529/2006 Sb.
DECREE
of 23 December 2003. November 2006
about the requirements for the structure and content of the information design and operating
documentation and about the requirements for safety and quality management
the information systems of the public administration (Decree on long-term management
information systems in public administration)
Ministry of Informatics, determined in accordance with § 12 para. 1 (b). (e)), and (b). (f))
Act No. 365/2000 Coll., on public administration and information systems of the
amendments to certain other laws, as amended by Act No 81/2006 Coll. (hereinafter referred to
"the Act") to implement section 5a paragraph 2. 1 to 3 of the Act:
§ 1
The subject of the edit
This Decree lays down the
and) requirements for the structure and content of information concepts, procedures of the
public administration when creating it, the issue, in the evaluation of its
compliance and control requirements of safety and quality information
systems of public administration under section 5a paragraph 2. 1 of the Act,
(b)) the requirements for the structure and content of the operational documentation under section 5a paragraph 2.
2 of the Act and the extent of the operational documentation to be produced for attestation
under section 5a paragraph 2. 3 of the Act.
PART THE FIRST
INFORMATION CONCEPT
§ 2
The content and structure of information concept
(1) a public authority shall indicate in the information concept
and) characteristics of each public administration information system, whose
is an administrator, a brief characterization of the current state and
anticipated changes in this system,
(b)) the acquisition or creation of the intentions of new information systems
public administration,
(c)) in the area of long-term objectives of quality management information systems
public administration, quality requirements and quality management plan under section 3,
d) long-term objectives in the field of security of information systems
public administration, safety and safety management plan
§ 4,
e) set of core rules (hereinafter referred to as the "policy") for the management of
the information systems of the public administration, including the processes that lead to
their implementation,
(f) the method of financing of projects) referred to in subparagraph (b)), the long-term objectives referred to in
subparagraphs (c) and (d))) and management information systems of the public administration by
subparagraph (e)),
(g) procedures for evaluating compliance with) the information referred to in section 7 of the concept and
When the implementation of the amendments under section 6,
(h) inclusion of an employee or) functional determination of other natural persons or
the name of the organizational unit that controls the implementation of activities leading to the
achievement of the objectives, the fulfilment of the principles and application of the procedures, which are in
the concept of information listed, and to fulfill the duties which the authority
the public administration Act,
even) the duration of information concept.
(2) the public authority characterizes the individual information systems
public administration referred to in paragraph 1 (b). and) so that in terms of their
effective management
and is characterized by each information system) public administration separately, or
(b)) two or more of the information systems of the public administration characterized as
the subsystems of the single information system of public administration.
(3) policy for the management of information systems of the public administration, including
the procedures that lead to their implementation, referred to in paragraph 1 (b). (e))
the public authority shall determine for each area
and acquiring and creating) information systems of the public administration,
(b)) the operation of information systems of the public administration, including their
changes and development.
§ 3
The long-term objectives in the field of quality management
(1) a public authority shall lay down the concept in the information according to § 2 (2).
1 (b). (c) long-term objectives) wants to achieve in the area of management
the quality of the information systems of the public administration; the following objectives are always
and quality assurance) of data that are processed in these systems,
(b) the technical and quality assurance) program funds pursuant to § 2
(a). and) of the Act,
(c)) to ensure quality services that are using these systems
provided.
(2) to achieve the objectives referred to in paragraph 1 by a public authority in
information concept sets out the requirements on quality.
(3) the public authority in the information concept sets out the management plan
quality, which contains a description of the activities that the public authority
exercises to achieve specified requirements on the quality of information
systems of public administration, including a timetable for their implementation.
§ 4
The long-term objectives in the field of safety management
(1) a public authority shall lay down the concept in the information according to § 2 (2).
1 (b). (d) long-term objectives) wants to achieve in the area of management
security of information systems of the public administration; the following objectives are always
and safety data) are in these systems is handled
(b) technical and safety program) the funds referred to in paragraph 2 (a). and)
the law,
(c)) the safety of services, that are using these systems
provided.
(2) to achieve the objectives referred to in paragraph 1 by a public authority in
information concept lays down requirements for the security of information
systems of public administration.
(3) the public authority in the information concept sets out the management plan
security, which contains a description of the activities that the public authority
exercises for the attainment of the stated requirements for the security of information
systems of public administration, including a timetable for their implementation.
§ 5
How to create an information concept
(1) a public authority shall lay down in the information the concept of long term objectives,
the principles and procedures provided for in § 2 (2). 1 always having regard to the
and) the data that is in the information systems of the public administration
is processed,
(b)) services that are using information systems, public
management ensured,
(c)) used hardware and software products in accordance with § 2 (b). and) of the Act.
(2) where a public authority has the operational information systems that
have links to information systems of public administration in accordance with § 3 (1). 5
the Act, describes the information concept
and those links, or)
b) operating information systems as public information systems
If management in terms of their effective management it is deemed appropriate
to establish long-term objectives, policies, and procedures pursuant to § 2 (2). 1 for
all information systems operated by the.
