For An Electron. Tools And Instruments In Public Procurement

Original Language Title: o elektron. nástrojích a úkonech při zadávání veřejných zakázek

Read the untranslated law here: https://portal.gov.cz/app/zakony/download?idBiblio=73511&nr=9~2F2011~20Sb.&ft=txt

9/2011 Sb.



DECREE



of 10 June 1999. January 1, 2011,



laying down more detailed terms relating to electronic

tools and acts by electronic means in public procurement

and details regarding the certificate of compliance



Ministry for regional development, establishes, pursuant to § 159 paragraph. 3 of Act No.

137/2006 Coll., on public procurement, as amended by Act No. 179/2010 Coll.

(hereinafter referred to as the "Act") to implement section 149 paragraph. 8 and 9 of the Act:



PART THE FIRST



GENERAL PROVISIONS



§ 1



The subject of the edit



This Decree regulates the



and conditions relating to) more detailed electronic tools and operations

made by electronic means in public procurement,



(b)) the details concerning the conditions for the issuance of the certificate of compliance, data

in the certificate of conformity and the validity of the certificate of conformity.



§ 2



Definition of terms



For the purposes of this Ordinance, means the



and the public key of the contracting authority) unique electronic data that

uniquely correspond to the private key of the contracting authority and the supplier

to encrypt the contents of the menu under this Ordinance,



(b)) the private key of the sponsor unique electronic data that

uniquely correspond to the public key of the contracting authority and the contracting authority for its use

odšifrování menu content under this Ordinance,



(c) public key certificate) data message ^ 1), trusted

in a way it connects the public key of the contracting authority, the contracting authority is used to

to carry the public key and can be used to authenticate the identity of the

the contracting authority and its website address,



d) electronic Act in the tender Act of the acting person

carried out by means of electronic tools



e) operational parameters set of requirements related to the functional

characteristics of the electronic tools and to the environment in which it is

electronic tool is operated, arising from annex of this order,



(f) a summary of the functional properties of functionality) that electronic

the tool has,



g) conditions under which environment is an electronic tool is operated,



(h) the operator of an electronic instrument) natural or legal person,

that specifies the operational parameters and ensures operation of the electronic

the tools through which are or are to be carried out

electronic acts for the purpose of awarding public contracts or for the purpose of

get the proposal in the competition for the design that meets the requirements set out

the law and the provisions of this Decree,



I) by the applicant, the operator asks for the conformity assessment and the award of

the certificate of conformity,



j) unencrypted data message data message that does not

transmitted are hidden such as encryption and are directly readable,



to encrypted data message) data message in which they are transmitted

data hidden by using encryption and so are not directly readable,



l) time to record the date and time information of the electronic act with

indicating hours, minutes, and seconds



m) certification audit process of attestation of conformity the electronic tools

carried out conformity assessment body accredited by the national

accreditation body on the basis of other legislation ^ 2) (hereinafter referred to as

"certification authority"),



n) certification rules, a summary of the terms and conditions laid down by the

the certification body,



about) the announcement of the notice of initiation of the procurement procedure, the preliminary

notice, periodic indicative notice, the notice of design contest,

notification of the outcome of the procurement procedure, a notice of cancellation of contract

control or design contests or other information, which shall be published in the

the information system on public procurement, where appropriate, in the official journal of the

The European Union,



p) asset any component of the electronic tools and operational

environment, including resources that is necessary for the operation of the electronic

tools in the intended scope.



PART TWO



ELECTRONIC ACTS AND ELECTRONIC TOOLS



§ 3



General requirements for implementing electronic operations when entering

public procurement



In a tender procedure, the contracting authority shall designate the person authorized, which are behind the

the contracting authority authorized to do under this procedure, electronic acts, in particular,

do call for participation or to submit a tender, to provide input

documentation and additional information to confirm the receipt of tenders,

perform the opening of tenders and receive an invitation to negotiations on the menus.



§ 4



Provision of the contract documents and additional information



(1) the tender documents, which the contracting authority is provided through

electronic instruments, provides the contracting authority in the form of an unlimited

remote access to your profile or to other Internet address

pages without a prior request, or it provides upon written

the application bearing the electronic signature.



(2) if the contracting entity Provides tender documentation to unlimited remote

access to your profile or on other Internet sites without

the previous request, shall ensure that



and each could make sure) about the identity of the contracting authority and the identity of the

operator of the website in the form of a public key certificate

issued by the contracting authority or to a profile to the address of the website,

through which the contracting entity provides tender documentation,



(b)) of the specifications are protected against unauthorized modification and



(c)) of the specifications within a prescribed period can be accessed on the profile

the contracting authority or on other Internet sites.



(3) if the contracting entity Provides tender documentation on the basis of a written

request vendor shall ensure that the



and the contract documents was granted) only on the basis of validly delivered

the request of the person whose electronic signature was successfully validated,



(b)) of the specifications with an electronic signature authorized

persons of the contracting authority or contracting entity, an if

of the specifications given in the form to send to the desired

the e-mail address of the vendor, and



c) satisfy the requirements under paragraph 2, if the tender

the documentation provided in the form of an individual making tender

documentation through the profile of the contracting authority or other

the website.



(4) the provision of additional information to the entry conditions

the provisions of paragraphs 1 to 3 apply mutatis mutandis.



§ 5



Submission and opening of tenders



(1) in the contract notice or in the invitation shall be published e-mail address for

Administration menu, preliminary offers, requests to participate, in the design competition

on the design and administration of auction values (the "offer").



(2) the offer must be in order to ensure the confidentiality of data in them

contained their content encryption always protected in accordance with the requirements of

laid down in this Decree. This does not apply in the case of auction

values on the condition that it is technically in compliance with this Decree

confidentiality of the content of the menu.



