------------------- ------------------------------------------------------
The OFFICE for the Office for the protection of competition
------------------- ------------------------------------------------------
UŘ restricted procedures
------------------- ------------------------------------------------------
UTC Coordinated Universal Time, coordinated
world time
------------------- ------------------------------------------------------
ZD of the specifications
------------------- ------------------------------------------------------
AWD Act No. 137/2006 Coll., on public procurement,
as amended
------------------- ------------------------------------------------------
II. Introductory provisions
1.
The subject of the
Specification of requirements for proof of conformity of electronic tools
(hereinafter referred to as "the standard") defines how to demonstrate compliance of electronic
the instruments with the requirements established in the AWD and its implementation
Regulations (hereinafter referred to as "legal requirements").
1.1 electronic management system tools and related requirements
The requirements contained in this standard are applied to
1. the introduction of an electronic management system tools to
electronic tool created and operated in accordance with the legislative
requirements and
2. certification of the conformity of electronic tools, IE. conformity of management system
electronic tools with legislative requirements.
The operator shall demonstrate the conformity of electronic tools with legislative
requirements, if he proves that the requirements in relation to
1. the electronic tools and functionality
2. the environment in which it is an electronic tool is operated.
The management system of electronic tools is shown in the following
the schema.
Schema I. e-management system tools
Legend to the schema
Individual requests related to the electronic control system
the tools are described in this standard the following way
1. requirements for electronic instrument (IE. the legislative and technical
requirements for the functionality of the electronic tools)-technical
requirements, see Chapter 2. This standard,
2. requirements for the management of resources (production environment and human resources)
in connection with the operation of the electronic tools-see Title 3. This
the standard,
3. system requirements for electronic tool-see Chapter 4. This
standard.
1.2 Scope of certification of conformity of electronic tools in relation to the scope of the
functionality
The operator of electronic tools can apply for certification
electronic tools for the following groups of electronic operations
1. acts not involving the transfer and receipt of tenders:
and) sending and receiving data messages,
(b) electronic acts of the contracting authority) without sending the data message,
(c) the conduct of the contracting authority or authority) designated by the contracting authority (the Commission) with
supplier means enabling remote access,
(d) provision of documents via remote access).
2. the acts of transmission and receipt of tenders.
In relation to the procurement procedures laid down in the AWD with the certification of conformity
electronic instruments applicable to
1. procurement procedures within the meaning of paragraph 21 of AWDS,
2. special procedures in the procurement procedure to the extent the provisions of § 89 up section
AWD 97 and
3. competition for a design within the meaning of paragraph 102 et seq. The AWD.
The scope of certification of conformity of electronic tools in relation to the scope of the
the functionality of the electronic tools is shown in the diagram (II).
"The certification e-tool in relation to the scope of its
functionality ". Certification will always be carried out for the Group
electronic acts of which the contracting authority shall state in the application for the issue of
the certificate.
Scheme II. Certification e-tool in relation to the scope of its
functionality
1.3 What are the requirements the operator must Meet the electronic tools
to demonstrate, for the purposes of certification
To obtain a certificate of compliance, the operator of electronic tools
demonstrate compliance with
1. General legislative requirements, no matter what
a group of electronic operations the operator applies for the issue of a certificate
conformity,
2. specific legislative requirements, and to the extent laid down for
the Group of electronic acts, for which the operator is asking for
issue of the certificate of conformity,
3. the requirements for the management of resources, regardless of what group
electronic operations the operator asks about the issue of the certificate of conformity and the
4. system requirements, regardless of what group
electronic operations the operator asks for the issue of certificate of conformity.
III. Requirements for electronic instruments
2.
Technical requirements
Technical requirements represent the minimum level, you must
electronic tool. The operator can arrange the fulfillment
individual requirements of technical-technologically advanced
solution/measures. Verification of conformity of electronic tools will be
the certification body is carried out in the area of compliance with technical requirements
According to the specifications mentioned in the following chapters, with
accepted even more advanced solutions/actions.
