====== Outline of the OVS Model Information Concept ====== The final structure of the OVS Information Concept will be issued with Decree **529/2006 Coll.**, a new version of which will be issued **mid 2021** - the constant delays are due to delays in the legislative process of House Bill 756 called DEPO2. The following text is a structural extract that is in line with it and can be used by authorities already now when preparing documents for updating their information concept according to the forthcoming amendment to Decree 529/2006 Coll., which will set a reasonable deadline for updating the information concept in the structure set by this amendment. Preliminary concrete details of the content of the information concept of the central OVS with the amended structure, the final form of which will be determined by the forthcoming amendment to Decree 529/2006 Coll, can be obtained, for example, by studying the information concepts of the central OVS, which are already updating their information concepts in accordance with the [[[:metody_dokument|Methods of ICT management of the Ministry of Industry and Trade of the Czech Republic]], such as, among others, the updated [[https://www.mpo.cz/cz/rozcestnik/ministerstvo/o-ministerstvu/informacni-koncepce-ministerstva-prumyslu-a-obchodu--243831/|Information Concept of the Ministry of Industry and Trade of the Czech Republic]] in direct relation to the national strategy Digital Czechia **{{ znalostni-baze:osnova_ik_.docx |Text version for download}}** ====== Part A: Introduction ====== ===== 1 Identification of the Information Concept ===== OVS (hereinafter referred to as OVS) issues this Information Concept in accordance with Act No. 365/2000 Coll., on Public Administration Information Systems (ยง 5a). In the Information Concept, the OVS sets out its long-term objectives in the field of quality and security management of managed public administration information systems and defines the general principles for the acquisition, creation and operation of public administration information systems. Basic data of the Information Concept |Name of the organisation|| |NUMBER|| |Type of organisation|| |Address|| |Date of approval|| |Validity period |5 years| |Expiry date|| |Role |Person |Date |Signature| |Author||| |Approved by||| ===== 2 Management Summary of the OVS Information Concept ===== IK summary for key stakeholders: *for the management of the Authority *for external bodies (OHA) *for ISVS administrators (substantive and technical) *for members of IT departments and ICT service providers Basic responsibilities and competencies of the OVS (duties, laws, agendas). Key transformation objectives and tasks of the OHA Summary of the most important issues facing the OHA and its representatives (GDPR, filing system, eIDAS, ...). Key internal IT and eGovernment needs of the OVS Summary of the most important other influences, operational needs and optimisation incentives Summary of the vision of the target state of the Authority's architecture Summary of the key features of the vision of the target state of the Authority (fully digitised, fully centralised, fully outsourced, etc.). Selection of key change objectives/projects from the Roadmap Selection of key changes in the way IT and eGovernment is managed by the OVS Relationship between IK and the related strategic documents of the OVS and eGovernment โ€ƒ ====== Part B: Authority architecture concept - what changes to implement in ISMS and why? ====== Answers the questions WHAT and WHY should be built or changed. Corresponds to the content of the NAP. ===== 1 Overview of the current state ===== 1.1 Overview of the overall architecture of the OSS 1.2 Overview of the business architecture 1.3 Overview of the IS architecture 1.4 Overview of the technology architecture 1.5 Overview of ICT infrastructure and communication technology architecture 1.6 Authority architecture context 1.7 Overview of running and approved projects ===== 2 Overview of the Authority's motivations for architecture changes ===== 2.1 Authority mission, strategic and external business requirements 2.2 Internal business requirements (process improvement) 2.3 Internal and external ICT influences, objectives and requirements 2.4 Compliance with ICCR objectives and principles 2.5 Authority's incentive architecture model 2.6 Summary and interpretation of required changes to the Authority's architecture ===== 3 Target state design ===== 3.1 Architectural vision of the Authority 3.2 Target business architecture design 3.3 Design of the target IS architecture 3.4 Target technology architecture design 3.5 Target ICT infrastructure architecture design 3.6 Explanation of the target architecture of individual ISVs (full stack) ===== 4 Roadmap for the implementation of changes in the Authority's architecture ===== 4.1 Overview of IT programmes and projects 4.2 Links of the implementation programmes to the objectives of the IK OVS 4.3 Capital and operating budget allocation A (architecture - what to build for) ====== Part C: Authority's ICT and eGovernment Service Management Concept ====== Answers the questions HOW? Build and manage ICT services to support the delivery of the Authority's public services Corresponds to the ICT Management Methods of the Public Service. ===== 1 Assessment of the current situation ===== 1.1 Assessment of the status and methods of IS lifecycle management 1.2 Assessment of the status and methods of managing the ICT capabilities of the department 1.3 Assessment of the status and methods of managing disciplines in collaboration with other OVS units 1.4 Assessment of the status of cooperation on central coordination of ICT and eGovernment ===== 2 Overview of the Office's motivations