(3) the sponsor shall ensure that the



and the public key specified by the contracting authority) to encrypt the content of bids

uniquely match the private key of the contracting authority,



(b)) it was not possible with reasonable efforts a public certificate

forged keys,



(c)) it was not possible with reasonable efforts to the private key

the contracting authority forged



d) private key sponsor has been secured against loss and the unauthorized

access throughout the period of validity of the corresponding certificate of public

the key.



(4) for the purpose of encrypting the content menu provides the sponsor vendors

through your profile, or other websites

or by sending a request based on a public key certificate.



(5) if it is fixed in accordance with the law, the deadline for submitting bids

the contracting authority shall ensure that the offers made to the address referred to in paragraph 1



a) before expiry of the deadline was further processed, in accordance with

This Decree and stored in an unchanged form by the time of its opening;

at the same time will be sent to the supplier, at his e-mail address notification

on its arrival and



(b)) after the deadline was marked as unacceptable; in

this case will be sent to the supplier, at his e-mail address

notice of this fact.



(6) the offer must be fitted with recording time information pursuant to §

7.



(7) following the submission of the bid will be verified the validity of the electronic signature.

the vendor and the result of the verification is recorded to the Inbox menu.



(8) the sponsor or the person entitled to the opening of tenders shall ensure

odšifrování the contents of the menus using the private key of the contracting authority.



(9) the sponsor shall ensure that the odšifrování and the opening of the tenders with the use of

the private key of the contracting authority are carried out by authorised persons, so that the



odšifrování or open) was performed with the participation of two or

multiple beneficiaries,



(b)) it was not possible to use the private key of the contracting authority to odšifrování menu bar

in any other way than with the participation of the beneficiaries.



(10) the operator shall ensure that the electronic tool did not allow

odšifrování and open the menu before the deadline to

opening. Time to odšifrování and open the menu must be in accordance with § 6

recorded.



(11) electronic offer, after its opening, reading, assessment, or

reviews must, together with the record of the validation of the electronic


the signature of the sponsor to remain in an encrypted form in which it was

delivered to the contracting authority. This does not affect the possibility for the contracting authority to keep next to the

It also quotes saved in odšifrované format.



§ 6



Keeping records on electronic acts



(1) on the electronic acts and any other activities

the contracting authority shall keep records of the electronic tools. Part of this

evidence must be at least



and the electronic document or) identification of further activities of the electronic

Tools,



(b) the time when the electronic Act) or activities referred to the nearest

on the second,



(c)) the identifier of the person who carried out the Act or operation of electronic

electronic tools launched



(d) a record of any error) the result of an electronic document or other

the activities of the electronic tools.



(2) in addition to the records referred to in paragraph 1 must be recorded and information about

the system status of the electronic instruments referred to in subparagraphs (b) and (c)))

putting time information under section 7. The system state is a State in

where at any given time or interval is an electronic tool,

and that corresponds to one of three possible values



and in operation)



(b)), the



(c) non-functionality to implement restrictions) electronic acts,

otherwise through the electronic tools to implement

can be.



(3) all the particulars referred to in paragraphs 1 and 2 shall be protected against

unauthorized access, alteration and destruction.



§ 7



The recording time information



(1) time information must be provided by the operating system-

the source reproducing the world coordinated time UTC, for example, the State

standard time and frequency, or by using the global system receiver

positioning (GPS).



(2) to sync time measured by the operating system referred to in paragraph 1 with the

coordinated universal time is carried out at least once every 24 hours in

during the procedure.



(3) to sync under paragraph 2 shall be ensured even in the event

the occurrence of leap seconds.



PART THREE



CERTIFICATION OF CONFORMITY OF ELECTRONIC TOOLS



§ 8



The certificate of conformity



(1) the conformity of electronic tools will be assessed in terms of functionality

electronic tools, and from the viewpoint of the environment in which it is

electronic tool is operated. The detailed requirements relating to the

functional properties of electronic tools and the environment in which the

be an electronic tool is operated are set out in the annex to this

the Decree.



(2) for the purposes of conformity assessment of the functionality of the electronic tools

are electronic acts divided into



and electronic acts not involving) transmission and receipt of tenders



1. sending and receiving data messages,



2. electronic acts of the contracting authority, without sending the data message,



3. the acts of the contracting authority or body designated by the contracting authority (the Commission) with

supplier means enabling remote access,



4. provision of documents via remote access,



b) electronic acts of the transmission and reception of tenders.



(3) the certificate of conformity shall contain at least the following information:



a) trade name or name, address, legal status, identification number

the person has been granted in respect of a legal person, and business

company or name and surname, place of business or place of residence

stay, the identification number of the person, if any, with regard to the

a natural person, the certification authority that issued the certificate of compliance



(b)) trade name or name, registered office and legal form of the operator,

in the case of a legal person,



c) name and surname or business name, and place of business

where appropriate, the place of domicile of the operator, if it is a natural

person,



(d) the identification number of the person) of the operator has been assigned,



(e) the trade name and version) of the electronic tools



(f) electronic group) putting the tasks broken down in accordance with paragraph 2, for the

electronic tool was certified in accordance with the requirements

laid down by this Decree, and electronic acts in the framework of this

the group,



g) date of issue of the certificate of conformity,



(h) the period of validity of the certificate of compliance) and



I) the signature of the person authorized to act for the certification authority.



(4) a certificate of compliance can be issued in paper form or in

electronic form with a valid electronic signature of the person authorized

Act on behalf of or for the certification authority.



(5) a certificate of compliance is issued in the Czech language.



(6) if the operator shall submit a valid certificate of conformity, attesting that the

in group scope of electronic transactions and data contained in the certificate

compliance meets it operated an electronic tool requirements laid down

the law and the provisions of this Decree.