2.1 record the time the electronic Act (1)
The contracting authority shall ensure that a record of the time the electronic transaction was
carried out one of the following ways
1. record the time, obtained from the source of the time the information is connected to the
data report,
2. when carrying out the procedure from point 1. is the data message with attached
record the time the electronic signature is attached or electronic tag
or
3. record the time the connection is made to a qualified time
timestamp to the data report.
2.2 electronic recording Act (T 2)
The contracting authority shall ensure that all records of electronic acts
They included
1. the unambiguous identification of a specific action within the Organization
the contracting authority,
2. identify the person who has carried out the electronic Act in the event that
as to the action taken specific natural person and not an act carried out
automatically an electronic tool (e.g. receipt of tenders),
3. information about nonstandard result of the Act, if it happened during the
performing an action and error
4. record the time the electronic Act in section 2.1.
2.3. Control access to assets in the framework of public procurement procedures (T 3)
The sponsor shall ensure that the management of access to assets in the framework of public procurement
the procedures were carried out one of the following options
1. authentication and authorization the accessing person is based on the award
name and password. The provider must ensure that the document distribution
name and password of the acceding parties was reasonably safe
in a way,
2. authentication and authorization of the person is based on the accession
a public key certificate accessor person or
3. the authentication and authorization of the person accessing is based on other
technologies; always, however, must be a reasonably safe manner.
2.4 use of open document formats (T 4)
The contracting authority shall ensure that the format of the data messages that are exchanged
during the procurement procedures, was an open format.
2.5 Archive documentation on public order (T 5)
The sponsor shall ensure that the documentation of public order to which it is
advanced electronic signature connection required, was kept
in the data storage with controlled access. Access control must follow the
the rules in section 2.3. Electronic tool must ensure that, when
documentation storage into the data storage was connected to the documentation
a qualified timestamp.
Documentation of public order that contains confidential information, you must
be stored in the data store with controlled access. Access control
must follow the rules in section 2.3. Documentation can be stored
in its encrypted form. If the documentation is stored in an encrypted
the form, the client must safely store the private key of the contracting authority,
corresponding to the public key of the contracting authority, that the document was encrypted.
Retain the contracting authority's private key must correspond to the time of preservation
documentation.
2.6 Limited provision of secure remote access (document T
6)
The contracting authority shall ensure that a secure document that will be limited
provided remote access, was connected to the advanced electronic
signature of the document provider. The format of the document must conform to the
the requirements according to section 2.4. The document must be controlled access. Control
access to a document must follow the rules in section 2.3.
2.7 the Unlimited provision of secure remote access (document T
7)
The contracting authority shall ensure that a secure document that will be unlimited
provided remote access, was connected to the advanced electronic
signature of the document provider. The format of the document must conform to the
the requirements according to section 2.4.
2.8 providing remote access to the unlimited document (T 8)
When providing unlimited remote access document sponsor
records on electronic Act in section 2.2. The document format
must meet the requirements in section 2.4.
2.9 data messages Sent within the Organization sponsor (T 9)
The format of the data messages that are sent by the contracting authority within the Organization will be
selected according to the needs of the contracting authority. The contracting authority shall always chooses such a format,
to protect the document against unauthorized change. The electronic Protocol
used to transmit the data message would be elected according to the needs of the contracting authority.
The contracting authority will determine whether the data message will be encrypted, and determines the rules, what
the key is used for encryption.
2.10 Income data messages in the context of the Organization of the contracting authority (10)
Upon receipt of a data message, transmitted in the framework of the Organization of the contracting authority, shall
the contracting authority shall respect the format and the electronic log of incoming messages. In
the case of encrypted data message, the contracting authority shall lay down the rules specifying
whether the data message decrypted. The rules for it, whether it will be for
the data message verified the validity of the electronic signature, respectively.
brands, provides the contracting authority. Of receipt of a data message must be taken
the electronic record of the Act in section 2.2.
