What is Decree No. 360 / 2023 Coll.?

Decree No. 360 / 2023 Coll., on the long-term management of public administration information systems — Decree on the long-term management of public administration information systems.

When it became Decree No. 360 / 2023 Coll. effectiveness?

Decree No. 360 / 2023 Coll. became effective 01.07.2024.

Is Decree No. 360 / 2023 Coll. still valid?

Yes, Decree No. 360 / 2023 Coll. is still valid and effective.

Decree No. 360 / 2023 Coll. - Decree on the long-term management of pu...

360

DECLARATION

of 7 December 2023

on the long-term management of public administration information systems

The Digital and Information Agency provides pursuant to § 12 (1) (a) to (c) of Act No. 365 / 2000 Coll., on Information Systems of Public Administration and on the amendment of certain other laws, as amended by Act No. 261 / 2021 Coll. and Act No. 471 / 2022 Coll., to implement § 5 (2) (j) and (k), § 5a (2) to (4) and § 6o (4) thereof:

ČÁST PRVNÍ

INTRODUCTORY PROVISIONS

§ 1

Subject matter

This decree provides

(a) requirements for the structure and details of the information concept of a public authority and the procedures of public authorities in its establishment, publication and evaluation of compliance;

(b) requirements for the management of information systems of public administration (hereinafter referred to as the "information system") and for the decoupling of information systems;

(c) technical requirements for information systems;

(d) rules on the structure of data in information systems;

(e) requirements for the structure and formalities of the assessment of the economic benefits of the way in which information systems operate, the assessment of the economic advantages of the operation of information systems and the assessment of the economic advantages of the use of the requested cloud computing and the procedure for their implementation; and

(f) requirements for the structure and formalities of the operational documentation and the scope of the operational documentation submitted at the procedure.

§ 2

Definition of terms

For the purposes of this decree:

(a) IT management activities related to the creation, management, operation, use and development of information systems;

(b) the architecture of the public authority by applying the Authority's architecture method to the public authority as a whole;

(c) the method of the architecture of the Office of Knowledge and a description of the overall structure and behaviour of the Office as a system, which is expressed by the calculation of its elements, the key characteristics of these elements, the links between them, the key links of these elements to the surrounding area, and which is also expressed by the principles of the design and future development of the system;

(d) a method of architecture for dealing with knowledge and a description of the architecture of the information system, indicating how the information system meets the requirements laid down therein;

(e) the central shared service is an information system service provided through an information system managed by the central administration and intended to provide services to those information systems managed by other administrators;

(f) a component of the information system which is clearly separable from other parts of the information system and ensures targeted and systematic information activities;

(g) the eGovernment's open source code, the component source code for further use by another public authority;

(h) by the environment of the information system, the occurrence of a set of its components meeting a specific purpose within the life cycle of the information system;

(i) the production environment of the environment in which the information system is operated at the stage of production operation and test operation;

(j) the production operation of the operation in which the information system services are provided, with the exception of the test operation;

(k) production data

1. an indication whose management in the information system is the reason for the creation of the information system; and

2. data ensuring integrity, confidentiality and availability of data referred to in point 1;

(l) a shared element of the public authority's technological and communication infrastructure, part of an information system which is shared with at least one other information system;

(m) the stage of the life cycle of the information system or part thereof of the period between the two moments when a new or significantly altered set of services of that system is put into service;

(n) the phases of the life cycle of the information system or part thereof of the life-cycle phase having a different purpose, methods, activities and outputs from other parts of the stage.

ČÁST DRUHÁ

LONG-TERM MANAGEMENT OF INFORMATION SYSTEMS

HLAVA I

INFORMATION APPROACH TO THE PUBLIC GOVERNMENT AUTHORITY

§ 3

Structure and formalities of the public authority information concept

(1) The information concept of a public authority consists of:

(a) a plan for the development of the information systems of the public authority;

(b) the IT management plan; and

(c) documentation on the management of the public authority's information concept.

(2) The plan for the development of the information systems of the public authority contains:

(a) a description of the current state of architecture of the public authority;

(b) a description of the reasons for changing the architecture of the public authority;

(c) the proposed target state of architecture of the public authority; and

(d) a plan to implement changes to the information systems of the public authority.

(3) The IT management plan contains:

(a) a description of the current state of computer management;

(b) a description of the reasons for the changes in IT management;

(c) the proposed target state of computer management; and

(d) a plan to implement changes to achieve the target IT management status.

(4) The documentation on the management of the public administration information concept contains:

(a) the period of validity of the public authority information concept;

(b) procedures for assessing compliance with the public authority's information concept;

(c) procedures for making changes to the public authority's information concept; and

(d) amendments to the public authority's information concept.