(7) if it is an electronic tool operated by a person other than

by an applicant who has demonstrated compliance and has a valid certificate of conformity,

can for such an electronic tool that other person to prove

compliance with the requirements laid down by the legislation of the present valid

certificate of conformity of that other provider. In this case,

electronic tool meets the range of electronic operations group

referred to in the certificate of conformity the requirements laid down by the law on the functional

the properties of electronic tools. The presentation of a certificate of compliance

another operator, however, unable to demonstrate conformity with the requirements relevant to the

the environment in which it is an electronic tool is operated.



§ 9



Details concerning the conditions for the issue of certificate of conformity



(1) an application for the issue of the certificate of conformity the applicant served a certification

authority. The applicant shall demonstrate in the application and the subsequent certification audit

the conformity of electronic tools with the requirements of the legislation of the

in relation to the functionality of the electronic tools and in relation to the

the environment in which is an electronic tool is operated. The conformity of the

the electronic tools provided by the applicant, if the electronic tool

meets at least the requirements set out in the annex to this Decree.



(2) If an electronic tool has a valid certificate of conformity in respect of the

functionality and is operated by a person other than the applicant, which was

certificate of conformity has been issued by that other person as demonstrated by the applicant

only meet the requirements of the certification body in relation to the operational

the environment in which is an electronic tool is operated, as defined in annex

of this order.



(3) an application for a certificate of compliance must meet at least

the requirements set out in section 10. In the case referred to in paragraph 2 shall be

the annex to the application for issue of the certificate of conformity, a valid certificate of conformity,

that was for an electronic tool is issued. The certification authority shall issue

certificate of conformity for the electronic tool, if a match was found

electronic tools with the requirements set out in the annex to this Decree,

and to the extent established consensus. The certification authority is not authorised to issue

certificate of conformity for the electronic tool beyond the applications submitted

issue of the certificate of conformity.



(4) the detailed rules shall provide the certification authority certificate.

Certification rules must, having regard to the different types of certificates

of conformity contain at least



and the address for the submission of applications) on the issue of the certificate of conformity,



(b) the substantive and formal requirements) application for issue of the certificate of conformity,



(c) a description of each step) certification audit



(d)), the time demands of certification audit



(e) the substantive and formal requirements) output of the certification audit,



f) price list of rewards for acts by the certification body, which will

contain at least



1. the amount of remuneration for performing the certification audit,



2. the amount of remuneration for performing the certification audit on the extension of the

the validity of the certificate of conformity certifying compliance with the requirements of

on the environment pursuant to section 11 (1) 1,



3. the amount of remuneration for a change in the certificate as a result of changes to properties or

the terms of the electronic tools according to § 11 para. 2,



4. the amount of remuneration for a change in the scope of the certificate of conformity according to § 11 para. 4 and



5. the amount of remuneration in the event that the certification body will follow

§ 11 (1) 3,



g) remedial measures.



(5) the certification rules is obliged to publish the certification body

its website.



§ 10



The minimum requirements for an application for the issue of certificate of conformity



(1) the request for the issue of the certificate of conformity, applicants shall indicate their

identification data, which are the business name or the name, registered office,

the legal form, the identification number, if any, with regard to the

legal person, and the business name or name and surname, place of

business, or place of residence, ID number,

If it was assigned, as a natural person.



(2) in the event that the applicant for the issue of the certificate of conformity is a person who

is not the manufacturer of electronic tools, the applicant in the application for the issue of

the certificate of conformity, the manufacturer identification data, which are the business

company or name, address, legal form, the identification number, if

granted, if it is a legal entity, and the business name or name and

last name, place of business or place of residence,

the identification number, if any, in respect of a natural person.



(3) the request for the issue of a certificate of compliance indicating the applicant business

marking and electronic instrument and the version in accordance with § 8


the group or groups to which the electronic tool falls, and enumeration

electronic transactions within this group, the electronic tool

provides.



§ 11



The validity of the certificates of conformity



(1) unless otherwise provided, the operator provides proof

the certifying authority for compliance with the requirements of the electronic tools

the functional properties of the computerised tools has

a certificate of conformity in the group scope of electronic transactions and data

referred to in the certificate of compliance that relate to functional properties

electronic tools, unlimited validity. If the operator

the certification body also proves the conformity of electronic instruments with

requirements on the environment in which it is or is about to be an electronic

the tool is operated, has a certificate of conformity in the scope of the data referred to in

the certificate of conformity, which relate to the production environment, force 3

years from the date of its issue. The expiration of the said period shall not affect the validity of the

the certificate of compliance to the extent data relating to functional properties

electronic tools. The validity of the certificate of conformity certifying

compliance with the requirements of the environment is possible on request

the operator may be extended by a further 3 years, even repeatedly.



(2) if there is a change in the properties or conditions of service of the electronic

compared to the characteristics of the tool, or the conditions of operation of the electronic

instruments, on the basis of which the certificate of conformity issued, and this change

could result in consequence if compliance with the requirements laid down

legislation in the specified range, the operator shall, within 15

days from the date of the change, notify the certification

authority and at the same time submit a proposal for measures to remedy. Otherwise,

the certification authority shall withdraw the certificate of conformity, or changes its range,

If this change the properties or conditions of service of the electronic tools

allows you to.



(3) a certification authority withdraws or amends a certificate of conformity in

If the operator



and conditions for the issue) does not meet the certificate of compliance, or



(b)) was used as a basis for issue of the certificate of conformity of documents or

information that proved untrue or incomplete.



(4) the applicant is entitled to submit a proposal to amend the scope of the certificate of compliance.

In this case the operator shall demonstrate to the certification body only

compliance with the requirements to which the modification is applied.



(5) the applicant shall be entitled to surrender the certificate of compliance. Waiver of

the certificate of conformity is required to notify in writing the applicant certification

authority.



