Decree On The Long Term Management Of Information Systems In Public Administration

Original Language Title: vyhláška o dlouhodobém řízení informačních systémů veřejné správy

Read the untranslated law here: https://portal.gov.cz/app/zakony/download?idBiblio=63196&nr=529~2F2006~20Sb.&ft=txt

529/2006 Sb.



DECREE



of 23 December 2003. November 2006



about the requirements for the structure and content of the information design and operating

documentation and about the requirements for safety and quality management

the information systems of the public administration (Decree on long-term management

information systems in public administration)



Ministry of Informatics, determined in accordance with § 12 para. 1 (b). (e)), and (b). (f))

Act No. 365/2000 Coll., on public administration and information systems of the

amendments to certain other laws, as amended by Act No 81/2006 Coll. (hereinafter referred to

"the Act") to implement section 5a paragraph 2. 1 to 3 of the Act:



§ 1



The subject of the edit



This Decree lays down the



and) requirements for the structure and content of information concepts, procedures of the

public administration when creating it, the issue, in the evaluation of its

compliance and control requirements of safety and quality information

systems of public administration under section 5a paragraph 2. 1 of the Act,



(b)) the requirements for the structure and content of the operational documentation under section 5a paragraph 2.

2 of the Act and the extent of the operational documentation to be produced for attestation

under section 5a paragraph 2. 3 of the Act.



PART THE FIRST



INFORMATION CONCEPT



§ 2



The content and structure of information concept



(1) a public authority shall indicate in the information concept



and) characteristics of each public administration information system, whose

is an administrator, a brief characterization of the current state and

anticipated changes in this system,



(b)) the acquisition or creation of the intentions of new information systems

public administration,



(c)) in the area of long-term objectives of quality management information systems

public administration, quality requirements and quality management plan under section 3,



d) long-term objectives in the field of security of information systems

public administration, safety and safety management plan

§ 4,



e) set of core rules (hereinafter referred to as the "policy") for the management of

the information systems of the public administration, including the processes that lead to

their implementation,



(f) the method of financing of projects) referred to in subparagraph (b)), the long-term objectives referred to in

subparagraphs (c) and (d))) and management information systems of the public administration by

subparagraph (e)),



(g) procedures for evaluating compliance with) the information referred to in section 7 of the concept and

When the implementation of the amendments under section 6,



(h) inclusion of an employee or) functional determination of other natural persons or

the name of the organizational unit that controls the implementation of activities leading to the

achievement of the objectives, the fulfilment of the principles and application of the procedures, which are in

the concept of information listed, and to fulfill the duties which the authority

the public administration Act,



even) the duration of information concept.



(2) the public authority characterizes the individual information systems

public administration referred to in paragraph 1 (b). and) so that in terms of their

effective management



and is characterized by each information system) public administration separately, or



(b)) two or more of the information systems of the public administration characterized as

the subsystems of the single information system of public administration.



(3) policy for the management of information systems of the public administration, including

the procedures that lead to their implementation, referred to in paragraph 1 (b). (e))

the public authority shall determine for each area



and acquiring and creating) information systems of the public administration,



(b)) the operation of information systems of the public administration, including their

changes and development.



§ 3



The long-term objectives in the field of quality management



(1) a public authority shall lay down the concept in the information according to § 2 (2).

1 (b). (c) long-term objectives) wants to achieve in the area of management

the quality of the information systems of the public administration; the following objectives are always



and quality assurance) of data that are processed in these systems,



(b) the technical and quality assurance) program funds pursuant to § 2

(a). and) of the Act,



(c)) to ensure quality services that are using these systems

provided.



(2) to achieve the objectives referred to in paragraph 1 by a public authority in

information concept sets out the requirements on quality.



(3) the public authority in the information concept sets out the management plan

quality, which contains a description of the activities that the public authority

exercises to achieve specified requirements on the quality of information

systems of public administration, including a timetable for their implementation.



§ 4



The long-term objectives in the field of safety management



(1) a public authority shall lay down the concept in the information according to § 2 (2).

1 (b). (d) long-term objectives) wants to achieve in the area of management

security of information systems of the public administration; the following objectives are always



and safety data) are in these systems is handled



(b) technical and safety program) the funds referred to in paragraph 2 (a). and)

the law,



(c)) the safety of services, that are using these systems

provided.



(2) to achieve the objectives referred to in paragraph 1 by a public authority in

information concept lays down requirements for the security of information

systems of public administration.



(3) the public authority in the information concept sets out the management plan

security, which contains a description of the activities that the public authority

exercises for the attainment of the stated requirements for the security of information

systems of public administration, including a timetable for their implementation.



§ 5



How to create an information concept



(1) a public authority shall lay down in the information the concept of long term objectives,

the principles and procedures provided for in § 2 (2). 1 always having regard to the



and) the data that is in the information systems of the public administration

is processed,



(b)) services that are using information systems, public

management ensured,



(c)) used hardware and software products in accordance with § 2 (b). and) of the Act.



