Act No. 365/2000 Coll. assumes that the Information Concept of the Czech Republic will also address the issue of management of public administration information systems. It is appropriate to use the recommendations of the MŘICT unchanged and thus to apply them in the full scope of the ICT portfolio (IT architecture) of the OVS. However, as with any other methodology, adaptation to specific situations is more than appropriate.
The management of each IS can be described and guidance and accelerators for it can be provided in the Knowledge base either focusing on the detail of the phases and activities in the IS life cycle stage or focusing on typical activities and methods that, although usually occurring in certain phases, may also be repetitive and overlapping (e.g. supplier selection, project management, mitigating supplier dependency, etc.).
This chapter introduces and combines both perspectives. Detailed information and accelerators, especially on deliverables and methods by IS life cycle, are provided by the forthcoming knowledge base.
All activities in the management of individual IS must be carried out in the context of the whole Authority and eGovernment of the Czech Republic and the EU, within the framework of the activities and procedures described further in Management at the level of the ICT OVS unit and Collaboration with other units of the Authority and eGovernment.
The capability of ICT services (information systems and ICT infrastructure) for the purpose of safe and quality performance of public administration services cannot be effectively ensured without respecting the life cycles of change. This statement is valid both in terms of the lifecycle of technical components, the validity of contractual support from providers, and in particular in terms of changes in the needs of individual internal departments of the authority and the expectations of public administration clients.
In recent years, the number and scope of ICT services of authorities have gradually changed significantly; this increase requires a better setup of ICT administration and management and increases the demands on their service. Major milestones include work in the electronic filing service, the use of basic registers, data management obligations (security), personal data management obligations (GDPR), the possibility of transferring selected parts outside the office (Cloud) or the strengthening interest in digital public administration services. One cannot ignore the new trends and innovations in the technological part of ICT, where the primary burden on human resources is in various forms of innovative upgrades and the gradual inclusion of completely different technological approaches than a decade ago. In many cases, due to a certain obsolescence, new systems have to take into account old frameworks and technologies in their architectural designs, which costs the contracting authority increased efforts and in most cases, higher financial demands cannot be avoided.
Every information system goes through successive stages of its development, the turning point of which is always the commissioning into productive operation of a new (or significantly renewed) set of services, bringing new business values for the contracting authority. This moment brings about the completion of the work (change) of the so-called transition architecture, or for a given level of knowledge and assignment at a given time, the target architecture of the system and the entire office.
We call the period, activities and states between each two such moments of value-added service initiation one stage of the system life. A stage is thus equivalent to a single pass through all phases of the life, or development 1) cycle of an information system, or its entire functional unit. The development of the life of each IS thus moves along a kind of permanently upward spiral, in the case of a decline in interest in the system and the gradual removal of functions, also along a subsequent downward spiral, consisting of stages.
In the same way as ISVS have their specifics compared to commercial information systems, their life cycle necessarily has them as well, i.e. when managing the life cycle of ICT VS systems/services, it is necessary to proceed differently and to respect different legal obligations and different time limits.
To ensure the necessary addressability (who is responsible), while respecting the logic of the substantive nature of the activities in the life cycle of an ICT service / information / communication system of public administration, the course of each stage can be distinguished into the following stages 2):
A graphical representation of the logical sequence of these phases in the IS life cycle is shown in the following Figure:
The first and last passage through the phases of the information system life cycle stage has a privileged position among the life stages of the information system. The first stage of IS life constitutes its existence, gives it meaning, purpose and empowerment, shapes its architecture and platform in the long term. Therefore, external strategic impulses are emphasized in this cycle and internal evaluation is lacking.
The last life stage of an IS starts with the strategic decision to end the service provision/existence of the system, and ends with the physical disposal of the information system, but the whole thing is also a planned and managed implementation (archiving and disposal) project, going through planning, preparation and implementation phases.
All other stages of IS development represent the gradual addition of information system functions based on the assessment of its status and needs and/or on the basis of an external impulse - strategic and legislative changes, or its technological and platform upgrade (upgrade).
The life stages and phases of the IS life cycle correspond to the structure of planning and evaluation of their costs, see the TCO methodology.
The term 'phase' implies a specific period of similar or closely related activities, sometimes very long and unchanging - for example, the production phase. In addition, the term 'stage' means the part of the journey from start to finish, in this case from one range of productive services to a new range and value of productive services. A stage is therefore made up of phases.