PART FOUR



FINAL PROVISIONS



§ 12



Regulation (EEC)



Decree 329/2006 Coll. laying down more detailed requirements on the

electronic means, electronic instruments and electronic acts in the

public procurement, is hereby repealed.



section 13 of the



The effectiveness of the



This Decree shall take effect on the date of its publication.



Minister:



Ing. Jankovský in r.



Annex



SPECIFICATION OF REQUIREMENTS FOR PROOF OF CONFORMITY OF ELECTRONIC TOOLS



I. list of abbreviations

------------------- ------------------------------------------------------

ČSN EN ISO 9001 Czech technical standard-management systems

quality-requirements

------------------- ------------------------------------------------------

EN/IEC 27001 Czech technical standard-information technology-

Safety equipment-Systems Management

information security-requirements

------------------- ------------------------------------------------------

EU European Union

------------------- ------------------------------------------------------

GPS global positioning system

------------------- ------------------------------------------------------

The IETF Internet Engineering Task Force, "the Commission

the art of the Internet ".

------------------- ------------------------------------------------------

Is VZ-information system on public procurement-

uveřejňovací subsystem

------------------- ------------------------------------------------------

A negotiated procedure with the publication of JŘSU

------------------- ------------------------------------------------------

OJS eSender Official Journal Supplement. Official Journal of the EU

(i.e. the European uveřejňovací instead).

------------------- ------------------------------------------------------

The Publications Office (OPOCE) of the European Union

------------------- ------------------------------------------------------

PDF/A, the ISO 19005 Portable Document Format/Archive. Archive

Version PDF format defined by the ISO standard 19005

------------------- ------------------------------------------------------

SD competitive dialogue

------------------- ------------------------------------------------------

The OFFICE for the Office for the protection of competition

------------------- ------------------------------------------------------

UŘ restricted procedures

------------------- ------------------------------------------------------

UTC Coordinated Universal Time, coordinated

world time

------------------- ------------------------------------------------------

ZD of the specifications

------------------- ------------------------------------------------------

AWD Act No. 137/2006 Coll., on public procurement,

as amended

------------------- ------------------------------------------------------



II. Introductory provisions



1.



The subject of the



Specification of requirements for proof of conformity of electronic tools

(hereinafter referred to as "the standard") defines how to demonstrate compliance of electronic

the instruments with the requirements established in the AWD and its implementation

Regulations (hereinafter referred to as "legal requirements").



1.1 electronic management system tools and related requirements



The requirements contained in this standard are applied to



1. the introduction of an electronic management system tools to

electronic tool created and operated in accordance with the legislative

requirements and



2. certification of the conformity of electronic tools, IE. conformity of management system

electronic tools with legislative requirements.



The operator shall demonstrate the conformity of electronic tools with legislative

requirements, if he proves that the requirements in relation to



1. the electronic tools and functionality



2. the environment in which it is an electronic tool is operated.



The management system of electronic tools is shown in the following

the schema.



Schema I. e-management system tools



Legend to the schema



Individual requests related to the electronic control system

the tools are described in this standard the following way



1. requirements for electronic instrument (IE. the legislative and technical

requirements for the functionality of the electronic tools)-technical

requirements, see Chapter 2. This standard,



2. requirements for the management of resources (production environment and human resources)

in connection with the operation of the electronic tools-see Title 3. This

the standard,



3. system requirements for electronic tool-see Chapter 4. This

standard.



1.2 Scope of certification of conformity of electronic tools in relation to the scope of the

functionality



The operator of electronic tools can apply for certification

electronic tools for the following groups of electronic operations



1. acts not involving the transfer and receipt of tenders:



and) sending and receiving data messages,



(b) electronic acts of the contracting authority) without sending the data message,



(c) the conduct of the contracting authority or authority) designated by the contracting authority (the Commission) with

supplier means enabling remote access,



(d) provision of documents via remote access).



2. the acts of transmission and receipt of tenders.



In relation to the procurement procedures laid down in the AWD with the certification of conformity

electronic instruments applicable to



1. procurement procedures within the meaning of paragraph 21 of AWDS,



2. special procedures in the procurement procedure to the extent the provisions of § 89 up section

AWD 97 and



3. competition for a design within the meaning of paragraph 102 et seq. The AWD.



The scope of certification of conformity of electronic tools in relation to the scope of the

the functionality of the electronic tools is shown in the diagram (II).

"The certification e-tool in relation to the scope of its

functionality ". Certification will always be carried out for the Group

electronic acts of which the contracting authority shall state in the application for the issue of

the certificate.



Scheme II. Certification e-tool in relation to the scope of its

functionality



1.3 What are the requirements the operator must Meet the electronic tools

to demonstrate, for the purposes of certification



To obtain a certificate of compliance, the operator of electronic tools

demonstrate compliance with



1. General legislative requirements, no matter what

a group of electronic operations the operator applies for the issue of a certificate

conformity,



2. specific legislative requirements, and to the extent laid down for

the Group of electronic acts, for which the operator is asking for

issue of the certificate of conformity,



3. the requirements for the management of resources, regardless of what group

electronic operations the operator asks about the issue of the certificate of conformity and the



4. system requirements, regardless of what group

electronic operations the operator asks for the issue of certificate of conformity.




III. Requirements for electronic instruments



2.



Technical requirements



Technical requirements represent the minimum level, you must

electronic tool. The operator can arrange the fulfillment

individual requirements of technical-technologically advanced

solution/measures. Verification of conformity of electronic tools will be

the certification body is carried out in the area of compliance with technical requirements

According to the specifications mentioned in the following chapters, with

accepted even more advanced solutions/actions.



