Decree No. 529 / 2006 Coll.
Decree on the structure and content of the information concept and operational documentation and on the requirements for the management of the safety and quality of public administration information systems (Decree on the long-term management of public administration information systems)
Valid
Order
Effective from 01.01.2007
Text versions:
01.01.2007
06.12.2006
529
DECLARATION
of 23 November 2006
on the structure and content requirements of the information concept and operational documentation and on the safety and quality management requirements of public administration information systems (Decree on long-term management of public administration information systems)
The Ministry of Informatics provides pursuant to § 12 (1) (e) and (f) of Act No. 365 / 2000 Coll., on Information Systems of Public Administration and on the amendment of certain other laws, as amended by Act No. 81 / 2006 Coll., (hereinafter referred to as "the Act ') for the implementation of § 5a (1) to (3) of the Act:
Subject matter
This decree provides
(a) the requirements for the structure and content of the information concept, the procedures of public authorities in drawing it up, issuing it, evaluating its compliance and the requirements for the management of the security and quality of public administration information systems under Section 5a (1) of the Act;
(b) the requirements for the structure and content of the operational documentation referred to in Section 5a (2) of the Act and the scope of the operational documentation submitted at the procedure referred to in Section 5a (3) of the Act.
INFORMATION APPROACH
Content and structure of the information concept
(1) The public authority shall indicate in the information concept:
(a) the characteristics of each public administration information system of which it is the administrator, the brief characteristics of its current situation and the expected changes in that system;
(b) projects for the acquisition or creation of new public administration information systems;
(c) long-term objectives in the field of quality management of public administration information systems, quality requirements and the quality management plan referred to in Article 3;
(d) long-term objectives in the field of security management of public administration information systems, safety requirements and the safety management plan referred to in Article 4;
(e) a set of basic rules (hereinafter referred to as the "principles") for the management of public administration information systems, including procedures to implement them;
(f) the method of financing the projects referred to in (b), the long-term objectives referred to in (c) and (d) and the management of the public administration information systems referred to in (e);
(g) procedures for assessing compliance with the information concept referred to in Article 7 and for making amendments thereto pursuant to Article 6;
(h) the functional classification of the staff member or the designation of another natural person or the name of the organisational body which directs the implementation of activities leading to the achievement of the objectives, the fulfilment of the principles and the application of the procedures set out in the information concept and the fulfilment of obligations laid down by law by the public authority;
(i) the period of validity of the information concept.
(2) The public authority shall characterise the different public administration information systems referred to in paragraph 1 (a) by:
(a) characterises each public administration information system separately; or
(b) two or more public administration information systems are characterised as subsystems of one public administration information system.
(3) The principles governing the management of public administration information systems, including the procedures for their implementation, as referred to in paragraph 1 (e), are always laid down by the public authority for the areas:
(a) the acquisition and creation of public administration information systems;
(b) the operation of public administration information systems, including their changes and development.
Long-term quality management objectives
(1) The public authority shall, in accordance with Article 2 (1) (c), set the long-term objectives it intends to achieve in the field of management of the quality of public administration information systems; These objectives are always
(a) ensuring the quality of data processed in these systems;
(b) ensuring the quality of technical and programme resources under Section 2 (a) of the Act;
(c) ensuring the quality of the services provided through these systems.
(2) In order to achieve the objectives referred to in paragraph 1, the public authority shall establish quality requirements in the information concept.
(3) A quality management plan shall be established by the public authority in the information concept, which shall include a description of the activities carried out by the public authority in order to achieve the established quality requirements of the public administration information systems, including a timetable for their implementation.
Long-term safety management objectives
(1) The public authority shall set long-term objectives for the management of the security of public administration information systems in accordance with Article 2 (1) (d); These objectives are always
(a) the security of data processed in these systems;
(b) the security of technical and programme resources under Article 2 (a) of the Act;
(c) the security of the services provided through these systems.
(2) In order to achieve the objectives referred to in paragraph 1, the public authority shall set out requirements for the security of public administration information systems in the information concept.
(3) A safety management plan shall be established by the public authority in the information concept, containing a description of the activities carried out by the public authority in order to achieve the security requirements for public administration information systems, including a timetable for their implementation.
Procedure for creating an information concept
(1) The public authority shall define in the information concept the long-term objectives, principles and procedures referred to in Article 2 (1), taking into account:
(a) data processed in public administration information systems;
(b) services provided through public administration information systems;
(c) the technical and programming resources used pursuant to Article 2 (a) of the Act.
(2) If a public authority has operational information systems that have links to public administration information systems pursuant to Section 3 (5) of the Act, it describes in the information concept
(a) such links; or
(b) operational information systems, similar to public administration information systems, where it considers it appropriate to set long-term objectives, principles and procedures in accordance with Article 2 (1) for all the information systems it operates from the point of view of their efficient management.
