Decree No. 360 / 2020 Coll.
Decree amending Decree No. 317 / 2014 Coll., on major information systems and their determining criteria, as amended by Decree No. 205 / 2016 Coll.
Valid
Order
Effective from 01.01.2021
360
DECLARATION
of 18 August 2020
amending Decree No 317 / 2014 Coll., on major information systems and their determining criteria, as amended by Decree No 205 / 2016 Coll.
The National Bureau of Cyber and Information Security and the Ministry of the Interior provide, pursuant to § 28 (1) of Act No. 181 / 2014 Coll., on Cyber Security and on the amendment of related laws (the Cyber Security Act) (hereinafter referred to as "the Act '):
Decree No. 317 / 2014 Coll., on Important Information Systems and their determining criteria, as amended by Decree No. 205 / 2016 Coll., is amended as follows:
1. Paragraph 2, including the title, reads:
Important information systems
(1) An important information system under Section 2 (d) of the Act is an information system, the administrator of which is a public authority, which is an organisational component of the state, region or capital of Prague, used to ensure
(a) electronic mail, if it is intended for use in the exercise of public authority; or
(b) control, inspection or surveillance activities.
(2) Furthermore, an important information system under § 2 (d) of the Act is also an information system managed by a public authority which fulfils the criteria set out in § 3.
(3) An important information system is not an information system whose administrator is a municipality.
(4) The important information system referred to in paragraph 1 meets the defining criteria. "
2. Paragraph 2 (1) reads as follows:
"(1) An important information system under Section 2 (d) of the Act is an information system, the administrator of which is a public authority, which is an organisational component of the state, region or capital of Prague, used to ensure
(a) electronic mail, where it is intended for use in the exercise of public authority,
(b) control, inspection or state surveillance activities;
(c) the exercise of public authority in preparation for and addressing crisis situations;
(d) the performance of the file service; or
(e) the keeping of the official plate in a way that allows remote access. ';
3. Paragraph 2 (1) reads as follows:
"(1) An important information system under § 2 (d) of the Act is an information system, the administrator of which is a public authority, which is an organisational component of the state, region or capital of Prague, used in the exercise of the powers of the public authority to ensure
(a) electronic mail, where it is intended for use in the exercise of public authority,
(b) control, inspection or state surveillance activities;
(c) the exercise of public authority in preparation for and addressing crisis situations;
(d) the performance of the file service;
(e) keeping an official record in a way that allows remote access;
(f) international cooperation; or
(g) procurement. ';
4.
Indicative criteria
(1) A determining criterion is the fact that a breach of the security of information in an information system not referred to in § 2 (1) could result in:
(a) limitation or disruption of the provision of services or information by a public authority to the public;
(b) limitation or disruption of the management of a public authority;
(c) other restrictions or disturbances on the functioning of a public authority;
(d) limitation or disruption of the functioning or management of another authority or person pursuant to Article 3 of the Act, or restriction or disruption of the provision of services or information to the public by that authority or person;
(e) interference in personal life or in the rights of natural or legal persons affecting at least 50 000 persons; or
(f) threats or disturbances of the public interest;
and this limitation, disruption, intervention or threat cannot be averted without incurring disproportionate costs.
(2) The public authority shall keep a list of all the information systems it is the controller of and, for each information system not referred to in Article 2 (1), shall assess compliance with the criteria referred to in paragraph 1. The information system administrator shall keep a written record of the outcome of the assessment, which shall be included in the list according to the first sentence. ';
footnote 1 is deleted.
(5) Sections 4 and 5 shall be deleted, including the headings and footnotes No 2.
6. Annexes 1 and 2 are deleted.
Efficacy
This Decree shall take effect on 1 January 2021, with the exception of Article I (2), which shall take effect on 1 January 2022, and the provisions of Article I (2). I, point 3, which shall take effect on 1 January 2023.
Director:
Ing. Greece
Minister of Interior:
Hamlet v. r.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 360 / 2020 Coll., amending Decree No. 317 / 2014 Coll., on major information systems and their defining criteria, as amended by Decree No. 205 / 2016 Coll. |
|---|---|
| Regulation Type | Order |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 04.09.2020 |
|---|---|
| Effective from | 01.01.2021 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0