Rs 172.010.58 Order Of 9 December 2011 On Computing And Telecommunications In The Federal Administration (Ordinance On Computing In The Federal Government, Olaf)

Original Language Title: RS 172.010.58 Ordonnance du 9 décembre 2011 sur l’informatique et la télécommunication dans l’administration fédérale (Ordonnance sur l’informatique dans l’administration fédérale, OIAF)

Subscribe to a Global-Regulation Premium Membership Today!

Key Benefits:

Subscribe Now for only USD$20 per month, or Get a Day Pass for only USD$4.99.
172.010.58 order on information technology and telecommunications in the Swiss Federal administration (information technology in the Federal Government, OLAF Ordinance) of December 9, 2011 (Status January 1, 2016) the federal Council, view the art. 43 and 47 of the Act of 21 March 1997 on the Organization of Government and administration (LOGA), stop: Chapter 1 provisions general art. 1 purpose this order sets the tasks and skills relating to control and management of the use of the technologies of information and communication (ICT) in the Federal Government.

Art. 2 scope this order applies to the administrative units of the central federal administration within the meaning of art. 7 of the order of 25 November 1998 on the Organization of Government and administration (OLOGA).
The authorities and offices listed below can, subject to other organization provisions in federal law, engage through an agreement to respect this order and the directives based on it: a. decentralized units of the federal administration within the meaning of art. 7A OLOGA; b. the other federal authorities; (c) the organizations and people of public or private law external to the Federal Government that are entrusted to the administrative tasks of the Confederation (art. 2, para. 4, LOGA); d. Confederation close institutions that pursue a goal of public interest and want to use the services of internal providers referred to in Chapter 5 section 3.

SR 172.010.1 art. 3 definitions an ICT strategy includes the following: a. a basic strategy, which defines the major lines of principles applicable to ICT, general orientation and planned ICT development; b. the basics on organizational and technical aspects (architectures), that define the objectives targeted; c. a master plan, which describes the changes necessary to achieve the objectives on both time and material.

ICT management includes the design, the enactment and updating ICT strategies as a framework, as well as the enactment conditions and the updating of guidelines arising from it and ICT that are subordinate to them.
Is meant by ICT management operational tasks by benefit recipients (requirements management, acquisition, projects, management control, management, management of service level agreements, etc.) in compliance with the directives in force.
The guidelines subordinate to the ICT strategy are: a. ICT processes; b. architecture of ICT; c. ICT standards; d. guidelines on ICT security; e. control of ICT management.

ICT processes determine the way in which ICT-related tasks must be accomplished.
ICT architecture determines ICT components and their articulation in support of business processes.
ICT standards stem from the architecture of the ICT, and determined through them, from the point of view of profitability, interoperability, flexibility and security, the functions, interfaces and computer products that need to be developed or used in a similar way.
ICT security includes measures to protect the integrity and the availability of ICT systems, as well as the confidentiality, integrity, availability and the traceability of the data stored, processed, and transferred in these systems.
ICT management control includes the collection, processing, verification and interpretation of information used to control and management of the use of ICT.
A standard service is a provision ICT managed centrally, frequently used in Government and in response to same or similar benefits requirements.
Safety information includes measures to protect vital infrastructure such as energy supply systems, logistics systems and the healthcare system.

Chapter 2 principles steering and management of ICT art. 4 ICT objectives are designed and used in ways that provide optimal support for the business processes of the administrative units. In doing so, the principles of opportunity, profitability and security must be respected.

Art. 5 management of the use of ICT in the federal Council sets the Federal ICT strategy.
The federal Department of Finance (FDF) ensures the implementation of the Federal ICT strategy.
In their respective areas, the departments and the Federal Chancellery regulate piloting and the management of ICT, under the directives in force.

Art. 6 legal basis, data protection and information security the use of ICT requires: a. that sufficient legal bases already exist or will be created; b. that the protection of data relating to individuals is guaranteed; c. the full security of the information is guaranteed.