2.11 Submit encrypted data message bearing the electronic signature
(11)
Permissible formats outgoing data messages must be established by the contracting authority.
The format of the document must conform to the requirements in section 2.4. Electronic
the protocol used to transfer data messages, provides for the contracting authority. The recipient
a data message must provide a certificate to the sender's public key.
Data message must be encrypted with the public key of the recipient. Data
the message must have an advanced electronic signature is attached or
an electronic tag, based on a qualified system
the certificate. If the message is being sent by the contracting authority, must be made
the electronic record of the Act in section 2.2.
2.12 Send open data messages bearing the electronic signature (T
12)
Permissible formats outgoing data message provides for the contracting authority. The format of the
the document must conform to the requirements in section 2.4. Electronic
the protocol used to transfer data messages, provides for the contracting authority. Data
the message must have an advanced electronic signature is attached or
an electronic tag, based on a qualified system
the certificate. If the message is being sent by the contracting authority, must be made
the electronic record of the Act in section 2.2.
2.13 Send open data messages (13)
Permissible formats outgoing data message provides for the contracting authority. The format of the
the document must conform to the requirements in section 2.4. Electronic
the protocol used to transfer data messages provides for the contracting authority. If there is a
message is being sent by the contracting authority, must be recorded on the electronic
Act according to section 2.2.
2.14 the encrypted data message Receipt bearing the electronic signature (T
14)
When receiving data messages the client must respect the format and
electronic log of incoming messages. The contracting authority shall ensure verification
the validity of the electronic signature attached, or electronic
tags. Data message can be decrypted. The rules that determine whether a
data message is decrypted, provides for the recipient. If the message is received
by the contracting authority, must be recorded on the electronic act according to section
2.2.
If it is connected to an advanced electronic signature, the recipient must be a data
message when the advanced electronic signature is not
valid or its qualified certificate has been invalidated. If there is a
attached electronic brand, the recipient must be a data message in the
When the electronic tag is not valid or a qualified
the system certificate has been invalidated.
2.15 Income open data messages bearing the electronic signature (T
15)
When receiving data messages the client must respect the format and
electronic log of incoming messages. The contracting authority must provide verification
the validity of the electronic signature attached, or electronic
tags. If the message is accepted by the contracting authority, must be reported
the e-commerce act in section 2.2. If it is connected the guaranteed
an electronic signature, the recipient must be a data message in the case
When the advanced electronic signature is not valid or its qualified
the certificate has been invalidated. If the attached electronic brand,
the recipient must be a data message, where the electronic
the tag is not valid or a qualified certificate has been
invalidated.
2.16 Income open data messages (16)
When receiving data messages the client must respect the format and
electronic data message log. In cases where it is
data message attached the advanced electronic signature or electronic
mark, although by law nor the sponsor did not request, the recipient cannot
the data message, even in the case where an electronic signature
or electronic brand are not valid
2.17 Income and save the menu (T 5)
Upon receipt of a data message must offer the contracting authority to respect the format and
electronic log of incoming messages. The contracting authority must provide verification
the validity of the advanced electronic signature attached, respectively.
electronic tags. If it is not validated connected guaranteed
electronic signature or an electronic tag during the reception menu,
must be verified during the Act of opening the envelopes. Data message
menu must not be decrypted. The contracting authority must record the
the electronic Act in section 2.2. During the reception menu must not be
made any copies of the data messages menu.
The contracting authority shall ensure that following the receipt of a data message menu immediately
This was followed by safe storage of data messages menu. Secure storage
data messages must be done in a way that access to
encrypted, stored in the menu data store, was not possible before
the deadline for submission of tenders.
The contracting authority shall ensure that the data message has been saved in such a menu
way that was detectable by the attempt to access the saved menu before
date of opening of the tenders. When any such attempt to access the
menu before the date of opening of the tenders must be drawn up a record of the
the electronic Act in section 2.2.