§ 6
Approval of the design and implementation of information changes in the information concept
(1) details of the approval of the concept of information or its individual
in this version of the document are recorded in the forest
and version information of the concept),
(b)) the name or first and last name of the employee or other physical
the person or persons that the concept or its version information processed,
(c)) the name or first and last name of the employee, other natural persons
or body that the information or its version of the approved concept,
(d) date of approval).
(2) If a public authority makes a change in the information concept in the
accordance with the principles and procedures set forth in section 2 (2). 1 (b). (g)), and
the text of this concept is approved, a new version is created
information concept. The change can be done by creating a new document
or Appendix to an existing connection document.
(3) the information included in each version of the concept, which was created by performing the
changes in the previous version, the concept of information is always a description and justification of
changes and the identification of the relevant parts of the document that has been changed.
(4) the public authority during the period that the information concept
time covers, make changes in the information, so that the concept has always been
maintained the consistency of the content of the concept is real and current status
the requirements of a public authority.
§ 7
Evaluation of compliance with the information concept
(1) the public authority evaluates compliance with the concept of information in
accordance with the principles and procedures laid down under section 2 (2). 1 (b). (g)),
sets out the conclusions of the evaluation and takes measures to eliminate
identified deficiencies; compliance with the informational concept of evaluating
at least once every 24 months.
(2) on the progress of evaluation findings and the measures taken on the basis of
findings from the evaluation takes a public authority
evaluation.
§ 8
Policies and procedures for the acquisition and the creation of information systems
of public administration
(1) the public authority in the information concept indicating the principles and
How to apply prior to the acquisition or creation of information systems
public administration under section 2 (2). 3 (b). and), and policies and procedures
for
and defining appropriate information system) of the public administration, that is to be
acquired or created, and an analysis of resources for its acquisition or
creation, including the expected financial requirements,
(b)) the analysis of the initial situation,
(c)) the determination of the target State of the information system of public administration,
(d) the quality requirements and the) determination of the requirements for ensuring the
safety,
(e)) the analysis of the consequences that the acquisition or creation of information system
the public administration may cause.
(2) If a public authority intends, in accordance with their long-term
the objectives of the information systems of the public administration to acquire from the vendor, in
the concept of information shall be
and what kind of documentation and what) permissions necessary for carrying out the maintenance and
changes in the information system of public administration is necessary in order to supply
require, even taking into account whether the information System Manager
public administration intends to any changes in this system or deleting
failure to perform with their own forces,
(b)) what requirements the project management is being applied to the vendor,
(c)) the test requirements for the information system of public administration and
acceptance of deliveries before taking over from the vendor.
(3) If a public authority intends, in accordance with their long-term
objectives create information systems of the public administration through its
employees, stating the particulars in the information document the concept
the process of creating.
(4) where a public authority exercises when you create information
the system of public administration, project management, concept in the information shall state the
the principles of project management with the use of Czech technical standards, which
lays down the procedures of the project ^ 1).
§ 9
Policies and procedures for the operation of information systems in public administration
(1) the public authority in the information concept indicating the principles and
the procedures applied in the operation of information systems in public administration
According to § 2 (2). 3 (b). (b)), and policies and procedures for
and) ensuring the operation and maintenance of the information systems of the public administration,
including the creation and maintenance of operational documentation and evaluation of its
compliance with,
(b)) change management in information systems of the public administration,
(c) the controlled cessation) of information systems of the public administration.
(2) the procedures referred to in paragraph 1 (b). and) is a description of the procedures,
the application shall ensure that the operation of information systems
public information management concepts and operational documentation, and it always
description of the procedures for the assessment of conformity. At the same time shall be
duties of individual employees or other individuals in the
respect to the said activities.
(3) change management referred to in paragraph 1 (b). (b)) means the activity
in the management of the design process and the approval of changes in the information system
the public administration and in the management of the process of the implementation of these changes. Management of change
must always be documented.
(4) in the context of the change management referred to in paragraph 1 (b). (b))
public administration in the information concept sets out the range of activities that can be
perform only in the context of the implementation of the changes referred to in paragraph 1 (b). (b)), and
that can be performed in the context of the maintenance of the information system of public administration.
Maintenance means the carrying out of activities that lead to conservation features
information system of public administration in the desired and unaltered, and
by changing the qualitative change of the information system of public administration,
always change the functionality or data interface.
(5) the procedures in connection with the management of the changes referred to in paragraph 1
(a). (b)) is always
and define the necessary changes) to the information system of public administration,
(b)) the analysis of the baseline for the development of a public information system
Administration,
(c)) the determination of the target State of the information system of public administration,
(d) the quality requirements and the) determination of the requirements for ensuring the
the security relating to the target State of the information system
public administration,
(e) a proposal for the transformation from the default) State to the target State information
system of public administration,
f) analysis of the consequences that a change may cause,
g) adapting the operational documentation.
(6) the public authority in the context of a controlled shutdown
information systems in public administration referred to in paragraph 1 (b). (c))
information concept sets out the principles and procedures for defining needs
termination of the activities of the information system of public administration.