Art. 7 strategies for the information society the ICT applications and projects must meet the objectives and guidelines of the strategy of the federal Council for a company information.

Art. 8 coordination and documentation in the implementation strategies and guidance for ICT, managers of projects and applications ensure organizational and methodological coordination.
They ensure particularly that be reflected, in updated form, and for each project or application, the way in which are taken into account the conditions laid down in art. 6 as well as the objectives and guidelines set out in art. 7 art. 9 acquisition of the benefits departments and the Federal Chancellery, or administrative units, manage the use of ICT in their respective fields.
After consultation with the beneficiaries concerned benefits and providers concerned internal benefits and under market and external benchmarking analysis, the Department or the Federal Chancellery decides: a. If a service ICT must be provided internally or acquired outside; b. what internal provider delivering ICT will be granted as appropriate.

The federal Council decides the market model for which is standard services.
The provisions of the legislation on public procurement are reserved.

Chapter 3 safety of ICT and special staff responsible for the safety of information art. 10 ways and data protection ICT administrative units are responsible for the protection of their systems and applications in ICT and data to protect (items to be placed under protection).
They regularly review the items to place under protection and take the necessary security measures.

Art. 11 reports and communication any administrative unit, organisation or person subject to this order and having knowledge of events in relation to the safety of the objects to be placed under protection shall inform: a. the unit of computer control of the Confederation (UPIC); b. the delegate to the security of his Department or the Federal Chancellery.

At year end, the departments and the Federal Chancellery shall report to the UPIC on the implementation of security measures.
On the basis of these reports, the UPIC informs every year the federal Council of the State of security in ICT.

Art. 12 special staff responsible for the safety of the FDF information establishes a special staff responsible for information security, composed of representatives of the federal administration, the cantons and economic circles.
The special staff assists the supreme governing bodies of politics and the economy crises triggered by severe disruption affecting the information infrastructure.
The computer control of the Confederation delegate in the Presidency.
The special staff develops an internal regulation that defines the details of its organization and its work.

Chapter 4 Participation of the Confederation to the harmonization of the specialized police applications art. 13. services of the Confederation that handle specialized applications of police work with the cantons to harmonise these applications.
The terms of this cooperation, including the creation of organs common to the Confederation and the cantons, are laid down in an agreement with the cantons.
Under this order and in accordance with the agreement with the cantons, the departments concerned may conclude agreements of performance for different projects. In doing so, they shall respect the guidelines of this order.
They inform the joint bodies of ongoing and future projects in the field of specialized applications of police and ensure that they are consistent with the decisions taken by the joint bodies.

Chapter 5: Organization and powers Section 1 bodies art. 14 federal Council federal Council:

a. defines the Federal ICT strategy; b. defines standard services and their market models; c. monitor the implementation of the federal strategy for ICT through management control and fixed measures if necessary; d. decide in what areas should adopt or adapt guidelines for ICT; e. shall issue instructions on ICT security; f. Decides as part of the budget process, the allocation to projects ICT resources budgeted centrally; g. Decides if there are discrepancies between the departments, the Federal Chancellery and the UPIC; h. allows exceptions to its guidelines.

Art. 15 conference of Secretaries General Conference of Secretaries General (CSG) evaluates records on ICTS at the federal level from the point of view of the operational management of business (interest of business in terms of ICT processes).
She took part in the preparation of important Affairs of the federal Council relating to ICT.

Art. 16 federal Department of Finance FDF the develops the Federal ICT strategy.
He shall issue administrative orders as part of its tasks.