2.18 the opening of tenders submitted by electronic means (T-18)
The contracting authority shall ensure that the opening of the offers submitted by electronic
resources was carried out one of the following options
1. opening of the offers made by electronic means will be done
way downstream to receive offer according to section 2.17. Access to the
encrypted menu are stored in the data store, will be made of synergies
at least two people, or even a larger number of people, if so provided by
the contracting authority, with incomplete rights of access to the saved menu. A combination of
access rights of such persons will be granted access to the saved menu.
The menu will then be decrypted with the private key of the contracting authority pertaining
the contracting authority's public key that was used to encrypt the data message
menu, or
2. the opening of the offers made by electronic means will be done
in a way, building on the reception menu, according to section 2.17. The encrypted
the data is decrypted synergies offer message people having access
the private keys belonging to the contracting authority the contracting authority public keys
that were used to encrypt the data messages menu.
2.19 the negotiations the Commission/Panel/sponsor (T-19)
The contracting authority shall ensure that the part of the record of the hearing, the Commission/Panel/
the contracting authority was a document record of discussions. Must be recorded on the
the electronic Act in section 2.2.
2.20 electronic signature document (T-20)
The contracting authority shall ensure that an electronic signature to the document was made
one of the following ways
1. the format of the document must conform to the requirements in section 2.4. Document
must be signed by electronic signature or connection guaranteed
advanced electronic tags to the document. After the connection to the electronic
signature or electronic mark of the sponsor must be recorded on the
the electronic act according to section 2.2, or
2. in the advanced electronic signature of the multilateral document will be
both sides signed a gradual exchange of messages. In this case, the contracting authority
must send a data message with the document with an attached guaranteed
electronic signature vendor in a manner according to section 2.11. Supplier
upon receipt of a data message must respect the format of the incoming message. In
If the data message is encrypted, the supplier performs its
decryption. Verifies the validity of the attached supplier guaranteed
the electronic signature. The supplier must reject the message in the data
When the advanced electronic signature is invalid or its
qualified certificate has been invalidated. Furthermore, the supplier shall to
dešifrovanému document, attach your own advanced electronic signature and
send it in a data report in accordance with section 2.11. The contracting authority
receiving this message must proceed according to section 2.14. Procedure
multi-faceted e-signature can be implemented in reverse order
i.e.. First, the document shall be signed by the contractor and then passes the
the contracting authority. All of the above requirements shall apply mutatis mutandis.
2.21 Send data messages to the Web service (21)
The client application must send a message to a Web service, comply with the
the rules of communication provided for in the service. Must be recorded on the
the electronic Act in section 2.2.
2.22 the income data Web service messages (22)
The client application must when receiving messages comply with Web services
the rules of communication provided for in the service. Must be recorded on the
the electronic Act in section 2.2.
2.23 the disclosure proposal in the competition for the design competition jury (T 24)
Electronic tool to allow disclosure of the design must sponsor in
the competition for the design of the competition jury, so that for persons who are part of the
the competition jury, it was not possible on the basis of information provided by the
an electronic tool to identify the supplier, which has filed a proposal
(hereinafter referred to as "anonymization"). The anonymization of the proposal must occur after
open and decrypt the proposal. The competition jury shall make available to the contracting authority
We also design in decrypted form.
Electronic tool design must also provide to the contracting authority after the anonymization
information about the vendor that submitted the proposal.
The contracting authority shall ensure that the disclosure of the proposal in the competition for the design competition
the jury was taken by the electronic record of the Act in section 2.2.
2.24 Ensure prohibition of discrimination (T-25)
The operator must operate an electronic tool in such an environment, and
in such a way that the use of electronic tools, not
by the use of commonly unavailable or expensive technologies,
which would cause the exclusion of a supplier from participation in the award
procedures.