(7) before it is terminated the activities of public administration information system
and this system is out of operation, must be in accordance with the procedures
laid down pursuant to paragraph 1. c) securely loaded with data that
information system of public administration processes, including carriers of these
data, in order to prevent unauthorized access to this data.
PART TWO
OPERATIONAL DOCUMENTATION
§ 10
The requirements on the structure of the operational documentation
(1) the operating documentation information system of public administration consists of the following
documents:
and documentation information system) the safety of the public administration,
(b)) system manual,
c) user's Guide.
(2) the safety of the public administration information system documentation under
paragraph 1 (b). and) forms
and) security policy information system of public administration, and it always
If the system has links with other public administration information system
administrator or if the public authority is not the operator of this
the system,
(b) safety guidelines for action) security system administrator.
(3) the public authority can meet your needs, and always with a view
the number of users to merge documents referred to in paragraph 1 within one
the document.
(4) a public authority can handle one operational documentation for
more information systems of the public administration, provided that the
and) policies and procedures for the operation of such systems are the same,
b) none of the information systems of public administration concerned does not bind to the
Another Manager, information system
(c) the right to write), change, or delete data that these systems
process, are limited to a finite number of designated
employees of a public authority.
(5) in the cases referred to in paragraph 4 must be in the operations documentation
except as expressly provided, for which the information systems of the public administration is
operational documentation.
(6) the operating documentation information system of public administration forms
other documents, if their processing and use of necessary for the
effective management of the information system of public administration; This is true for
public administration information systems that process large volumes of data
or that are created and operated, including making changes in these
systems in accordance with Czech technical standards that processing
other documents they assume.
§ 11
The requirements on the content of the operational documentation
(1) in the operational documentation of public administration presents the current status of
information system of public administration, a description of the functional and technical
the properties of each public administration information system, which is
by the administrator, including the organizational and technical measures to ensure the
the preservation of these properties.
(2) the operating documentation for the information system of the public administration must be
processed to match the principles and procedures laid down in
information concept.
(3) security policy of public administration information system pursuant to section
10, paragraph 1. 2 (a). and) contains a description of the security measures that the authority
public administration in ensuring the security of the system and
conforming to the requirements laid down in the information security
the concept of according to § 4, paragraph 4. 2.
(4) safety guidelines for the operation of the safety system administrator
According to § 10 para. 2 (a). (b)) contains a detailed description of the safety
the functions that the security administrator of the system used for the implementation of the
designated activities in the information system of public administration, and a tutorial on the
to use these functions.
(5) the system manual under section 10, paragraph 1. 1 (b). (b)) contains
and a description of the features, including) security, which uses the system administrator
for the implementation of the identified activities in the information system of public administration, and
a tutorial on using these functions,
(b)) quality parameters, which are based on the quality requirements referred to in § 3
paragraph. 2,
(c)) detailed description of the information system of public administration, or a link to
the document in which it is given and the description of that system administrators
available,
d) description of the activities carried out in the management of information
public administration system, including the activities defined for a role under section
12, the determination of the natural persons who carry out these activities, and permissions
necessary for the performance of these activities,
e) define users or groups of users and their permissions and
obligations in the use of information system of public administration.
(6) user's Guide under section 10, paragraph 1. 1 (b). (c)) contains
and a description of the features, including) the safety that the user uses for its
activity in the information system of public administration, and guidance on the use of these
functions,
(b) definition of permissions and obligations) of users in relation to the information
the system of public administration.
§ 12
Role in the management of public administration information system
(1) the public authority defines for information system of public administration
always the role
and the system administrator) who is an employee or other natural person
that provides traffic management information system of public administration,
(b) security system administrator) who is an employee or other
a natural person, which controls the security information
public administration system;
at the same time defines for each role, a summary of the intended activities and the necessary
the permissions for the implementation of these activities in the information system of the public
Administration.
(2) the system administrator role and at the same time the role of security administrator system
can perform one natural person only in the case that this is a
information system of public administration, which does not have ties with the information
the system of public administration, another administrator, and public authority established by the
and apply the appropriate security measures to eliminate the risks,
that would perform both roles one natural person may result.
(3) If the system administrator role referred to in paragraph 1 (b). and at the same time)
the system administrator security role referred to in paragraph 1 (b). (b))
one natural person, the public authority may combine safety
directive for the functioning of the security system administrator pursuant to § 10 para. 2
(a). (b)) with the system manual under section 10, paragraph 1. 1 (b). (b)).
section 13 of the
Range of operational documentation to be produced for attestation
When the public authority shall submit an attestation to the security policy
the public administration information system, if it is required to handle it
According to § 10 para. 2 (a). and).
PART THREE
FINAL PROVISION
§ 14
The effectiveness of the
This Decree shall enter into force on 1 January 2000. January 1, 2007.
Minister:
Mudr. Mgr. Langer in r.
1) for example, ISO/IEC 15288 systems engineering processes
the life cycle of the system.