for changes in ICT management ===== 2.1 Overview of external challenges, influences and objectives 2.2 Overview of identified internal motivations 2.3 Compliance with the ICT governance principles from the ICD 2.4 Quality improvement objectives for the management, development and operation of information services 2.5 Service security improvement objectives 2.6 Summary and interpretation of identified ICT management change needs ===== 3 Proposed target state of the Authority's ICT governance ===== Proposed changes to the organisation, processes, metrics and IT tools for managing ICT OVS. 3.1 Design of the IS lifecycle management approach 3.2 Proposal for how to manage the ICT capability of the department 3.3 Proposal for how to manage disciplines in collaboration with other OVS departments 3.4 Proposal on how to collaborate on central coordination of ICT and eGovernment ===== 4 Roadmap for the implementation of changes in the management of ICT in the OVS (sub-roadmap) ===== Proposal of specific plans (projects or management actions) that will ensure changes in the management of ICT OVS towards the desired force state. 4.1 Roadmap for the implementation of changes to ICT governance arrangements 4.2 IS quality management plan Quality management activities 4.3 IS Security Management Plan Security Management Activities 4.4 Investment and operating budget allocation B - what to run for โ€ƒ ====== Part D: Management of the IK OVS document and its implementation ====== ===== 1 Fulfilling the Information Concept===== 1.1 Procedures for implementing changes to the Information Concept 1.2 Procedures for evaluating compliance with the IC ===== 2 Functional classification of the person who manages the implementation of the activities under the IC and the Act===== 2.1 Responsibilities for the implementation of the IC 2.2 Compliance with statutory obligations * Act No. 106/1999 Coll., on free access to information. * Act No. 110/2019 Coll., on the processing of personal data. * Act No. 121/2000 Coll., Copyright Act. * Act No. 365/2000 Coll., on public administration information systems and on amending certain other acts. * Decree No. 528/2006 Coll., on the information system on public administration information systems * Decree No. 529/2006 Coll., on long-term management of public administration information systems. * Decree No. 530/2006 Coll., on the procedures of attestation centres in assessing the long-term management of public administration information systems * Act No. 480/2004 Coll., on certain information society services. * Act No. 499/2004 Coll., on archiving and filing services and amending certain acts. * Decree No. 259/2012 Coll., on details of the performance of the filing service. * Act No. 412/2005 Coll., on the protection of classified information and security eligibility. * NSA Decree No. 522/2005 Coll., establishing lists of classified information. * NSA Decree No. 523/2005 Coll., on the security of information systems and certification of shielding chambers. * NSA Decree No. 524/2005 Coll., on ensuring cryptographic protection of classified information. * NSA Decree No. 525/2005 Coll., on the certification of cryptographic protection of classified information. * NSA Decree No. 526/2005 Coll., on industrial security. * NSA Decree No. 527/2005 Coll., on personnel security. * NSA Decree No. 528/2005 Coll., on physical security and certification of technical means. * NSA Decree No. 529/2005 Coll. on administrative security and registers of classified information. * Act No. 300/2008 Coll., on electronic acts and authorised conversion of documents. * Decree No. 193/2009 Coll., on determining the details of the implementation of authorized document conversion * Decree No. 194/2009 Coll., on determining the details of the use of the information system of data boxes * Act No. 111/2009 Coll., on basic registers * Act No. 181/2014 Coll., on cyber security and amending related acts (Act on cyber security) * Decree No. 82/2018 Coll., on security measures, cybersecurity incidents, reactive measures, filing requirements in the field of cybersecurity and data disposal (Cybersecurity Decree). * Decree No. 317/2014 Coll., on significant information systems and their determining criteria. * Act No. 340/2015 Coll., on special conditions of effectiveness of certain contracts, publication of such contracts and on the Register of Contracts (Act on the Register of Contracts). * Act No. 134/2016 Coll., on public procurement. * Act No. 297/2016 Coll., on trust services for electronic transactions. * Act No. 250/2017 Coll., on electronic identification. Strategic framework for the development of public administration of the Czech Republic for the period 2014-2020. Resolution of the Government of the Czech Republic No. 347 of 10 May 2017 on the implementation of full electronic filing and mandatory acceptance of electronic invoices by central state administration bodies. REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on electronic identification and trust services for electronic transactions in the internal market. REGULATION (EU) No 679/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. ===== 3 Overview of versions and changes to the IK OVS ===== โ€ƒ ====== Part E: Appendices and Annexes to the ICCS ====== ===== 1 Appendices ===== 1.1 Basic terms and abbreviations 1.2 List of figures 1.3 List of tables 1.4 List of references ===== 2 List of appendices ===== 2.1 Overview of OVS agendas and competences 2.2 Overview of the legal norms governing the activities of the OVS in relation to information and communication systems 2.3 Overview and cards of ISVS 2.4 Tables of objects of the four-layer architecture: 2.5 Overview and tabs of programme/project plans