The decomposition of these individual life stages into the structure: "stage" (cycle) - "phase" - "step" - "activity" - "task", necessary for the concretization of individual management activities, is based on the Methodological Manual for the needs of project management in central state administration organizations issued by the Ministry of the Interior of the Czech Republic 3), is elaborated in the table "Scenario of the life cycle activities of the ICT service of the Ministry of the Interior of the Czech Republic" and is a part of Knowledge base.
The scenario of the life cycle activities of the ICT service of the Ministry of the Interior (also referred to as "scenario"), in addition to the above hierarchy of activities, also contains the individual process steps, specific documents (as defined in the Instruction of the Minister of the Interior4))), the standard necessary (initiating) inputs and outputs, as well as the interdependencies (conditionality of initiation) and the key roles involved in the activity.
The descriptions of each of the above stages of each IS life stage are all identically divided into the following parts for ease of comprehension:
In this introductory edition of the MIRCT, for clarity and readability, only the sub-sections Framework Characteristics, Phase Principles and, where applicable, Sub-phases and Steps are provided for each phase. The remaining parts of the description and any extension appendices, containing the above Scenarios and other necessary accelerators for each phase, will be progressively added to the corresponding sections of KnowledgeBase.
The different parts of each phase of an IS lifecycle also have different forms of governance - linear and programmatic/project. While a substantial part of the planning, preparation and implementation of a radical change to the IS, or the termination of its service, is managed as a program and project, using project roles, the part of the strategic preparations, all operations, evaluation and continuous improvement happen in the normal line management of the departments and roles of the subject matter and technical system manager.
Phases 1, 2 and 3 of the lifecycle, leading to new value-added services, usually correspond to a single development programme, consisting of one or more sub-projects, the coordinated implementation of which will produce the benefits expected by the programme.
Each project for the implementation of a substantial change to the IS, i.e. development and implementation projects, regardless of content or size, contains the following 'project phases', represented to varying degrees but always present:
IS lifecycle phase | Implementation project phase | Key deliverables and milestones |
---|---|---|
* STRATEGY | * Identification, initiation and concept | * Strategic brief. * Information concept of the IS, containing the project. * Enterprise architecture of the project. * OHA opinion |
PLAN AND PREPARATION | * Project planning and preparation | * Project definition, Project charter, Project plan. * Project architecture. * Functional and non-functional specifications. * Decision on (non)implementation of the project * Investment plan * Registration of the project at the Ministry of Finance. * Budget measure of the authority including the designation of the principal * Procurement documentation of the procurement. * Selection of the contractor / Contract with the contractor. |
\ IMPLEMENTATION | * Project implementation * Preparation for productive operation | |
PRODUCTION PROCESS | * Project Closeout | |
Continuous - \* through 1, 2, 3 and 4 | * Project planning, monitoring and management. | * Project management plan, including \* Resource plan \* Risk register and others |
Relationship between IS life cycle phases and phases of a typical implementation project.
Additional deliverables and milestones of the implementation project phases are described in the detailed Knowledge base materials for each phase of the life cycle phase and the project management methodology.
Overlapping life cycle stages. The life cycle stages of an IS may overlap with each other with a phase shift. Thus, at the same time, some IS services are routinely operated, some services from earlier stages are already being phased out and disposed of, and new services from the next stage of system development are being planned or implemented.
Overlapping phases of one stage. Similarly, phases of a stage may overlap or overtake each other in their activities. For example, not all the activities of closing the implementation project and the final handover of the solution to productive operation have yet been carried out, yet the services are already in productive use as outputs of the project.
Managers of the subject matter and technical administrator, the operator and the contractor must navigate and consciously manage the overlaps and overlaps between the different stages and phases.
The strategy phase includes activities carried out in the formulation of strategies for the development of the public administration, the OVS (its department) and its IT unit and in the corresponding changes in legislation resulting in requirements for new or changed ICT services to support the performance of public administration. The strategic phase included - due to the life cycle of one ICT service / individual VS system - the strategic planning steps carried out jointly for all ICT services and systems of the authority, namely the creation and updating of the Information Concept of the OVS, with the simultaneous updating of its Authority Architecture (EA).
The strategy phase includes activities related to the formulation of public administration development strategies, strategies of OVS and their IT departments, and in the corresponding changes in legislation resulting in requirements for new or changed ICT services to support the performance of public administration. This is especially true in the case of central administrative authorities, which are responsible for individual legal regulations and where it is possible and necessary to participate in the development of national strategies and legal regulations from the position of IT specialists.
In the case of other authorities, especially local authorities, it is necessary to adapt their own strategies in response to changes in legislation and citizens' demands for the functioning of public administration.