§ 4

Issue and evaluation of compliance with the public authority information concept

(1) The public authority issues the information concept of a public authority for a period of 5 years.

(2) The public authority shall bring the public authority's information concept into line with the actual situation no later than 6 months after the date on which the public authority's information concept ceased to correspond to the actual situation.

(3) The public authority brings the public authority's information concept into line with the reality

(a) change sheets containing parts of the public authority's information concept that are being amended; or

(b) issuing a new information concept to the public authority.

(4) The public authority publishes the public authority's information concept in a way that allows remote access.

(5) The public authority shall carry out an assessment of compliance with the public authority's information concept at least every 2 years from the date of its issue or amendment.

HLAVA II

INFORMATION MANAGEMENT

§ 5

Informatics Management Areas

The areas of IT management are:

(a) strategy, planning and organisation of IT;

(b) the acquisition and modification of information systems;

(c) the operation of information systems;

(d) the provision of information system services; and

(e) attenuation, preservation and termination of information systems.

§ 6

Strategy, planning and organisation of IT management

Public administration in the field of strategy, planning and organisation of IT management

(a) establish and implement strategic management of IT;

(b) plan and evaluate the IT activities compared to the plan, in particular the acquisition, modification and operation of information systems;

(c) designate a department responsible for the management of IT and specify its tasks; and

d) sets and maintains IT management processes and provides the necessary tools.

§ 7

Acquisition and modification of information systems

Public administration in the field of procurement and changes to information systems

(a) ensure the resources necessary for the acquisition or modification of information systems;

(b) identify the requirements for information systems and the conditions for ensuring them;

(c) evaluate and, where necessary, ensure the conditions for the creation of verification concepts to verify the feasibility of the acquisition or modification of information systems;

(d) ensure the management of programmes and projects necessary for the acquisition and modification of information systems;

(e) manage changes to the information system at organisational and procedural level; and

(f) evaluate the usability of existing solutions and components with an open eGovernment source code for the information systems it manages.

§ 8

Operation of information systems

(1) Public administration in the field of the operation of information systems

(a) setting up an information system management system;

(b) monitor key parameters of the operation of information systems;

(c) manage the resources needed to meet service requirements, deal with operational incidents and operate information systems;

(d) manage the continuity of the operation of information systems;

(e) ensure security management of the operation of information systems; and

(f) evaluate the possibility of using central shared services provided by other public authorities.

(2) The public authority uses the domain name of the third or lower level at its website in domain .gov.cz, if the public authority is a public authority. Domina. gov.cz does not need to be used by a public authority, which is a public authority, if it ensures subsequent redirection to an Internet address using the .gov.cz. domain

§ 9

Provision of information system services

(1) The public authority in the field of the provision of information systems services establishes binding parameters of the services provided by information systems, evaluates their performance and gives guidance on remedies.

(2) The public authority shall publish the mandatory parameters referred to in paragraph 1 and evaluate their compliance on the basis of information obtained from the activity referred to in paragraph 1 in a way that allows remote access.

§ 10

Decrease, preservation and termination of information systems

The public authority in the area of attenuation, preservation and termination of information systems shall develop and keep up to date a strategy for the closure of information systems.

HLAVA III

OPERATIONAL DOCUMENTATION

§ 11

Structure of operational documentation

(1) The operational documentation of each phase of the information system life cycle consists of documentation sets

(a) planning the creation and development of an information system;

(b) procurement and contracts for the establishment and development of an information system;

(c) the status of the information system when put into production operation after its creation or development;

(d) plan and operational security;

(e) changes to the information system; and

(f) evaluation of the information system, including an assessment of the economic advantage.

(2) A public authority may process one operational documentation for several information systems, provided that the procedures for the establishment, administration, operation, use and development of such information systems are identical or common at the relevant stage of the life cycle. In that case, it shall include in the operational documentation information on which information systems the operational documentation is common.

(3) The public authority shall publish the set of dossiers referred to in paragraph 1 in a way that allows remote access; This does not apply if publication excludes other legislation1) or action or legal action required or permitted by such legislation.

(4) The information system administrator shall include the operational documentation documents in the type file and use the assigned information system identifier as the type file identifier. The type file shall be broken down into components of the type file which consist of sets of dossiers referred to in paragraph 1. Components of the type file shall be broken down into the parts to which the files of the operational documentation are inserted over a specified period of time; after this period, the parts are closed. Where one operational documentation for multiple information systems is processed in accordance with paragraph 2, it shall be established in the type file only once, a reference to the type file in which it is based is given in the files of the other information systems.

§ 12

Requirements for operational documentation

(1) The operational documentation shall include:

(a) the characteristics of the information system;

(b) a description of the architecture of the information system;

(c) a detailed description of the information system;

(d) safety documentation;

(e) operating rules;

(f) procedures and processes related to the operation of the information system;

(g) protocols related to the operation of the information system; and

(h) contractual and licensing documentation.