(2) where a public authority has the operational information systems that

have links to information systems of public administration in accordance with § 3 (1). 5

the Act, describes the information concept



and those links, or)



b) operating information systems as public information systems

If management in terms of their effective management it is deemed appropriate

to establish long-term objectives, policies, and procedures pursuant to § 2 (2). 1 for

all information systems operated by the.



§ 6



Approval of the design and implementation of information changes in the information concept



(1) details of the approval of the concept of information or its individual

in this version of the document are recorded in the forest



and version information of the concept),



(b)) the name or first and last name of the employee or other physical

the person or persons that the concept or its version information processed,



(c)) the name or first and last name of the employee, other natural persons

or body that the information or its version of the approved concept,



(d) date of approval).



(2) If a public authority makes a change in the information concept in the

accordance with the principles and procedures set forth in section 2 (2). 1 (b). (g)), and

the text of this concept is approved, a new version is created

information concept. The change can be done by creating a new document

or Appendix to an existing connection document.



(3) the information included in each version of the concept, which was created by performing the

changes in the previous version, the concept of information is always a description and justification of

changes and the identification of the relevant parts of the document that has been changed.



(4) the public authority during the period that the information concept

time covers, make changes in the information, so that the concept has always been

maintained the consistency of the content of the concept is real and current status

the requirements of a public authority.



§ 7



Evaluation of compliance with the information concept



(1) the public authority evaluates compliance with the concept of information in

accordance with the principles and procedures laid down under section 2 (2). 1 (b). (g)),

sets out the conclusions of the evaluation and takes measures to eliminate

identified deficiencies; compliance with the informational concept of evaluating

at least once every 24 months.



(2) on the progress of evaluation findings and the measures taken on the basis of

findings from the evaluation takes a public authority

evaluation.



§ 8



Policies and procedures for the acquisition and the creation of information systems

of public administration



(1) the public authority in the information concept indicating the principles and

How to apply prior to the acquisition or creation of information systems

public administration under section 2 (2). 3 (b). and), and policies and procedures

for



and defining appropriate information system) of the public administration, that is to be

acquired or created, and an analysis of resources for its acquisition or

creation, including the expected financial requirements,



(b)) the analysis of the initial situation,



(c)) the determination of the target State of the information system of public administration,



(d) the quality requirements and the) determination of the requirements for ensuring the

safety,



(e)) the analysis of the consequences that the acquisition or creation of information system

the public administration may cause.



(2) If a public authority intends, in accordance with their long-term

the objectives of the information systems of the public administration to acquire from the vendor, in

the concept of information shall be



and what kind of documentation and what) permissions necessary for carrying out the maintenance and

changes in the information system of public administration is necessary in order to supply


require, even taking into account whether the information System Manager

public administration intends to any changes in this system or deleting

failure to perform with their own forces,



(b)) what requirements the project management is being applied to the vendor,



(c)) the test requirements for the information system of public administration and

acceptance of deliveries before taking over from the vendor.



(3) If a public authority intends, in accordance with their long-term

objectives create information systems of the public administration through its

employees, stating the particulars in the information document the concept

the process of creating.



(4) where a public authority exercises when you create information

the system of public administration, project management, concept in the information shall state the

the principles of project management with the use of Czech technical standards, which

lays down the procedures of the project ^ 1).



§ 9



Policies and procedures for the operation of information systems in public administration



(1) the public authority in the information concept indicating the principles and

the procedures applied in the operation of information systems in public administration

According to § 2 (2). 3 (b). (b)), and policies and procedures for



and) ensuring the operation and maintenance of the information systems of the public administration,

including the creation and maintenance of operational documentation and evaluation of its

compliance with,



(b)) change management in information systems of the public administration,



(c) the controlled cessation) of information systems of the public administration.



(2) the procedures referred to in paragraph 1 (b). and) is a description of the procedures,

the application shall ensure that the operation of information systems

public information management concepts and operational documentation, and it always

description of the procedures for the assessment of conformity. At the same time shall be

duties of individual employees or other individuals in the

respect to the said activities.



(3) change management referred to in paragraph 1 (b). (b)) means the activity

in the management of the design process and the approval of changes in the information system

the public administration and in the management of the process of the implementation of these changes. Management of change

must always be documented.



(4) in the context of the change management referred to in paragraph 1 (b). (b))

public administration in the information concept sets out the range of activities that can be

perform only in the context of the implementation of the changes referred to in paragraph 1 (b). (b)), and

that can be performed in the context of the maintenance of the information system of public administration.

Maintenance means the carrying out of activities that lead to conservation features

information system of public administration in the desired and unaltered, and

by changing the qualitative change of the information system of public administration,

always change the functionality or data interface.



(5) the procedures in connection with the management of the changes referred to in paragraph 1

(a). (b)) is always



and define the necessary changes) to the information system of public administration,



(b)) the analysis of the baseline for the development of a public information system

Administration,



(c)) the determination of the target State of the information system of public administration,



(d) the quality requirements and the) determination of the requirements for ensuring the

the security relating to the target State of the information system

public administration,



(e) a proposal for the transformation from the default) State to the target State information

system of public administration,



f) analysis of the consequences that a change may cause,



g) adapting the operational documentation.