The following activities are part of the strategy phase:
While Stage 1 - Strategy is an integral part of each life stage of an individual IS, it is fully applicable and dominated by the methods and means of strategic management and planning of ICT at the level of the whole department and office, in the context of eGovernment of the Czech Republic and the EU, see Management at the level of the ICT department.
To facilitate and support the processes of the strategy management phase, the Knowledge base NA VS ČR will be gradually added to the following:
A phase containing steps and activities that build on the strategic direction of the individual information system established in the previous phase, elaborating this direction into a proposal for the individual changes needed, their interrelationships and timing. The phase also includes all the necessary comments, assessment and approval of the chosen solution, i.e. the Authority's ICT development plan, as a condition for initiating the related expenditure from the state budget
Public administration service change projects are increasingly relying on IT support. In addition, all projects in the Authority share a limited amount of human resources suitable for the projects. For these reasons, all informatics projects need to be demonstrably coordinated with all ongoing and planned projects across the Authority, whether together they form tightly linked development programmes or are only loosely managed as portfolios of projects.
Communication with the Accounting Service on the accounting nature of asset acquisitions and other transactions is important. Not everything that may appear to an ICT practitioner to be a fixed asset actually is from an accounting perspective. Failure to do so can lead to serious risks of breaches of budgetary discipline and other penalties.
The methods and procedures of Phase 2 - Planning and Preparation represent the implementation of the Principles and Procedures for the Acquisition and Development of Public Administration Information Systems - Part I, and the basis for updating and supplementing these principles according to §8 decree 529/2006 Coll, on the requirements for the structure and content of the information concept and operational documentation and on the requirements for the security and quality management of public administration information systems (Decree on the long-term management of public administration information systems), on the requirements for the structure and content of the information concept and operational documentation and on the requirements for the security and quality management of public administration information systems (Decree on the long-term management of public administration information systems) in the scope of questions: how to find the right solution for meeting the business needs of public service provision (and changes thereto).
The description of the phase sets out, among other things, the basic obligations on how to proceed from the position of the ICT unit in finding the most appropriate ICT solutions to optimally meet the business needs of the authority in the delivery of its public services.
In the Planning and Preparation phase, 3 work streams go side by side, complement and intertwine in time, see Table 3 for details:
Measure of Knowledge / Current | Plan Legislation | Plan Architecture | Plan Resources |
---|---|---|---|
Introductory idea | Bill of intent | Enterprise Architecture of intent | Budget and staffing requirements |
Refined Idea | Final Approved Bill | Architecture of Intent | Resources Allocated |
Performable Terms of Reference | Decrees and Internal Management Acts issued | Solution Design | Solution Resources issued |
Overview of the relationships of the concurrent work streams of the Planning and Preparation phase.
Substantive planning, i.e., architectural preparation, occurs in steps of progressively increasing detail of knowledge, expressed in graphical models and lists of required components and their characteristics; in accordance with how these levels are defined by NAR, see the following Figure:
The basic models of the Authority's target architecture, developed in the previous Phase 1 Authority-wide Strategy and used for the release of the OVS Information Concept, are followed by the so-called "Pre-Project Start Architecture" (PSA7)). This architecture provides a model of the future solution and its immediate context at the EA level of detail and contains, together with the basic project plan, sufficient data for the preparation of an OHA Request for Opinion.
This is followed by finding the so-called Solution Architecture, which focuses on the question of how the solution sought is to work and is expressed in terms of functional and non-functional specifications in addition to graphical diagrams. An essential part of this is the decision on the solution option. Together with the refined project plan, containing decisions on the implementation strategy, on how to provide its own, the agreement on the CBA and the decision to continue the process towards the acquisition of the solution (purchase, development or combination), the solution architecture and specification is the basis of the tender documentation.
A prerequisite for the substantive planning and preparation is the participation of ICT specialists in the development of the substantive plan of the relevant legislation associated with the change, in particular and in full if it is the OVS, which is responsible for the legislation in question and will be the administrator of the relevant IS. The role of ICT in this area is in particular:
Therefore, the role of ICT is most prominent at the stage of the first ideas and formulation of the substantive intent of the regulation change, but persists until the final approval of the regulation and its implementing regulations.
In project resource planning, it is essential to request and secure all types of resources in a timely manner and with a good knowledge of the pending legislation, the required scope of changes and work and their timing, through existing actions and documents (programme funding, project plan, …). An important part of resource preparation is the acquisition of external resources, i.e. the selection of a contractor through a successful procurement process and the conclusion of a contract, ultimately combining the outputs of all three parallel planning and preparation streams.
The success and effectiveness of the Planning and Preparation phase depends to a large extent on the timing of the work in all three streams and on how the knowledge and outputs from each activity can be used together and duplication of work and documents avoided.