(2) The characteristics of the information system shall include at least:

(a) a reference to a record in the register of public administration information systems and private-law data use systems in which data on the information system are kept;

(b) the effects on the information system and the expected changes and objectives of the information system;

(c) an overview of the decoupling of the information system into components, indicating the evaluated security level of the information system and its individual components; and

(d) an overview of the indicators for assessing the economic benefits of the operation and how the information system operates.

(3) The description of the architecture of the information system contains at least documentation at the level of detail of the architecture method of the Office and the architecture method of the solution.

(4) A detailed description of the information system shall include at least:

(a) requirements imposed on the information system when it is created or developed;

(b) a list of the components and shared elements of the technological and communication infrastructure necessary for the operation of the information system;

(c) a description of the programme interfaces;

(d) a description of the planned and implemented changes to the information system;

(e) a list of the components of the information system, their links and links to other information systems;

(f) an overview of the available functions and services of the information system;

(g) a summary of the data recorded and their structure;

(h) an overview of the deficiencies detected and the corrections made to the information system; and

(i) the duration of the planned lifetime of the information system.

(5) A public authority not subject to obligations in the field of cyber security under the law governing cyber security provides for at least the procedures for:

(a) an assessment of the impact of breaches of availability, confidentiality and integrity of information in the information system;

(b) how to deal with and respond to security incidents and security incidents, collect and evaluate cyber security incidents and incidents;

(c) ensuring the operation of information systems and information security in information systems;

(d) the development of security awareness and the way in which it is controlled;

(e) ensuring the security of the communication network; and

(f) ensuring business continuity management.

(6) The operating rules shall include at least:

(a) the operational time of the information system;

(b) the parameters of the information system services provided;

(c) user support information;

(d) rules on the downtime of the information system;

(e) rules to avoid disproportionate operating loads and incorrect use of the information system or its services; and

(f) conditions for connection to information system services.

§ 13

Scope of the operational documentation submitted at the procedure

The public authority shall submit the operational documentation to the extent necessary in accordance with § 12 (1) (a) to (h).

HLAVA IV

MANAGEMENT OF THE ENVIRONMENTAL CYCLE OF THE INFORMATION SYSTEM

§ 14

Information system life cycle management organisation

(1) The public authority designates for the management of each information system a material administrator and a technical administrator.

(2) The material administrator lays down requirements for information system services and the provision of information system services satisfying those requirements.

(3) The technical administrator shall ensure:

(a) design and implementation of the information system in terms of compliance

1. requirements for information system services referred to in paragraph 2; and

2. the requirements for technical and programming means laid down by legislation governing information or communication technologies, public administration information concepts and operational documentation, and the information system managed by the public administration for which binding government resolutions are also the information concept of the Czech Republic and other government resolutions on information or communication technologies,

(b) the processing of operational documentation and its up to date.

§ 15

Information system life cycle phase

The lifecycle phases of the information system are:

(a) strategic planning of the creation and development of the information system;

(b) planning and preparing the creation and development of an information system;

(c) implementation of the establishment and development of the information system;

(d) the production operation of the information system;

(e) evaluation of the life cycle of the information system; and

(f) the end of the life cycle of the information system.

§ 16

Strategic planning of the creation and development of the information system

(1) A material administrator in the strategic planning phase of the information system

(a) identify the motivation for the creation or development of the information system, compare it with the existing state of the architecture of the public administration and implement strategic planning of the establishment or development of the system by updating the public administration's information concept;

(b) draw up and approve an investment plan following a plan in the information concept of a public authority and, in the case of a designated information system, receive the comments of the Digital and Information Agency; and

(c) set out the objectives which it wishes to achieve by creating or developing an information system, or refer to the current strategic objectives of the public administration or of the Czech Republic, the fulfilment of which will be supported by the planned information system.

Citation	Decree No. 360 / 2023 Coll., on the long-term management of public administration information systems
Regulation Type	Order
Author	-
Collection	Code of Laws

Date of Promulgation	15.12.2023
Effective from	01.07.2024
Effective until	-
Status	Valid

Decree No. 360 / 2023 Coll.

Decree on the long-term management of public administration information systems

Contents

ČÁST PRVNÍ

§ 1

§ 2

ČÁST DRUHÁ

HLAVA I

§ 3

§ 4

HLAVA II

§ 5

§ 6

§ 7

§ 8

§ 9

§ 10

HLAVA III

§ 11

§ 12

§ 13

HLAVA IV

§ 14

§ 15

§ 16

§ 17

Contents

Comments 0

Regulation Information

Public Contracts 5

Partner Websites

Favorites

Browsing History