2.25 the disclosure of information for the use of electronic tools (T26)
Electronic tool must allow the contracting authorities to provide to suppliers,
who are interested to participate in tender procedures, available to all
information of a technical nature, including encoding and encryption,
that are necessary for communication by electronic means, in particular,
for the electronic submission of tenders and requests to participate, and it all the time
the use of electronic tools.
The contracting authority shall ensure that the disclosure of information for the use of
electronic tools was taken record of an electronic Act from
section 2.2.
2.26 to ensure technical support and service of e-tools
(T27)
The operator of electronic tools must provide technical support and
service of electronic tools, to an extent, in order to ensure
the proper operation of the electronic tools and the fulfilment of the other requirements of
This standard. Technical support and service, the operator must
of electronic tools to provide to the extent appropriate to the complexity of the
the functionality of the electronic tools.
3.
Requirements for the management of resources
The operator of an electronic instrument must specify and ensure resources
necessary for the efficient and effective operation of the electronic tools. Resources
for the purposes of this standard form
1. the environment in which it is an electronic tool is operated and which
includes the hardware, operating systems and other system software
equipment and facilities necessary to ensure the required parameters
electronic tools and
2. human resources that are necessary for the operation of the electronic
tools (management and handling) in the intended scope and for compliance with the
set out the requirements for the electronic tool. The operator
electronic instruments must specify the requirements for the management of resources
(the production environment and human resources) and its parts so that the
ensure that the electronic tool fulfils the requirements laid down in its
the operation in the production environment in the intended scope.
3.1 requirements for the environment
The operator of electronic instruments have documented way
the requirements on the environment, and in particular the hardware, software and
the spaces necessary for the operation of electronic tools in the intended
the range. Must keep records that these requirements when operating
electronic tools are being met. The range is dependent on the requirements
the complexity of the electronic tools (i.e. komptabilitě functionality).
3.2 requirements for the human resources management processes
The operator must take such measures in the field of the management of human
sources that minimize negative impact on the operation of the workers '
electronic tools in the determined range in compliance with all
specified requirements. The human resources management requirements are here
subsequently broken down as recommended and minimum. Featured management processes
human resources and their implementation shall ensure that the operator of an electronic
a more comprehensive tool management tool. For the fulfilment of the requirements of this
However, the operators of electronic tools standard is sufficient to populate the
minimum requirements for the human resources management processes. Way
the fulfillment of the following requirements must be documented and must
records exist as evidence of compliance with the requirements.
The minimum human resource management processes are defined in the following
the matrix.
Table i. structure (matrix) of the processes of human resources management
------------------- --------------------- -----------------------
PROCESSES
------------------- --------------------- -----------------------
Before the start of the work on exit During work
work with electronic with electronic
with an electronic tool or instrument, or
tool or in a production in a production
in a production environment
the electronic environment electronic
electronic tools
Tools
------------------- --------------------- -----------------------
Create a role Implementation
educational activities
------------------- ---------------------
Determination of disciplinary proceedings
the requirements for the
Support Their work
competence in the role
a worker in the role
--------------------
The provisions of the
the worker's role
and its training
------------------- ------------------- -------------------------
Editor's note. 1: Worker ' means an employee of the operator of an electronic
tools or any other person who is involved in the operation of
electronic tools.
Editor's note. 2: disciplinary proceedings means the implementation of liability for
activities involving the operation of electronic tools and the application of the
sanctions no matter whether it is a liability arising from
employment relationship or other relationship.
3.2.1 before starting to work with an electronic tool or in a production
environment of e-tools
The operator of electronic tools
1. the roles required for the operation of the electronic instruments, their
the responsibilities, powers and competence requirements,
2. define the responsibilities and the procedures to be determined by staff dating
for that role, with their responsibilities, duties and powers
3. define the responsibilities, powers and procedures of the determination of the workers
roles.
3.2.2 while working with an electronic tool or in a production environment
electronic tools
The operator of electronic tools and plans to ensure educational
activities, through which it ensures that the workers will meet the
the requirements for competence set out for its role. In
If the activities are secured by a Contracting Party, the operator
It requires the fulfillment of this requirement after the party.