Approval of the information concept and changes to the information concept
(1) Data on the approval of the information concept or its individual versions are recorded in the structure
(a) an indication of the version of the information concept;
(b) the name and, where applicable, the name and surname of the staff member or other natural person or persons who have processed the information concept or its version;
(c) the name and, where applicable, the name and surname of the staff member, another natural person or authority which has approved the information concept or its version;
(d) the date of approval.
(2) Where a public authority makes a change to the information concept in accordance with the principles and procedures set out in Section 2 (1) (g) and the wording of this information concept is approved, a new version of the information concept shall be created. It may be amended by creating a new document or by attaching a supplement to an existing document.
(3) Each version of the information concept, which was created by making changes to the previous version of the information concept, shall always include a description and justification of the change and identification of the relevant part of the document that has been amended.
(4) During the period covered by the information concept, the public authority shall make changes to the information concept in such a way as to ensure that the content of the concept is always consistent with the actual situation and the actual requirements of the public authority.
Evaluation of compliance with the information concept
(1) The public authority shall evaluate compliance with the information concept in accordance with the principles and procedures laid down in Article 2 (1) (g), draw conclusions from the evaluation and take measures to address the deficiencies identified; it shall evaluate compliance with the information concept at least once every 24 months.
(2) The public authority shall register the evaluation of the conduct of the evaluation, conclusions and measures taken on the basis of the evaluation findings.
Principles and procedures for the procurement and creation of public administration information systems
(1) The public authority shall indicate in the information concept what principles and procedures it applies before the acquisition or establishment of public administration information systems pursuant to Article 2 (3) (a), at all times the principles and procedures for:
(a) defining the need for the public administration information system to be acquired or created and analysing the resources for its acquisition or creation, including the expected financial intensity;
(b) analysis of the starting state;
(c) establishing the target state of the public administration information system;
(d) setting quality and safety requirements;
(e) an analysis of the consequences which the procurement or establishment of an information system of public administration may give rise to.
(2) Where a public authority intends to procure public administration information systems from a supplier in accordance with its long-term objectives, it shall indicate in the information concept:
(a) which documentation and the authorisations necessary to carry out maintenance and changes to the public administration information system must be required in the framework of the supply, including in view of whether the administrator of the public administration information system intends to make any changes to the system or to remedy the failures by himself;
(b) what requirements for project management are applied to the supplier;
(c) the requirements for testing the information system of the public administration and accepting the supply before it is taken over from the supplier.
(3) Where a public authority intends, in accordance with its long-term objectives, to create public administration information systems through its staff, it shall indicate in the information concept the necessary documentation of the processes of such creation.
(4) Where a public authority applies project management to the creation of a public administration information system, it shall specify in the information concept the principles of project management using the Czech technical standard, which sets out project procedures (1).
Principles and procedures for the operation of public administration information systems
(1) The public authority shall indicate in the information concept what principles and procedures it applies in the operation of the public administration information systems referred to in Article 2 (3) (b), at all times the principles and procedures for:
(a) ensuring the operation and maintenance of public administration information systems, including the creation and maintenance of operational documentation and the evaluation of compliance;
(b) management of changes in public administration information systems;
(c) a controlled cessation of the activities of public administration information systems.
(2) The procedures referred to in paragraph 1 (a) include a description of the procedures the application of which ensures consistency of the operation of the public administration information systems with the information concept and operational documentation, always a description of the procedures for evaluating such compliance. At the same time, the obligations of individual employees or other natural persons in relation to those activities shall be laid down.
(3) The management of the changes referred to in paragraph 1 (b) shall mean the provision of activities in the management of the design and approval process of changes in the public administration information system and in the management of the process of implementing those changes. Change management must always be documented.
(4) In relation to the management of the amendments referred to in paragraph 1, points (a) and (b) shall apply. (b) the public authority shall specify in the information concept the scope of the activities which may be carried out solely in the context of the implementation of the amendments referred to in paragraph 1 (b) and which may be carried out in the context of the maintenance of the public administration information system. Maintenance means carrying out activities that lead to the maintenance of the functions of the public administration information system in the desired and unchanged state and changing the qualitative change of the public administration information system, always changing functionality or the data interface.
(5) The procedures relating to the management of changes referred to in paragraph 1 (b) shall always include:
(a) defining the need for changes in the public administration information system;
(b) a baseline analysis for the development of the public administration information system;
(c) establishing the target state of the public administration information system;
(d) the identification of qualitative and safety requirements relating to the target state of the public administration information system;
(e) the design of the transformation from baseline to the target state of the public administration information system;
(f) an analysis of the consequences that change may give rise to;
(g) projecting changes into the operational documentation.
(6) The public authority shall lay down the principles and procedures for defining the need for the cessation of the activity of the public administration information systems referred to in paragraph 1 (c) in the information concept.
(7) Before the operation of the public administration information system is completed and the system is shut down, it shall comply with the procedures laid down in paragraph 1 (b). (c) safely loaded with data processed by the public administration information system, including means of such data, to prevent unauthorised access to such data.