An important prerequisite for the success of the whole life cycle is to include the following in the scope and intent, terms of reference and contracts as early as the Planning and Preparation phase:
Optimizing this confluence of planning streams, ensuring those assumptions and facilitating all activities will be the subject of documents and tools that will be part of the next edition of the MRICT and Knowledge base.
The implementation phase of the planned changes to the information system represents the core of the development and implementation project planned, initiated and conceptualized in the previous phase of this stage of the solution lifecycle. Implementation is the actual delivery of standard application software, its parameterisation and software customisation and/or customised software development and/or acquisition of software as a service. For both forms of SW acquisition, the so-called "on-premise" implementation also includes the delivery of platforms and infrastructure, the building of all necessary runtime environments ("Landscape". )), with a minimum of three stages (development, testing and production), optimally for large systems four stages (development, testing, pre-production and production), in exceptional justified cases two stages are acceptable (non-critical systems without critical data and integrations e.g. BI) and the establishment of the Authority's ability to operate and support the solution.
The methods and procedures of the implementation phase replace and develop the so-called Principles and Procedures for the Acquisition and Development of Public Administration Information Systems - Part II (implementation of a purchased solution and acquisition of a solution by development, or a combination of both). It will be a substantial supplement to the principles according to §8 decree 529/2006 Coll., on requirements for the structure and content of information concept and operational documentation and on requirements for security and quality management of public administration information systems (decree on long-term management of public administration information systems) in the area of questions: how to successfully implement the selected solution and put it into productive operation. Thus, essential and nationwide standards to the requirements of the Decree (after its expected amendment).
The project management of the implementation of individual IS must be carried out in the context of change management at the level of the entire ICT unit and the change of the entire authority, see in particular Management at the level of the ICT unit. This means in particular:
In particular, to facilitate and support the processes of the implementation management phase, the following will be progressively added to the Knowledge base:
The implementation of a project-managed IS change in phase 3 of its life cycle, typically after the selection of the supplier, represents the implementation of the following project implementation phases according to the project management methodology:
A number of sub-activities, milestones and deliverables are subordinate to the individual project phases, see detailed sub-chapters in Knowledge base.
An important project activity at the beginning of implementation is the establishment of project structures and the mobilisation of its internal human and material resources.
From the moment of the productive start of the first services included in the scope of the implementation project, the latter starts to fulfil at the same time the content of Life Cycle Phase 4 - Operations, and the persons and teams responsible on the side of the customer and, where applicable, the outsourced operator, must actively participate in these project phases, starting with the preparation of the production environment and productive operations.
The productive operation phase is characterized by the need to ensure the delivery of the services commissioned on the previous milestone, while maintaining the parameters of quantity, quality and safety of the service and, where possible, increasing the cost-effectiveness and efficiency of the service delivery, enabled by deepening experience as well as continuous improvement of the operation without changing the service. In short, it is about ensuring agreed service levels (SLA or OLA).
The second key characteristic of the productive operation phase is that during this phase minor changes in the scope or quality of service are implemented, mainly by continuous, line management of the ICT unit and/or the contractor, which do not require the activities of phases 2 - preparation and planning and 3 - implementation of change. In short, it is the continuous identification, qualification, planning and implementation of minor changes, i.e. requirements gathering and change management.
It is important to classify the identified changes in terms of their size, how they are managed and their priorities. The basic priority of the technical administrator and the operator is to prevent the unavailability of system services and to meet the deadline for the implementation of service changes (especially legislative changes). Other low-priority changes should be bundled into work packages to meet the deadlines of new versions of the solution in question. This group also includes changes aimed at measurable efficiency improvements, i.e. changes bringing significant savings in resources (financial, technical or organisational). Lastly, in terms of operation, are changes that do not fulfil any of the above categories but, for example, improve the quality of service and comfort for users.
The above must reflect the relationship between the manager responsible for the delivery of information system services and the internal department or external supplier. This contractual relationship and, in general, the ability of the authority (technical administrator) to ensure efficient operation must be included in the preparation, planning and implementation phases of the creation of a new system or a major change to it. The person responsible must be empowered and competent to take decisions on the management and operation of the system and on the use of resources, including guaranteed 'mandated' resources (operating budget, mandatory internal roles, material and technical support).
Operation also means ensuring the operation of the infrastructure necessary for the delivery of application services. The acquisition and renewal of the infrastructure is governed by the rules of Phases 2 and 3 or 1 of the solution life cycle.