The operator of electronic instruments set out the responsibilities and procedures for the
the initiation, implementation and completion of the disciplinary proceedings in case
the worker violates the obligations laid down in the operation of the electronic
Tools.
3.2.3 In their work with an electronic tool or in a production
environment of e-tools
The operator of electronic instruments set out the responsibilities and procedures for the
the proper conduct of their worker's work with an electronic tool
(including any termination of contractual relationships), which include in particular the
surrender of allocated assets and withdrawal of access rights to
the electronic instruments.
4.
System requirements for electronic tool
Through system requirements on electronic tools
ensures implementation of legislative requirements, the operator in the course of
design and development of electronic tools and after full-term
electronic tools.
4.1 requirements for information security
The operator of an electronic tool must eliminate the effects
the identified threats that may result in non-compliance with
set out the requirements for the electronic tool. Examples of structures
the threats and the resulting breakdown of the reasons requests are listed on the
the following schema. When you perform tasks in procurement procedures must
in all cases ensure the availability and integrity of transmitted and
of information processed and in the cases provided for shall be in addition
the confidentiality of such information.
Diagram III. The crucial factors affecting the fulfilment of the requirements of the
electronic tool
The availability, integrity and confidentiality must be documented
way to secure it by applying the selected procedures international
standards in the field of information security.
The operator must ensure that at least the following steps
1. determine the scope and boundaries of the electronic instruments on the basis of the assessment
its design, structure, location (site), assets and technologies,
2. define information security policies e-tools
that
and sets out the principles, policy) and the total safety management framework
information,
(b)) takes into account legal or regulatory requirements and contractual obligations
the operator of electronic tools, and sets out the criteria governing the
will be assessed the risks,
3. provide access to the operator's electronic tools risks
information security
and to identify the risk assessment methodology), which complies with the prescribed
the level of information security, legal and regulatory requirements, and
ensures reproducibility and comparability of the results,
(b)) to create criteria for the acceptance of risks and identify their
the acceptance level,
4. identify risks
and assets) to identify within the scope of electronic tools, and
their owners,
(b)) to identify threats to assets,
(c)) to identify vulnerability that could be exploited, threats
(d) to identify what impacts on) electronic tools could
have the loss of confidentiality, integrity and availability of assets,
5. analyze and evaluate the risks
6. identify and provide options for managing risk, which may
be
and applying appropriate measures to) eliminate or reduce the impact of risks,
(b)) and objective risk acceptance conscious provided that clearly
meet the Organization's policy and criteria for the acceptance of risks
(c) avoiding risks)
d) transferring the risks associated with the activities of the Organization to a third party,
for example. to insurance companies, vendors,
7. Select and apply various security measures for the management of
risks.
The operator of electronic tools in the context of the operation must
e-tools:
1. to monitor, review, and implement other measures
and) for early detection, processing errors
(b)) for the early identification of both successful and failed attempts to breach
safety and detection of security incidents,
(c)) to enable the management of the electronic tools to determine whether the
security activities conducted by persons responsible for, or for which they were
implemented technology, they work as expected,
(d)) to enable the detection of security events, which can cause
security incident
2. measure the effectiveness of the measures introduced to verify that they have been
met safety requirements,
3. to carry out internal audits of information security at scheduled
intervals and take effective measures to eliminate the deficiencies and
4. regularly review the adequacy and effectiveness of risk taken
measures for the management of risks, the occurrence of security incidents and
incidents, the results of internal audits and on the basis that receive
measures to improve the safety management system set
information.