2.1 record the time the electronic Act (1)



The contracting authority shall ensure that a record of the time the electronic transaction was

carried out one of the following ways



1. record the time, obtained from the source of the time the information is connected to the

data report,



2. when carrying out the procedure from point 1. is the data message with attached

record the time the electronic signature is attached or electronic tag

or



3. record the time the connection is made to a qualified time

timestamp to the data report.



2.2 electronic recording Act (T 2)



The contracting authority shall ensure that all records of electronic acts

They included



1. the unambiguous identification of a specific action within the Organization

the contracting authority,



2. identify the person who has carried out the electronic Act in the event that

as to the action taken specific natural person and not an act carried out

automatically an electronic tool (e.g. receipt of tenders),



3. information about nonstandard result of the Act, if it happened during the

performing an action and error



4. record the time the electronic Act in section 2.1.



2.3. Control access to assets in the framework of public procurement procedures (T 3)



The sponsor shall ensure that the management of access to assets in the framework of public procurement

the procedures were carried out one of the following options



1. authentication and authorization the accessing person is based on the award

name and password. The provider must ensure that the document distribution

name and password of the acceding parties was reasonably safe

in a way,



2. authentication and authorization of the person is based on the accession

a public key certificate accessor person or



3. the authentication and authorization of the person accessing is based on other

technologies; always, however, must be a reasonably safe manner.



2.4 use of open document formats (T 4)



The contracting authority shall ensure that the format of the data messages that are exchanged

during the procurement procedures, was an open format.



2.5 Archive documentation on public order (T 5)



The sponsor shall ensure that the documentation of public order to which it is

advanced electronic signature connection required, was kept

in the data storage with controlled access. Access control must follow the

the rules in section 2.3. Electronic tool must ensure that, when

documentation storage into the data storage was connected to the documentation

a qualified timestamp.



Documentation of public order that contains confidential information, you must

be stored in the data store with controlled access. Access control

must follow the rules in section 2.3. Documentation can be stored

in its encrypted form. If the documentation is stored in an encrypted

the form, the client must safely store the private key of the contracting authority,

corresponding to the public key of the contracting authority, that the document was encrypted.

Retain the contracting authority's private key must correspond to the time of preservation

documentation.



2.6 Limited provision of secure remote access (document T

6)



The contracting authority shall ensure that a secure document that will be limited

provided remote access, was connected to the advanced electronic

signature of the document provider. The format of the document must conform to the

the requirements according to section 2.4. The document must be controlled access. Control

access to a document must follow the rules in section 2.3.



2.7 the Unlimited provision of secure remote access (document T

7)



The contracting authority shall ensure that a secure document that will be unlimited

provided remote access, was connected to the advanced electronic

signature of the document provider. The format of the document must conform to the

the requirements according to section 2.4.



2.8 providing remote access to the unlimited document (T 8)



When providing unlimited remote access document sponsor

records on electronic Act in section 2.2. The document format

must meet the requirements in section 2.4.



2.9 data messages Sent within the Organization sponsor (T 9)



The format of the data messages that are sent by the contracting authority within the Organization will be

selected according to the needs of the contracting authority. The contracting authority shall always chooses such a format,

to protect the document against unauthorized change. The electronic Protocol

used to transmit the data message would be elected according to the needs of the contracting authority.

The contracting authority will determine whether the data message will be encrypted, and determines the rules, what

the key is used for encryption.



2.10 Income data messages in the context of the Organization of the contracting authority (10)



Upon receipt of a data message, transmitted in the framework of the Organization of the contracting authority, shall

the contracting authority shall respect the format and the electronic log of incoming messages. In

the case of encrypted data message, the contracting authority shall lay down the rules specifying

whether the data message decrypted. The rules for it, whether it will be for

the data message verified the validity of the electronic signature, respectively.

brands, provides the contracting authority. Of receipt of a data message must be taken

the electronic record of the Act in section 2.2.



2.11 Submit encrypted data message bearing the electronic signature

(11)



Permissible formats outgoing data messages must be established by the contracting authority.

The format of the document must conform to the requirements in section 2.4. Electronic

the protocol used to transfer data messages, provides for the contracting authority. The recipient

a data message must provide a certificate to the sender's public key.

Data message must be encrypted with the public key of the recipient. Data

the message must have an advanced electronic signature is attached or

an electronic tag, based on a qualified system

the certificate. If the message is being sent by the contracting authority, must be made

the electronic record of the Act in section 2.2.



2.12 Send open data messages bearing the electronic signature (T

12)



Permissible formats outgoing data message provides for the contracting authority. The format of the

the document must conform to the requirements in section 2.4. Electronic

the protocol used to transfer data messages, provides for the contracting authority. Data

the message must have an advanced electronic signature is attached or

an electronic tag, based on a qualified system

the certificate. If the message is being sent by the contracting authority, must be made

the electronic record of the Act in section 2.2.



2.13 Send open data messages (13)



Permissible formats outgoing data message provides for the contracting authority. The format of the

the document must conform to the requirements in section 2.4. Electronic

the protocol used to transfer data messages provides for the contracting authority. If there is a

message is being sent by the contracting authority, must be recorded on the electronic

Act according to section 2.2.



2.14 the encrypted data message Receipt bearing the electronic signature (T

14)



When receiving data messages the client must respect the format and

electronic log of incoming messages. The contracting authority shall ensure verification

the validity of the electronic signature attached, or electronic

tags. Data message can be decrypted. The rules that determine whether a

data message is decrypted, provides for the recipient. If the message is received

by the contracting authority, must be recorded on the electronic act according to section

2.2.



If it is connected to an advanced electronic signature, the recipient must be a data

message when the advanced electronic signature is not

valid or its qualified certificate has been invalidated. If there is a

attached electronic brand, the recipient must be a data message in the

When the electronic tag is not valid or a qualified

the system certificate has been invalidated.