An important condition and part of operations management is the maintenance of up-to-date product (development), operational and user documentation of information systems, i.e. functional units in all layers of their architecture. At this stage, the asset is already in a usable condition and can therefore be accounted for as an asset and be assigned a depreciation schedule (depreciation periods). If a depreciation schedule is omitted, there is a risk of accounting impropriety.
The provision of user and technical support is crucial to support both aspects of operations (continuous service delivery and identification and implementation of changes).
For more information on the key methods used in managing operations at the level of each IS, see Managing individual ICT solutions.
In addition to activities to ensure the operation of individual information system services, it is necessary to build and use operations management capabilities centrally, across ISs, whether it is for example:
For more information, see the chapters on methods for operational management at the ICT unit level, Management at the ICT unit level.
In particular, the following accelerators will be gradually added to the Knowledge base to facilitate and support the processes of the operations management phase:
The steps of operations management can be grouped into four areas:
The Operations and Services Evaluation phase includes several essential types of evaluation, in particular:
An important significance of the evaluation of an implementation project is if its conclusions can be used not only for better setting of internal management rules, but also for conclusions towards suppliers. At this point, such a design is already possible. The Cybersecurity Act is quite clear in its contractor management policy with regard to the quality of the solution delivered. The Public Procurement Act is quite clear with regard to security breaches. By matching these already completely identical conditions, we are able to define the quality of the bidder/supplier and, in the case of poor experience, to exclude the bidder from the tender if the non-compliance is beyond the defined threshold.
For the evaluation, a separate section (data set) will be created in the ICT catalogue, which will focus on the quality of the delivered solution. In particular, the quality of the submitted result will be evaluated against the specification, but also the quality of the client's satisfaction with the submitted result will be evaluated. It is also about the quality of the supplier and the ICT department.
Project evaluation - (non-)achievement of project objectives
Evaluation of the investment action
Analysis of operational data / knowledge base performance (Best Practice)
Formulating recommendations from setup changes to further development / decommissioning
Decision on termination of service provision / system operation
The end of life of a system and its eventual replacement by another is a strategic decision that must be supported by architectural and economic documents and must be prepared in the IK OVS over a long period of time. The termination of a service includes the implementation of an exit plan agreed with the supplier or operator.
Therefore, the termination of service must be taken into account already when formulating the tender for the selection of the supplier, the conclusion of the contract9) and during the implementation process10). In order to terminate the operation of the ISVS and migrate to another ISVS, the Authority must have contracted the current ISVS provider to provide all necessary cooperation, rights, data, documentation and information, to participate in negotiations with the Authority and, where appropriate, with third parties in order to ensure a smooth and orderly transfer of all activities related to the provision of services to the Authority and/or the new provider, exporting all data with comprehensive descriptions, including the creation of basic data sources for each agenda and module, which will allow the creation of sufficiently structured data based on the Authority's requirements that can be imported by another ISVS without in-depth knowledge of the database structure of the existing ISVS. Based on the data sources, it will be possible to fulfil the exit plan for the migration to another system.
Similarly, the exit must be considered in the architecture, i.e., the solution architecture must be designed already with the need to support efficient end-of-life of the ISVS in mind.
It is desirable that those with substantive responsibility for endpoint ICT equipment consider, in accordance with 3E principles and other legislation, at the end of the ICT equipment life cycle, their retirement from the accounting records without physical disposal for subsequent effective use of the endpoint equipment within the Authority until complete wear and tear.
Plan to replace the discontinued solution with a new (next generation, different system)
Verification of the usability of components:
Administrative action:
Technical measures:
Methods of translating the realization of strategic objectives into changes in the structure and behavior of the authority, i.e. into changes in its architecture, and planning interrelated feasible work packages (programs, projects) for the realization of these changes and their IT support are the task of the EA-architecture of the authority management method, which is the basic means of creating the Information Concept of the public administration authority.
ICT solutions are to be long term in nature and this can only be done in planning. Planning means knowing the commitments of the needs arising before they are implemented, i.e. the so-called ex-ante control of the resources spent on changing the environment. It is very inefficient to implement assignments in a superficial and non-conceptual way (e.g., improve deployment after acceptance and deployment to production). This approach is unsustainable in the long term, and above all, very costly and difficult to manage.
In the case of an ex-ante approach, where we programmatically assess the impacts of a change at the outset at design time, you can positively influence the introduction of a change on an impact-by-impact basis, primarily in the areas of cost (capital and operational, quality and architecture).
