Key Benefits:
November 30, 2012 (State 1 Er July 2014)
The Swiss Federal Council,
See art. 57 H , para. 3, of the Act of 21 March 1997 on the Organisation of Government and Administration (LOGA) 1 ,
Stops:
1 The federal government deals in principle with electronic business management systems (GEVER systems), which are important documents for business. The documents in which the activity of the administration is recorded within the meaning of Art are considered as such. 22 of the Order of 25 November 1998 on the Organisation of Government and Administration (OLOGA) 1 .
2 The federal government's GEVER systems are designed to ensure that cases are processed in accordance with the law, on the basis of processes, in a verifiable, systematic, transparent, secure and economic manner.
3 No classification system can be used in conjunction with GEVER systems for important business documents.
This order is for the federal government's GEVER systems:
1 This Order applies to:
2 The departments and the Federal Chancellery may submit to this ordinance the administrative units of the decentralised federal administration within the meaning of Art. 7 A In connection with art. 8, para. 1, let. B, and 2, OLOGA attached to them if they are not entitled to carry out the archiving themselves.
3 A regulation within the meaning of s. 7 is enacted for the processing of documents that are important to business that is to be temporarily out of the federal government's GEVER systems. Art. 12 and 14 shall apply mutatis mutandis.
4 Systems governed by other provisions and applications in which no personal data is processed are not subject to this order.
This Order applies the following definitions:
1 The administrative units subject to this order shall select a GEVER system corresponding to the authorised standards.
1 Repealed by c. I of the O of 14 March 2014, with effect from 1 Er Jul. 2014 ( RO 2014 723 ).
Responsible for data processing:
The administrative units that manage a GEVER system make a processing regulation within the meaning of s. 21 of the Order of 14 June 1993 on the Federal Data Protection Act 1 .
The administrative units report their GEVER systems as files to the Federal Data Protection and Transparency Prelay, in accordance with Art. 11 A , para. 2, of the Federal Law of 19 June 1992 on Data Protection 1 .
The classification systems of the GEVER systems are set up so as not to betray documents containing sensitive data, personality profiles or classified information.
1 For the conversion of physical documents into electronic documents or vice versa, or an electronic form in another (conversion of documents), the Federal Chancellery shall issue directives regulating:
2 Documents seized pursuant to these directives are of original value.
3 The original paper documents are destroyed three months after their digitization. It is prohibited to destroy documents:
The Federal Chancellery defines the electronic signature to be used and, in agreement with the Federal Archives, the file format of the documents that are processed in the GEVER systems and which must be signed.
1 The processing of documents in the GEVER systems is carried out in such a way as to prevent unauthorised persons from consulting them.
2 Documents that contain sensitive personal data, personality profiles or classified information CONFIDENTIAL are encrypted in the GEVER systems. They are also transferred from these systems.
3 Documents classified as SECRET cannot be processed in the GEVER systems.
1 Users can transfer a document from their own GEVER system to another system, but cannot access from their system to a document stored in another GEVER system.
2 The exchange of documents between the GEVER systems is carried out by means of secure transmission.
3 The Federal Chancellery designates the product to be used, in accordance with the Confederation Information Technology Unit.
The GEVER systems are managed using a two-factor authentication procedure, in accordance with the IT Security Directives.
1 The GEVER systems record access to documents, printing and transfer of documents in a log, as well as changes to the rules protecting access to documents, including encryption.
2 The newspapers are kept for two years, in accordance with the order of 24 April 2002 concerning the keeping and keeping of account books 1 .
1 The data processing body shall document in a programme measures to ensure the security of the information. This program is regularly reviewed and if necessary updated.
2 If risks remain despite the implementation of the planned measures, they are identified with their potential consequences and communicated in writing to those responsible.
1 On the proposal of the Steering Committee, the Conference of Secretaries General approves the GEVER strategy of the Federal Government.
2 On the proposal of the Steering Committee, it coordinates the financing of the implementation of the strategy.
3 On a proposal from the Federal Chancellery, it approves the organisational directives necessary for the uniform operation of the GEVER systems.
4 On a proposal from the Federal Chancellery, it approves the GEVER documentation. It consists of:
1 The Steering Committee has representatives from:
2 The Federal Chancellery chairs the committee.
3 Each department and the Federal Chancellery have one vote.
4 The Steering Committee:
The Federal Chancellery:
The Federal Archives:
The Technical Standards Unit of the Confederation sets technical standards to ensure data security.
The administrative units subject to this order shall themselves select the benefit providers for their GEVER systems, unless the Federal Council has restricted this choice to one or more standard services, pursuant to Art. 14, let. B, of the December 9, 2011 Ordinance on Information Technology in the Federal Government 1 .
1 RS 172.010.58
The acquisition, operation, maintenance and development of the GEVER systems are financed by the budgets of the administrative units concerned.
1 The departments and the Federal Chancellery shall issue the necessary directives.
2 Regulations for treatment within the meaning of s. 7, the information security program within the meaning of s. 16 and the possible directives of the administrative units shall be notified to the Federal Chancellery.
1 The administrative units of the Confederation whose GEVER systems are not in conformity with this order shall make the necessary adaptations by 30 June 2018 at the latest.
2 If unavoidable and unforeseeable circumstances prevent them, the responsible department may propose to the Federal Chancellery, for the Federal Council, that the deadline be extended until 31 December 2019 at the latest.
1 New content according to the c. I of the O of 14 March 2014, in force since 1 Er Jul. 2014 ( RO 2014 723 ).
This order shall enter into force on 1 Er January 2013.