2.15 Income open data messages bearing the electronic signature (T

15)



When receiving data messages the client must respect the format and

electronic log of incoming messages. The contracting authority must provide verification

the validity of the electronic signature attached, or electronic

tags. If the message is accepted by the contracting authority, must be reported

the e-commerce act in section 2.2. If it is connected the guaranteed

an electronic signature, the recipient must be a data message in the case

When the advanced electronic signature is not valid or its qualified

the certificate has been invalidated. If the attached electronic brand,

the recipient must be a data message, where the electronic

the tag is not valid or a qualified certificate has been

invalidated.



2.16 Income open data messages (16)



When receiving data messages the client must respect the format and

electronic data message log. In cases where it is

data message attached the advanced electronic signature or electronic

mark, although by law nor the sponsor did not request, the recipient cannot

the data message, even in the case where an electronic signature


or electronic brand are not valid



2.17 Income and save the menu (T 5)



Upon receipt of a data message must offer the contracting authority to respect the format and

electronic log of incoming messages. The contracting authority must provide verification

the validity of the advanced electronic signature attached, respectively.

electronic tags. If it is not validated connected guaranteed

electronic signature or an electronic tag during the reception menu,

must be verified during the Act of opening the envelopes. Data message

menu must not be decrypted. The contracting authority must record the

the electronic Act in section 2.2. During the reception menu must not be

made any copies of the data messages menu.



The contracting authority shall ensure that following the receipt of a data message menu immediately

This was followed by safe storage of data messages menu. Secure storage

data messages must be done in a way that access to

encrypted, stored in the menu data store, was not possible before

the deadline for submission of tenders.



The contracting authority shall ensure that the data message has been saved in such a menu

way that was detectable by the attempt to access the saved menu before

date of opening of the tenders. When any such attempt to access the

menu before the date of opening of the tenders must be drawn up a record of the

the electronic Act in section 2.2.



2.18 the opening of tenders submitted by electronic means (T-18)



The contracting authority shall ensure that the opening of the offers submitted by electronic

resources was carried out one of the following options



1. opening of the offers made by electronic means will be done

way downstream to receive offer according to section 2.17. Access to the

encrypted menu are stored in the data store, will be made of synergies

at least two people, or even a larger number of people, if so provided by

the contracting authority, with incomplete rights of access to the saved menu. A combination of

access rights of such persons will be granted access to the saved menu.

The menu will then be decrypted with the private key of the contracting authority pertaining

the contracting authority's public key that was used to encrypt the data message

menu, or



2. the opening of the offers made by electronic means will be done

in a way, building on the reception menu, according to section 2.17. The encrypted

the data is decrypted synergies offer message people having access

the private keys belonging to the contracting authority the contracting authority public keys

that were used to encrypt the data messages menu.



2.19 the negotiations the Commission/Panel/sponsor (T-19)



The contracting authority shall ensure that the part of the record of the hearing, the Commission/Panel/

the contracting authority was a document record of discussions. Must be recorded on the

the electronic Act in section 2.2.



2.20 electronic signature document (T-20)



The contracting authority shall ensure that an electronic signature to the document was made

one of the following ways



1. the format of the document must conform to the requirements in section 2.4. Document

must be signed by electronic signature or connection guaranteed

advanced electronic tags to the document. After the connection to the electronic

signature or electronic mark of the sponsor must be recorded on the

the electronic act according to section 2.2, or



2. in the advanced electronic signature of the multilateral document will be

both sides signed a gradual exchange of messages. In this case, the contracting authority

must send a data message with the document with an attached guaranteed

electronic signature vendor in a manner according to section 2.11. Supplier

upon receipt of a data message must respect the format of the incoming message. In

If the data message is encrypted, the supplier performs its

decryption. Verifies the validity of the attached supplier guaranteed

the electronic signature. The supplier must reject the message in the data

When the advanced electronic signature is invalid or its

qualified certificate has been invalidated. Furthermore, the supplier shall to

dešifrovanému document, attach your own advanced electronic signature and

send it in a data report in accordance with section 2.11. The contracting authority

receiving this message must proceed according to section 2.14. Procedure

multi-faceted e-signature can be implemented in reverse order

i.e.. First, the document shall be signed by the contractor and then passes the

the contracting authority. All of the above requirements shall apply mutatis mutandis.



2.21 Send data messages to the Web service (21)



The client application must send a message to a Web service, comply with the

the rules of communication provided for in the service. Must be recorded on the

the electronic Act in section 2.2.



2.22 the income data Web service messages (22)



The client application must when receiving messages comply with Web services

the rules of communication provided for in the service. Must be recorded on the

the electronic Act in section 2.2.



2.23 the disclosure proposal in the competition for the design competition jury (T 24)



Electronic tool to allow disclosure of the design must sponsor in

the competition for the design of the competition jury, so that for persons who are part of the

the competition jury, it was not possible on the basis of information provided by the

an electronic tool to identify the supplier, which has filed a proposal

(hereinafter referred to as "anonymization"). The anonymization of the proposal must occur after

open and decrypt the proposal. The competition jury shall make available to the contracting authority

We also design in decrypted form.



Electronic tool design must also provide to the contracting authority after the anonymization

information about the vendor that submitted the proposal.



The contracting authority shall ensure that the disclosure of the proposal in the competition for the design competition

the jury was taken by the electronic record of the Act in section 2.2.



2.24 Ensure prohibition of discrimination (T-25)



The operator must operate an electronic tool in such an environment, and

in such a way that the use of electronic tools, not

by the use of commonly unavailable or expensive technologies,

which would cause the exclusion of a supplier from participation in the award

procedures.



2.25 the disclosure of information for the use of electronic tools (T26)



Electronic tool must allow the contracting authorities to provide to suppliers,

who are interested to participate in tender procedures, available to all

information of a technical nature, including encoding and encryption,

that are necessary for communication by electronic means, in particular,

for the electronic submission of tenders and requests to participate, and it all the time

the use of electronic tools.