OPERATIONAL DOCUMENTATION
Operational documentation structure requirements
(1) The operational documentation of the public administration information system consists of the following documents:
(a) security documentation of the public administration information system;
(b) system manual,
(c) the user manual.
(2) The security documentation of the public administration information system referred to in paragraph 1 (a) shall consist of:
(a) the security policy of the public administration information system, whenever the system has links to the public administration information system of another administrator or where the public authority is not the operator of that system;
(b) a safety directive for the operation of the security administrator of the system.
(3) The public authority may, in accordance with its needs, with regard to the number of users, merge the documents referred to in paragraph 1 into one document.
(4) A public authority may process one operational documentation for several public administration information systems, provided that:
(a) the principles and procedures for operating these systems are identical;
(b) none of the public administration information systems concerned is linked to another administrator's information system;
(c) the rights to register, modify or delete data processed by those systems are limited to the final number of designated staff of the public authority.
(5) In the cases referred to in paragraph 4, the operational documentation shall specify for which public administration information systems are common.
(6) The operational documentation of the public administration information system shall also consist of other documents where their processing and use are necessary for the efficient management of the public administration information system; This always applies to public administration information systems which process large volumes of data or which are created and operated, including making changes to these systems, in accordance with Czech technical standards which foresee the processing of other documents.
Requirements for operational documentation content
(1) In the operational documentation, the public authority shall state the current state of the public administration information system by describing the functional and technical characteristics of each public administration information system of which it is the controller, including organisational technical measures to ensure that these characteristics are maintained.
(2) The operational documentation for the public administration information system shall be drawn up in such a way as to comply with the principles and procedures set out in the information concept.
(3) The security policy of the public administration information system referred to in Article 10 (2) (a) contains a description of the security measures applied by the public authority to ensure the security of that system and which comply with the safety requirements set out in the information concept provided for in Article 4 (2).
(4) The safety directive for the operation of a system security administrator pursuant to Article 10 (2) (b) contains a detailed description of the security functions used by the system security administrator for carrying out the designated activities in the public administration information system and the instructions for the use of those functions.
(5) The system manual referred to in Article 10 (1) (b) contains:
(a) a description of the functions, including security, used by the system administrator to carry out the identified activities in the public administration information system and the instructions for the use of those functions;
(b) quality parameters based on the quality requirements referred to in Article 3 (2);
(c) a detailed description of the public administration information system or a reference to the document in which the description is given and available to the system administrator;
(d) a description of the individual activities carried out in the management of the public administration information system, including the activities defined for the roles referred to in Article 12, the identification of the natural persons carrying out those activities and the authorisation necessary for the performance of those activities;
(e) the definition of users or user groups and their authorisations and obligations in the use of the public administration information system.
(6) The user manual referred to in Section 10 (1) (c) contains:
(a) a description of the functions, including the security used by the user for his activities in the public administration information system, and instructions for the use of those functions;
(b) defining the authorisations and obligations of users in relation to the public administration information system.
Role in administration of public administration information system
(1) The public authority always defines the role of the public administration information system
(a) a system administrator, which is an employee or other natural person who ensures the management of the operation of the public administration information system;
(b) a system security administrator, which is an employee or any other natural person who ensures the safety check of the public administration information system;
At the same time, it defines for each role a summary of the activities identified and the necessary authorisations to carry out those activities in the public administration information system.
(2) The role of the system administrator and at the same time the role of the security administrator of the system can only be exercised by one natural person if it is a public administration information system which does not have links with the public administration information system of another administrator, and the public authority has established and applied adequate security measures to eliminate risks that could result from the performance of both roles by one natural person.
(3) Where a single natural person performs the role of a system administrator pursuant to paragraph 1 (a) and at the same time the role of a system security administrator referred to in paragraph 1 (b), the public authority may combine the security directive for the operation of a system security administrator pursuant to Article 10 (2) (b) with the system manual referred to in Article 10 (1) (b).
Scope of the operational documentation submitted at the procedure
The public authority shall submit a security policy to the public administration information system when it is required to process it in accordance with Article 10 (2) (a).
FINAL PROVISIONS
Efficacy
This Decree shall take effect on 1 January 2007.
Minister:
MUDr. Mgr. Langer v. r.
1) For example CSN ISO / IEC 15288 System Engineering - Life Cycle Processes System.
Sign in for notes, favorites and notifications
Regulation Information
| Citation | Decree No. 529 / 2006 Coll., on the requirements for the structure and content of the information concept and operational documentation and on the requirements for the management of the safety and quality of public administration information systems (Decree on the long-term management of public administration information systems) |
|---|---|
| Regulation Type | Order |
| Author | - |
| Collection | Code of Laws |
| Date of Promulgation | 06.12.2006 |
|---|---|
| Effective from | 01.01.2007 |
| Effective until | - |
| Status | Valid |
The regulation text is for informational purposes only.
Comments 0