4.2 requirements for document management processes
The operator of electronic tools must follow (creates, classifies,
approved, indicates, records, stores, distributes, revises, performs
changes, protects, stores and disposed of) any documents related to the
operation of electronic instruments with regard to their classification after
the entire period of their life cycle. Part of management is
a defined level of availability, integrity and confidentiality of the information in the
documents. The operator of electronic tools must create
documented procedures, which sets out the responsibilities, rules and procedures
in particular, for
1. the creation, identification and registration of documents,
2. the classification of documents,
3. the approval documents,
4. distribution of documents.
5. the treatment of documents in accordance with rules corresponding to the classification
documents,
6. ensure the timeliness of documents their revisions and updates
including repeat the approval,
7. ensure the identifikovatelnosti changes to documents and their current
the State,
8. ensure the readability and ease of identifikovatelnosti documents
9. ensure the availability of a set of documents,
10. ensure the integrity of documents
11. ensure the identification and management of documents of external origin.
Creation of documents related to the operation of the electronic tools
may be in any form (i.e. paper or electronic) and on the
any medium.
4.3 requirements for records management processes
Records as a special category of documents must be created and
maintained to provide evidence of conformity with specified requirements
the operation of electronic tools. The records shall be protected and controlled,
It must remain legible, readily identifiable and must be able to
easy to find. The measures necessary for the identification, storage, protection,
find, period of validity and the arrangement of the records must be documented.
The operator must ensure the continuity of the electronic tools version
the document and ensure the traceability requirement for each document and
record.
The creation of records related to the operation of the electronic tools
may be in any form (i.e. paper or electronic) and on the
any medium.
4.4 requirements for creating electronic tools
The operator of electronic tools must provide documented
way of objective evidence, that the development of e-tools
in accordance with the laid down requirements for design and development
electronic tools, which include the minimum requirements of this
standard and safety requirements of the processed information. Additionally, you must
keep a record of the fact that in the course of planning, design and development have been
established
1. responsibilities and powers in the design and development of the electronic
Tools,
2. suitable stages of the design and development of electronic tools (at least
design and development of electronic tools and the integration of the electronic
tools to a production environment),
3. terms and conditions for testing (validation), and validation of the electronic
the tools in each design and development stage provided for electronic
Tools.
The operator must, within a specified stages of e-tools
carry out a systematic examination of design and development, so that the
1. was evaluated on an ongoing basis the ability of electronic tools to perform
the requirements laid down,
2. all the problems have been identified in a timely fashion and could be designed
necessary measures to ensure compliance with the requirements of the electronic
tool.
The operator of electronic tools must keep records of the results and
during the testing of the electronic instrument that has been carried out,
to demonstrate that they meet specified requirements for electronic
tool.
The operator must keep records of the results of the validation process
electronic tools that have been implemented so as to ensure
electronic tool that operated in the specified environment is
Unable to meet the requirements of the specified or intended use.
Must be processed by electronic tools and user documentation
documentation related to the management of electronic tools.
The operator must maintain documentation of the source code, and that in the case that
is authorized to make changes to this source code.
4.5. Requirements for the implementation of the changes to the electronic tools
To make changes to the electronic tool applies the same requirements as
on the creation of an electronic instrument.
All changes of the electronic tools must be in accordance with the
legislative requirements and the requirements of this standard. These changes must
be identifiable, shall be documented and approved by the responsible
the person in front of their implementation.
4.6 monitoring requirements, measurement and review operation
electronic tools
The operator of electronic instruments must apply appropriate methods
monitoring and appropriate measurement specified operating
parameters of electronic tools.
Monitoring or measurement results must be recorded and analysed with
to identify the differences and their causes. The operator
electronic instruments must, immediately upon detection of differences take
effective remedial measures for the Elimination of the impact of the disagreement and the
causes. After a specified time, the operator of electronic tools
to examine whether the measures taken are effective. Differences and their causes,
the measures taken and the review of the efficiency of measures taken must be
documented.
1) Act 227/2000 Coll., on electronic signature and amending certain
other laws (the law on electronic signature), as amended
regulations.
2) Act 22/1997 Coll., on technical requirements for products and amending
and additions to certain laws, as amended.