The contracting authority shall ensure that the disclosure of information for the use of

electronic tools was taken record of an electronic Act from

section 2.2.



2.26 to ensure technical support and service of e-tools

(T27)



The operator of electronic tools must provide technical support and

service of electronic tools, to an extent, in order to ensure

the proper operation of the electronic tools and the fulfilment of the other requirements of

This standard. Technical support and service, the operator must

of electronic tools to provide to the extent appropriate to the complexity of the

the functionality of the electronic tools.



3.



Requirements for the management of resources



The operator of an electronic instrument must specify and ensure resources

necessary for the efficient and effective operation of the electronic tools. Resources

for the purposes of this standard form



1. the environment in which it is an electronic tool is operated and which

includes the hardware, operating systems and other system software

equipment and facilities necessary to ensure the required parameters

electronic tools and



2. human resources that are necessary for the operation of the electronic

tools (management and handling) in the intended scope and for compliance with the

set out the requirements for the electronic tool. The operator

electronic instruments must specify the requirements for the management of resources

(the production environment and human resources) and its parts so that the

ensure that the electronic tool fulfils the requirements laid down in its

the operation in the production environment in the intended scope.



3.1 requirements for the environment



The operator of electronic instruments have documented way

the requirements on the environment, and in particular the hardware, software and

the spaces necessary for the operation of electronic tools in the intended

the range. Must keep records that these requirements when operating

electronic tools are being met. The range is dependent on the requirements

the complexity of the electronic tools (i.e. komptabilitě functionality).



3.2 requirements for the human resources management processes



The operator must take such measures in the field of the management of human

sources that minimize negative impact on the operation of the workers '

electronic tools in the determined range in compliance with all

specified requirements. The human resources management requirements are here

subsequently broken down as recommended and minimum. Featured management processes

human resources and their implementation shall ensure that the operator of an electronic

a more comprehensive tool management tool. For the fulfilment of the requirements of this

However, the operators of electronic tools standard is sufficient to populate the

minimum requirements for the human resources management processes. Way

the fulfillment of the following requirements must be documented and must


records exist as evidence of compliance with the requirements.



The minimum human resource management processes are defined in the following

the matrix.



Table i. structure (matrix) of the processes of human resources management

------------------- --------------------- -----------------------

PROCESSES

------------------- --------------------- -----------------------

Before the start of the work on exit During work

work with electronic with electronic

with an electronic tool or instrument, or

tool or in a production in a production

in a production environment

the electronic environment electronic

electronic tools

Tools

------------------- --------------------- -----------------------

Create a role Implementation

educational activities

------------------- ---------------------

Determination of disciplinary proceedings

the requirements for the

Support Their work

competence in the role

a worker in the role

--------------------

The provisions of the

the worker's role

and its training

------------------- ------------------- -------------------------



Editor's note. 1: Worker ' means an employee of the operator of an electronic

tools or any other person who is involved in the operation of

electronic tools.



Editor's note. 2: disciplinary proceedings means the implementation of liability for

activities involving the operation of electronic tools and the application of the

sanctions no matter whether it is a liability arising from

employment relationship or other relationship.



3.2.1 before starting to work with an electronic tool or in a production

environment of e-tools



The operator of electronic tools



1. the roles required for the operation of the electronic instruments, their

the responsibilities, powers and competence requirements,



2. define the responsibilities and the procedures to be determined by staff dating

for that role, with their responsibilities, duties and powers



3. define the responsibilities, powers and procedures of the determination of the workers

roles.



3.2.2 while working with an electronic tool or in a production environment

electronic tools



The operator of electronic tools and plans to ensure educational

activities, through which it ensures that the workers will meet the

the requirements for competence set out for its role. In

If the activities are secured by a Contracting Party, the operator

It requires the fulfillment of this requirement after the party.



The operator of electronic instruments set out the responsibilities and procedures for the

the initiation, implementation and completion of the disciplinary proceedings in case

the worker violates the obligations laid down in the operation of the electronic

Tools.



3.2.3 In their work with an electronic tool or in a production

environment of e-tools



The operator of electronic instruments set out the responsibilities and procedures for the

the proper conduct of their worker's work with an electronic tool

(including any termination of contractual relationships), which include in particular the

surrender of allocated assets and withdrawal of access rights to

the electronic instruments.



4.



System requirements for electronic tool



Through system requirements on electronic tools

ensures implementation of legislative requirements, the operator in the course of

design and development of electronic tools and after full-term

electronic tools.



4.1 requirements for information security



The operator of an electronic tool must eliminate the effects

the identified threats that may result in non-compliance with

set out the requirements for the electronic tool. Examples of structures

the threats and the resulting breakdown of the reasons requests are listed on the

the following schema. When you perform tasks in procurement procedures must

in all cases ensure the availability and integrity of transmitted and

of information processed and in the cases provided for shall be in addition

the confidentiality of such information.



Diagram III. The crucial factors affecting the fulfilment of the requirements of the

electronic tool



The availability, integrity and confidentiality must be documented

way to secure it by applying the selected procedures international

standards in the field of information security.