The most effective possible and at the same time the most conclusive tool to confirm or verify the suitability of the selected solution within the ex-ante control is the implementation of a Proof of Concept (PoC) project on a subset of functionalities and use cases sufficiently representing the concept of the solution of the issue in question. In order to minimize the cost of PoC implementation, it is advisable to use available open source technologies. These can then be substituted for commercial technologies with guaranteed commercial support, if necessary, within the production implementation project. A significant benefit of such a procedure is further verification and specification of requirements for individual products on open technologies and subsequent more precise targeting of production functionalities required from commercial products.
Another reason for the implementation of PoC projects is the communication of the prepared services, functionalities and their form and form towards the end users. One of the main architectural principles at the level of eGovernment of the Czech Republic is the principle of "Usability" of built applications. According to this principle, public administration services must always be designed taking into account the needs of the client - the citizen, so that he/she can, under all circumstances, handle his/her life situation in its entirety using an electronic service. At the same time, according to the principle of "Transparency" of the acquisition, operation and development of public administration services, clients - citizens should be informed about the intentions and objectives of building online public services so that they are able to use all available means to influence their direction on the basis of their legal rights and democratic principles.
In order to fulfil the above mentioned principles, the appropriate procedure for the implementation of new public administration services seems to be the verification of concepts, technologies and their functionalities in the so-called Proof of Concept (PoC) project before the actual design and construction of the target solutions. This procedure will provide users with the opportunity to test services and functionalities already at the time of their design, and therefore also the opportunity to comment on the design, or to send suggestions for changes, extensions, or optimization of the proposed services. In this way, it can be ensured that the services are designed with the expectations of the client-citizens in mind, and any possible inconsistencies, contradictions or additional requirements/expectations of the client-citizens can be captured at the outset and incorporated into the design of the newly developed service.
In the case of information systems, ex-ante control is most often associated with the expiry of a fixed-term contract, where the next tender brings with it, for example, change requirements that could not be met from the contract. At such a time it is absolutely necessary to include in the ex-ante control a comprehensive review of the exclusive and non-exclusive licences of the solution in relation to vendor-lock effects, the possibility of using cloud and other sharing possibilities.
The ex-ante approach may thus become a simple risk mitigation tool for all ISVs in the near future. For each individual and, collectively, for all the Authority's ISVS, the OVS Information Concept will then set out what the desired target state of the ISVS is at the end of the IS planning horizon, including the reason why this is the case. That is, for what reasons arising from the intrinsic characteristics of the ISVS, from the requirements of the processes and services of the public administration of the Authority supported by it, or from what external causes, as well as by what activities the necessary changes to the IS will be implemented and by when.
The long-term management of public administration information systems must be based on the strategic objectives of the authority in the area of public administration and its information support, in the context of the strategic objectives of the authority's parent structures, i.e. the public corporation of its founder (if it has such and such), the eGovernment of the Czech Republic and the EU.
It is not permissible to create a long-term ISMS plan in the IK of the Authority without a documented and comprehensible reference to the development and change plans of the agencies supported by the ISMS and without the context of the planned changes of the Authority and eGovernment as a whole.
Without specific justification (flexible response to unexpected changes in the external or internal environment), it is not acceptable to plan, prepare and implement projects that have not been identified in advance in the ISS IC. The proper way to deal with a sudden need for a major IS change is to first update the OVS IK, thus capturing all the necessary office and eGovernment context in the planning, and only then to start planning and preparing the project plan.
Each ISVS Subject Matter Manager and Subject Matter Manager of a central eGovernment element is required to maintain an Authority Architecture (EA) level of detail model of the existing, target and, where appropriate, transitional architecture for the system and its solution architecture model in accordance with the National Architecture Framework methodology.
The models of the target architecture of the ISMS, at all their layers and domains, are based on the overall architecture of the Authority, which they all together constitute.
The model of a certain desired state of the ISVS architecture at the level of detail of the Authority's architecture is referred to by the international abbreviation PSA11) and corresponds to a set of changes to be implemented on the ISMS by a development programme or project.
This level of the model is appropriate for the needs of the Authority's IC and for the need to request OHA's opinion on the program, investment plan, and project.
After obtaining a positive opinion from OHA, if this is relevant in terms of the scope of the project, it is appropriate to proceed to the development of a more detailed architecture of the ISVS, or its changes, for the purpose of selecting a solution and a solution supplier, the so-called Solution Architecture. From this, a list of functional and non-functional (meaning other than functional) specification requirements is then compiled12) for the purposes of the tender documentation of the tender procedure under the Public Procurement Act.
As stated elsewhere in this document, the solution architecture and its models must be an integral part of the design of the operational parameters and its visual model helps to decompose (existing and new systems) and to accurately design the interface for service quality measurement and management (SLA/SLM).
