Decree No. 317 / 2014 Coll.
Decree on major information systems and their defining criteria
Valid
Effective from 01.01.2015
317
DECLARATION
of 15 December 2014
on major information systems and their defining criteria
The National Security Office and the Ministry of Interior provide, pursuant to Section 28 (1) of Act No. 181 / 2014 Coll., on Cyber Security and on the amendment of related laws (Cyber Security Act) ("the Act '):
Subject matter
This decree sets out important information systems and their defining criteria under Section 6 (d) of the Act.
Important information systems
(1) An important information system under § 2 (d) of the Act is an information system, the administrator of which is a public authority, which is an organisational component of the state, region or capital of Prague, used in the exercise of the powers of the public authority to ensure
(a) electronic mail, where it is intended for use in the exercise of public authority,
(b) control, inspection or state surveillance activities;
(c) the exercise of public authority in preparation for and addressing crisis situations;
(d) the performance of the file service;
(e) keeping an official record in a way that allows remote access;
(f) international cooperation; or
(g) procurement.
(2) Furthermore, an important information system under § 2 (d) of the Act is also an information system managed by a public authority which fulfils the criteria set out in § 3.
(3) An important information system is not an information system whose administrator is a municipality.
(4) The relevant information system referred to in paragraph 1 shall fulfil the defining criteria.
Indicative criteria
(1) A determining criterion is the fact that a breach of the security of information in an information system not referred to in § 2 (1) could result in:
(a) limitation or disruption of the provision of services or information by a public authority to the public;
(b) limitation or disruption of the management of a public authority;
(c) other restrictions or disturbances on the functioning of a public authority;
(d) limitation or disruption of the functioning or management of another authority or person pursuant to Article 3 of the Act, or restriction or disruption of the provision of services or information to the public by that authority or person;
(e) interference in personal life or in the rights of natural or legal persons affecting at least 50 000 persons; or
(f) threats or disturbances of the public interest;
and this limitation, disruption, intervention or threat cannot be averted without incurring disproportionate costs.
(2) The public authority shall keep a list of all the information systems it is the controller of and, for each information system not referred to in Article 2 (1), shall assess compliance with the criteria referred to in paragraph 1. The information system administrator shall keep a written record of the outcome of the assessment, which shall be included in the list according to the first sentence.
Efficacy
This Decree shall enter into force on 1 January 2015.
Director:
Ing.
Minister of Interior:
Breeding v. r.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 317 / 2014 Coll., on Important Information Systems and their determining criteria |
|---|---|
| Regulation Type | - |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 19.12.2014 |
|---|---|
| Effective from | 01.01.2015 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0