The operator must ensure that at least the following steps



1. determine the scope and boundaries of the electronic instruments on the basis of the assessment

its design, structure, location (site), assets and technologies,



2. define information security policies e-tools

that



and sets out the principles, policy) and the total safety management framework

information,



(b)) takes into account legal or regulatory requirements and contractual obligations

the operator of electronic tools, and sets out the criteria governing the

will be assessed the risks,



3. provide access to the operator's electronic tools risks

information security



and to identify the risk assessment methodology), which complies with the prescribed

the level of information security, legal and regulatory requirements, and

ensures reproducibility and comparability of the results,



(b)) to create criteria for the acceptance of risks and identify their

the acceptance level,



4. identify risks



and assets) to identify within the scope of electronic tools, and

their owners,



(b)) to identify threats to assets,



(c)) to identify vulnerability that could be exploited, threats



(d) to identify what impacts on) electronic tools could

have the loss of confidentiality, integrity and availability of assets,



5. analyze and evaluate the risks



6. identify and provide options for managing risk, which may

be



and applying appropriate measures to) eliminate or reduce the impact of risks,



(b)) and objective risk acceptance conscious provided that clearly

meet the Organization's policy and criteria for the acceptance of risks



(c) avoiding risks)



d) transferring the risks associated with the activities of the Organization to a third party,

for example. to insurance companies, vendors,



7. Select and apply various security measures for the management of

risks.



The operator of electronic tools in the context of the operation must

e-tools:



1. to monitor, review, and implement other measures



and) for early detection, processing errors



(b)) for the early identification of both successful and failed attempts to breach

safety and detection of security incidents,



(c)) to enable the management of the electronic tools to determine whether the

security activities conducted by persons responsible for, or for which they were

implemented technology, they work as expected,



(d)) to enable the detection of security events, which can cause

security incident



2. measure the effectiveness of the measures introduced to verify that they have been

met safety requirements,



3. to carry out internal audits of information security at scheduled

intervals and take effective measures to eliminate the deficiencies and



4. regularly review the adequacy and effectiveness of risk taken

measures for the management of risks, the occurrence of security incidents and

incidents, the results of internal audits and on the basis that receive

measures to improve the safety management system set

information.



4.2 requirements for document management processes



The operator of electronic tools must follow (creates, classifies,

approved, indicates, records, stores, distributes, revises, performs

changes, protects, stores and disposed of) any documents related to the

operation of electronic instruments with regard to their classification after

the entire period of their life cycle. Part of management is

a defined level of availability, integrity and confidentiality of the information in the

documents. The operator of electronic tools must create

documented procedures, which sets out the responsibilities, rules and procedures

in particular, for



1. the creation, identification and registration of documents,



2. the classification of documents,



3. the approval documents,



4. distribution of documents.



5. the treatment of documents in accordance with rules corresponding to the classification

documents,



6. ensure the timeliness of documents their revisions and updates

including repeat the approval,



7. ensure the identifikovatelnosti changes to documents and their current

the State,



8. ensure the readability and ease of identifikovatelnosti documents



9. ensure the availability of a set of documents,



10. ensure the integrity of documents



11. ensure the identification and management of documents of external origin.



Creation of documents related to the operation of the electronic tools

may be in any form (i.e. paper or electronic) and on the

any medium.



4.3 requirements for records management processes



Records as a special category of documents must be created and

maintained to provide evidence of conformity with specified requirements

the operation of electronic tools. The records shall be protected and controlled,

It must remain legible, readily identifiable and must be able to

easy to find. The measures necessary for the identification, storage, protection,

find, period of validity and the arrangement of the records must be documented.



The operator must ensure the continuity of the electronic tools version


the document and ensure the traceability requirement for each document and

record.



The creation of records related to the operation of the electronic tools

may be in any form (i.e. paper or electronic) and on the

any medium.



4.4 requirements for creating electronic tools



The operator of electronic tools must provide documented

way of objective evidence, that the development of e-tools

in accordance with the laid down requirements for design and development

electronic tools, which include the minimum requirements of this

standard and safety requirements of the processed information. Additionally, you must

keep a record of the fact that in the course of planning, design and development have been

established



1. responsibilities and powers in the design and development of the electronic

Tools,



2. suitable stages of the design and development of electronic tools (at least

design and development of electronic tools and the integration of the electronic

tools to a production environment),



3. terms and conditions for testing (validation), and validation of the electronic

the tools in each design and development stage provided for electronic

Tools.



The operator must, within a specified stages of e-tools

carry out a systematic examination of design and development, so that the



1. was evaluated on an ongoing basis the ability of electronic tools to perform

the requirements laid down,



2. all the problems have been identified in a timely fashion and could be designed

necessary measures to ensure compliance with the requirements of the electronic

tool.



The operator of electronic tools must keep records of the results and

during the testing of the electronic instrument that has been carried out,

to demonstrate that they meet specified requirements for electronic

tool.



The operator must keep records of the results of the validation process

electronic tools that have been implemented so as to ensure

electronic tool that operated in the specified environment is

Unable to meet the requirements of the specified or intended use.



Must be processed by electronic tools and user documentation

documentation related to the management of electronic tools.

The operator must maintain documentation of the source code, and that in the case that

is authorized to make changes to this source code.



4.5. Requirements for the implementation of the changes to the electronic tools



To make changes to the electronic tool applies the same requirements as

on the creation of an electronic instrument.



All changes of the electronic tools must be in accordance with the

legislative requirements and the requirements of this standard. These changes must

be identifiable, shall be documented and approved by the responsible

the person in front of their implementation.



4.6 monitoring requirements, measurement and review operation

electronic tools



The operator of electronic instruments must apply appropriate methods

monitoring and appropriate measurement specified operating

parameters of electronic tools.



Monitoring or measurement results must be recorded and analysed with

to identify the differences and their causes. The operator

electronic instruments must, immediately upon detection of differences take

effective remedial measures for the Elimination of the impact of the disagreement and the

causes. After a specified time, the operator of electronic tools

to examine whether the measures taken are effective. Differences and their causes,

the measures taken and the review of the efficiency of measures taken must be

documented.



1) Act 227/2000 Coll., on electronic signature and amending certain

other laws (the law on electronic signature), as amended

regulations.



2) Act 22/1997 Coll., on technical requirements for products and amending

and additions to certain laws, as amended.