For each and all of the Authority's ISVS, the Authority's common Information Concept must specify what the desired target state of the ISVS is at the end of the IK planning horizon and why, i.e. for what reasons arising from the intrinsic characteristics of the ISVS, from the requirements of the Authority's public administration processes and services supported by it and from external causes, as well as by which feasible work packages (programmes and projects) the necessary IS changes will be implemented and by when.
The IK OVS combines two 'perpendicular' views of the ISMS:
The basic rule and recommendation of the ISTC for the ICT units of the OVS is to move to managing the relationship between providers and customers of information systems support functions through services, if they have not already done so
The next edition of the MDICT document and the ongoing additions to the Knowledge base will develop information, recommendations and tools in this area of ICT management, for example on:
This chapter will make practical recommendations on how to effectively combine inputs from strategic planning, mandated requirements and outputs from business management and user requirements when managing the development of a single IS.
References to relevant chapters of international standards such as ITIL will also be added.
Recommendations and practical guidance tools for planning requirements for the additional resources necessary for IS development, i.e. financial and staff planning at the level of a single IS in the context of the department and the office, will be an integral part of this.
It is essential that the management of the development of a single IS must always and fully use the methods and tools for the management of the development of IT assets of the whole authority, i.e. portfolios of assets layer by layer, e.g. development plans for key platforms, see more in Management at ICT unit level.
The end-of-life of a system and its eventual replacement by another is another strategic decision that must be supported by architectural and economic evidence and must be prepared over a long period of time in the IK OVS.
The end of life must be considered from the start of operations, the PSA architecture and the solution architecture must be designed with the need to support the effective end of life of the ISVS in mind. Decommissioning is also addressed in other chapters of this document. Further substantive and technical additions will be included in future editions after discussion with the technical community.
This chapter is the first part of the elaboration of the requirements: "Principles and procedures for the acquisition and creation of public administration information systems" according to §8 Decree 529/2006 Coll., on requirements for the structure and content of information concept and operational documentation and on requirements for security and quality management of public administration information systems (Decree on long-term management of public administration information systems) in the scope of questions: how to find the right solution for meeting the business needs of public service provision (and changes to them).
The MDICT stipulates that the use of so-called programmes for programme funding needs and at the same time for managing the introduction of change must be aligned, i.e. they are still the same change programmes in both perspectives.
It is only possible to apply for programme funding for the development of the Authority's IT in line with how the change programmes for each ISMS have been identified in the Authority's architecture roadmap and its information concept.
It follows that it is not appropriate and possible to use programme funding and instruments for the operation and maintenance of ICT solutions, even though they are capital assets and asset enhancements, unless they are changes implemented as projects under development programmes, see below.
On the contrary, it is possible, i.e. even if an operational task (operationally funded) exceeds the capabilities of the line management unit, it will use project management methods to coordinate internal and external resources and programme management tools to coordinate changes. I.e. these tasks can also be assigned to development programmes and jointly managed.
It will be determined what is the best practice for programme funding relative to a single ISVS, so as to simultaneously tie funding to expected benefits, while leaving sufficient management flexibility, especially for small ISVS.
The Ministry of the Interior, with possible revision by the Ministry of Finance, will set binding rules for the ongoing sustainable and manageable financing of ICT operations over the medium term, based on a mandatory five-year Total Cost of Ownership (TCO) assessment.
This implies, among other things, at least in the area of IT economic management, the introduction of a second accounting line and the recording of the consumption of the authority's resources (people, assets, energy, knowledge, etc.) in monetary terms as so-called costs by individual cost carriers. I.e. in particular dynamic cost drivers, which are programmes, projects and contracts, and static cost drivers, which are the ICT service centres, the individual components of the ICT solution, the life cycle phases of the solution and the individual services provided.
Furthermore, this implies an update of the budget structure and budget rules.
This will move from financial expenditure management to ICT efficiency management through benchmarking and resource consumption management, see also ICT Benchmarking.
Currently, the only legal procedure for financing the establishment, operation and provision of a shared ICT service is to delegate by law to a specific OSC such a task, while allocating an appropriate budget appropriation. The resulting shared service is subsequently provided to other OSSs (or even OVMs) listed in the regulation free of charge, such as ISDS, ISZR, etc.
Proposals that shared ICT services should be covered by the General Treasury Administration chapter have not been accepted so far, instead it has been agreed that specific expenditure indicators will be set in the binding indicators of individual chapters of the state budget, which will include expenditure related to the management, operation and development of key public administration information systems, i.e. portaly_verejne_spravy_a_soukromopravnich_uzivatelu_udaju|portal of public administration]], information system through which the performance of the competences of public administration contact points is ensured, and national point for identification and authentication.