(6) the public authority in the context of a controlled shutdown

information systems in public administration referred to in paragraph 1 (b). (c))

information concept sets out the principles and procedures for defining needs

termination of the activities of the information system of public administration.



(7) before it is terminated the activities of public administration information system

and this system is out of operation, must be in accordance with the procedures

laid down pursuant to paragraph 1. c) securely loaded with data that

information system of public administration processes, including carriers of these

data, in order to prevent unauthorized access to this data.



PART TWO



OPERATIONAL DOCUMENTATION



§ 10



The requirements on the structure of the operational documentation



(1) the operating documentation information system of public administration consists of the following

documents:



and documentation information system) the safety of the public administration,



(b)) system manual,



c) user's Guide.



(2) the safety of the public administration information system documentation under

paragraph 1 (b). and) forms



and) security policy information system of public administration, and it always

If the system has links with other public administration information system

administrator or if the public authority is not the operator of this

the system,



(b) safety guidelines for action) security system administrator.



(3) the public authority can meet your needs, and always with a view

the number of users to merge documents referred to in paragraph 1 within one

the document.



(4) a public authority can handle one operational documentation for

more information systems of the public administration, provided that the



and) policies and procedures for the operation of such systems are the same,



b) none of the information systems of public administration concerned does not bind to the

Another Manager, information system



(c) the right to write), change, or delete data that these systems

process, are limited to a finite number of designated

employees of a public authority.



(5) in the cases referred to in paragraph 4 must be in the operations documentation

except as expressly provided, for which the information systems of the public administration is

operational documentation.



(6) the operating documentation information system of public administration forms

other documents, if their processing and use of necessary for the

effective management of the information system of public administration; This is true for

public administration information systems that process large volumes of data

or that are created and operated, including making changes in these

systems in accordance with Czech technical standards that processing

other documents they assume.



§ 11



The requirements on the content of the operational documentation



(1) in the operational documentation of public administration presents the current status of

information system of public administration, a description of the functional and technical

the properties of each public administration information system, which is

by the administrator, including the organizational and technical measures to ensure the

the preservation of these properties.



(2) the operating documentation for the information system of the public administration must be

processed to match the principles and procedures laid down in

information concept.



(3) security policy of public administration information system pursuant to section

10, paragraph 1. 2 (a). and) contains a description of the security measures that the authority

public administration in ensuring the security of the system and

conforming to the requirements laid down in the information security

the concept of according to § 4, paragraph 4. 2.



(4) safety guidelines for the operation of the safety system administrator

According to § 10 para. 2 (a). (b)) contains a detailed description of the safety

the functions that the security administrator of the system used for the implementation of the

designated activities in the information system of public administration, and a tutorial on the

to use these functions.



(5) the system manual under section 10, paragraph 1. 1 (b). (b)) contains



and a description of the features, including) security, which uses the system administrator

for the implementation of the identified activities in the information system of public administration, and

a tutorial on using these functions,



(b)) quality parameters, which are based on the quality requirements referred to in § 3

paragraph. 2,



(c)) detailed description of the information system of public administration, or a link to

the document in which it is given and the description of that system administrators

available,



d) description of the activities carried out in the management of information

public administration system, including the activities defined for a role under section

12, the determination of the natural persons who carry out these activities, and permissions

necessary for the performance of these activities,



e) define users or groups of users and their permissions and

obligations in the use of information system of public administration.



(6) user's Guide under section 10, paragraph 1. 1 (b). (c)) contains



and a description of the features, including) the safety that the user uses for its

activity in the information system of public administration, and guidance on the use of these

functions,



(b) definition of permissions and obligations) of users in relation to the information

the system of public administration.



§ 12



Role in the management of public administration information system



(1) the public authority defines for information system of public administration

always the role



and the system administrator) who is an employee or other natural person

that provides traffic management information system of public administration,



(b) security system administrator) who is an employee or other

a natural person, which controls the security information

public administration system;



at the same time defines for each role, a summary of the intended activities and the necessary

the permissions for the implementation of these activities in the information system of the public

Administration.



(2) the system administrator role and at the same time the role of security administrator system

can perform one natural person only in the case that this is a


information system of public administration, which does not have ties with the information

the system of public administration, another administrator, and public authority established by the

and apply the appropriate security measures to eliminate the risks,

that would perform both roles one natural person may result.



(3) If the system administrator role referred to in paragraph 1 (b). and at the same time)

the system administrator security role referred to in paragraph 1 (b). (b))

one natural person, the public authority may combine safety

directive for the functioning of the security system administrator pursuant to § 10 para. 2

(a). (b)) with the system manual under section 10, paragraph 1. 1 (b). (b)).



section 13 of the



Range of operational documentation to be produced for attestation



When the public authority shall submit an attestation to the security policy

the public administration information system, if it is required to handle it

According to § 10 para. 2 (a). and).



PART THREE



FINAL PROVISION



§ 14



The effectiveness of the



This Decree shall enter into force on 1 January 2000. January 1, 2007.



Minister:



Mudr. Mgr. Langer in r.



1) for example, ISO/IEC 15288 systems engineering processes

the life cycle of the system.