Art. 17 the Confederation the UPIC computer control unit's tasks: a. to prepare ICT Affairs of the federal Council and carry out the mandates resulting and entrusted to the federal Council; (b) to take note of the requirements of the departments and the Federal Chancellery, and to propose to the FDF to the federal Council the corresponding standard services, including market model and definition of roles for the acquisition of services. In doing so, it brings evidence of economic utility; c. to manage standard it services. It assumes particular management requirements, the planning, the responsibility of the requisitioning or - when it comes to beneficiaries internal - acquisitions, release planning, the regulation of the general funding and control of the quality of the services provided as well as the management of contracts; (d) to define guidelines for ICT at the level of the Confederation as part of the ICT strategy defined by the federal Council. It identifies for this purpose the requirements of departments and the Federal Chancellery. She is responsible for the financial management of ICT at the federal level, as well as instruments to support the Steering and management of ICT, including management of ICT and ICT portfolio management control; (e) to decide on exceptions to the guidelines that it has enacted; f. decision on the proposals of the departments the Federal Chancellery and administrative units related to special regulations concerning the granting of rights and important mandates from the point of view of security, particularly in connection with the firewall, access rights and privileges. In case of risk to the Federal Government, she decides to measures of specific ICT security; (g) to investigate, as an expert and on behalf of a Department or the Federal Chancellery, on supposed or proved in relation to security events; h. to appoint the delegate security of Confederation; i. to direct the central recording and analysis for the security of information (MELANI) in collaboration with the Department of information of the Confederation; j. driving ICT programs. k to ensure the operational management of the Swiss eGovernment; l. to direct "Service of the technologies of information in public procurement" (art. 21 of the O from 22 nov 2006 on the Organization of the procurement of the Confederation).

She collaborates with the cantons, relevant organizations, business circles and foreign partners; She represents the Confederation in the organizations concerned.
It sets up bodies as part of its tasks. The departments and the Federal Chancellery designate their representatives, who must meet the requirements and have the necessary expertise.
It can delegate minor scope decisions concerning derogations from its guidelines for ICT, requirements for exploitation of ICT or the conduct of projects and programs including: a. the departments and the Federal Chancellery; b. to program or project organizations.

[RO 2006 5613 2009 6149 ch. 2, 2010 3175 III annex 3 ch. 3, 2011 6093 annex c. 2] RO 2012 5935 art. 39 al. 1]. see currently O from 24 oct. 2012 on the Organization of the procurement of the federal administration (RS 172.056.15).

Art. 18 Council of Informatics of the Confederation Council of Informatics of the Confederation (CI) consists of the delegate in the steering of ICT (art. 20A of the O of 17 Feb 2010 on the organisation of the federal Department of Finance) and a representative named in each Department and the Federal Chancellery. The delegate in the Presidency.
A representative of the Federal Administration of Finance (AFF), of the Federal data protection and transparency (FDPIC), suppliers of internal services and the Services of Parliament may participate with voice but without vote. It is possible to appeal to other people in an advisory role if necessary.
The CI is the consultative body of the UPIC for affairs relating to ICTS which requires the approval of the departments and the Federal Chancellery, especially for the enactment of directives and approval of exceptions to their application.

SR 172.215.1 art. 19 Committee for computer security computer security (C - SI) Committee includes delegates to the security departments and the Federal Chancellery.
A representative of the federal Finance (CDF) control, the FDPIC and the Services of Parliament can participate with voice but without vote. It is possible to appeal to other people in an advisory role if necessary.
The C - SI is headed by the Federal computer security officer.
It is the consultative body of the UPIC for ICT security questions.

Art. 20 Steering Committee of support processes the support processes (CPPS) Steering Committee consists of a representative of the UPIC and a representative: a. Aff; (b) of the federal Office for buildings and logistics (FBL); (c) of the federal Office of personnel (FOPER); d. armasuisse (logistics & Real Estate DDPS).

The representative of the UPIC to the Presidency.
A representative of the federal Office of Informatics and telecommunications and a representative of the command (LAC) support Base participate with voice but without vote.
He coordinates the decisions between AFF, the FOPER, FBL, logistics and real estate of the RFSP and the UPIC in support of ICT, support processes used in all of the Federal Finance administration, personnel, construction, logistics, controlling purchases and real estate management.

New content according to section III 2 of the O from 18 nov. 2015, in force since Jan. 1. 2016 (2015 4873 RO).

Section 2 benefits art. 21 principles benefit recipients are the units and services referred to in art. 2. the beneficiaries are responsible for respect guidelines for ICT and the decisions of the federal Council, the FDF, the UPIC and of the departments or the Federal Chancellery in their respective areas of expertise.

Art. 22 beneficiaries beneficiaries tasks using ICT in a cost-effective way and establish a budget accordingly.
They enter into agreements and project benefits with service providers agreements and establish a portfolio of their studies, projects and applications (ICT portfolio).
They ensure, by appropriate management control, senior services have at all times the necessary management and control information.

Section 3 suppliers of internal services art. 23 principles each Department has a service provider inside the most.
Internal service providers are responsible for the respect guidelines for ICT and the decisions of the federal Council, the FDF, the UPIC and of the departments or the Federal Chancellery in their respective areas of expertise.

Art. 24 duties of suppliers of internal services internal service providers provide beneficiaries the benefits ICT pursuant to project agreements and service agreements concluded.
They hold a full cost accounting and present to the UPIC, periodically and to transparently, the costs and revenues related to standard services.
They guarantee the operational provision of standard services for which they assume the roles defined by the federal Council in the market model. In this context, they are responsible for operations, including operational coordination with other providers of services required.

Section 4 Acquisition of ICT services from external suppliers


Art. 25 procedure the procedure for the acquisition of ICT services from external suppliers is governed by: a. the Act of 16 December 1994 on public procurement; (b) the order of 11 December 1995 on public procurement; c. the order of November 22, 2006 on the Organization of public procurement in the Federal Government; (d) the order of 5 December 2008 concerning the management of the estate and the logistics of the Confederation;

In the case of acquisitions of services from an external vendor, ICT guidelines are an integral part of the tender file.
The recipient of the benefits checks compliance with guidelines for ICT by the external provider appropriately.

RS 172.056.1 RS 172.056.11 [RO 2006 5613 2009 6149 ch. 2, 2010 3175 III annex 3 ch. 3, 2011 6093 annex c. 2] RO 2012 5935 art. 39 al. 1]. see currently O from 24 oct. 2012 on the Organization of the procurement of the federal administration (RS 172.056.15).
SR 172.010.21 art. 26 - model contracts for the acquisition of ICT services from outside suppliers, the contracting authority shall comply with existing contracts.

Chapter 6 financial ICT management and audit of computer art. 27 financial ICT management budgeting and accounting for the resources allocated to ICTS are in principle in a decentralized manner, in accordance with the provisions of the law of 7 October 2005 on finance.
The UPIC manages resources budgeted centrally for the provision of standard services. As a general rule, the exploitation of standard services is budgeted decentrally by benefit recipients and them is charged according to the accrued benefits. Recipients of benefits take into account the aspects of quantitative and qualitative standard services through service level agreements (service agreements).
The UPIC manages resources budgeted centrally for projects which, according to the plan, cannot be funded by administrative units.
It manages centrally for non scheduled projects budgeted resources.

RS 611.0 art. 28 audit the audit of Informatics computer obeys the principles of financial supervision within the Confederation.
It is performed by the CDF.
The departments and the Federal Chancellery may offer some items for the audit of Informatics to the CDF.

Chapter 7 provisions final art. 29 repeal and amendment of existing law the order of 26 September 2003 on information technology in the Federal Government is repealed.
The amendment of the law in force is regulated in the annex.

[RO 2003 3687, 2007 3401 art. 22 par. 2, 2010 635 annex c. 2, 2011 4491]

Art. 30 entry into force this order comes into force on January 1, 2012.

Annex (art. 29, para. 2) amendment of the law in force...

Mod. can be found at the RO 2011 6093.

Status January 1, 2016

Related Laws