Any new authority IS and its services can be acquired in several ways. In terms of the way the application software is technically implemented, i.e. as:
The solution can also be implemented in varying granularity of application components included in a logical ISVS, as:
Each sub-part of the overall information system solution can be acquired in a different model of ensuring responsibility for its delivery, operation and management, namely:
If the method of acquisition and implementation 15) of ICT services is not prescribed by law or other legal regulation, the OMS must decide on the method of acquisition (e.g. by purchasing the solution for its own management, developing the solution in-house or acquiring it as a shared service) with the responsibility of a good manager, i.e. (See the TCO methodology: TCO methodology for ICT services VS)) and other requirements relevant for the ICT service, e.g. security, timing, etc.
In making this decision, the ISVS administrator and the management of the authority must take into account not only the existing implementation options but also the options being developed by the public administration. These are in particular strategically supported forms of shared services and eGovernment cloud.
G-cloud are shared ICT services offered and operated for public administration entities either by the government cloud or commercial cloud model. The government cloud consists of shared services operated by government data centres on their infrastructure. The commercial cloud is shared services operated by commercial entities on commercial infrastructure. Both models have catalogues of services offered and an associated e-shop.
The catalogue of certified shared services publishes in the form of a public portal those offered ICT services that can be used by public administration organisations as a shared service, and also publishes financial and other conditions for their use. It is similar to the US (http://cloud.cio.gov) or UK (http://govstore.service.gov.uk/cloudstore) catalogues.
The decision whether or not to use cloud comes either at the moment of designing a new ISVS or of its replacement, upgrade, etc. This means that the technical administrator must always be aware of and consider the use of shared eGC services - infrastructure, platform, software and process - in the development plan of each ISVS, as they will be materially and legally available and mandatory or economically beneficial for the ISVS administrator.
In the conditions of a given OSS and its department, the following procedural steps in particular are necessary in the preparation of the ISVS for the eventual use of eGC services:
Criteria for the use of eGovernment Cloud services, representing a combination of decision-making based on security impact assessment and determination of the required security level and on the basis of cost-effectiveness, will be updated with relevant legislation and published with detailed guidance and tools as part of the Knowledge base.
The procurement of ICT by purchase, depending on the nature of the specific project, is governed in the public administration by the requirements of the legislation governing the management of public funds, in particular the regulations governing public procurement.
All representatives of the public administration, participating in various roles in the process of ICT procurement, are obliged by the Ministry of Public Administration to evaluate whether and what obstacles to the implementation of this concept are caused by the regulation of the management of public funds and to propose to the Ministry of Public Administration suggestions for legislative amendments so that the principles of this regulation are fully preserved, while at the same time enabling individual purchases to fulfil the conceptual management of the information technology of the Ministry of Public Administration according to the ICCR and according to the information concepts of individual public administration bodies.
The basic problems of good purchasing of ICT solutions are in particular:
As good practice, basic approaches can be recommended for OSSs and their ministries. In particular, in the future they should use the following tools to increase transparency in the preparation and execution of contracts for the supply of information systems:
Further substantive and technical additions will be included in future editions after consultation with the professional community.
The basic nature of the phenomenon of supplier dependency (also Vendor-Lock-In) stems mainly from four factors, namely:
This implies the following rules for the preparation, implementation and development of ISVs:
Other standard (boxed, COTS, TASW) application software for the solution, which OVS in turn expects to need to tailor, not only in terms of parametric changes (e.g. user dials) but also changes to the data model and programming functions and any bespoke software developed:
Also, all application and operational software, developed at the request and with the funds of a public authority of the Czech Republic or the EU, must be delivered with an open license, allowing its use, or the use of its parts, by any public authority of the Czech Republic - Open Source and EUPL license.
Further detailed information on Anti Vendor-Lock-In is provided here, and will be further added and continuously updated in Knowledge base.
The long-term goal is to provide added value in the operation of information systems and applications by optimising the arrangement of links between systems or applications and by using shared application functions. In a narrower technical sense, it is the integration of various technical parts of an information system (even of varying maturity and obsolescence), i.e. systems or applications, into a single entity, mainly by means of integration and orchestration tools.
The aim is to build an information systems architecture that effectively supports processes and agendas within the OVS and its department. Furthermore, this approach enables a significant increase in interoperability and flexibility, while reducing the risk of dependency on a particular vendor (vendor lock-in). This will be achieved in particular by creating application components that provide services shared by multiple applications.
This objective will significantly simplify the existing architecture and reduce the cost of modifying existing systems and applications. In addition to reducing the cost of implementing and integrating new systems and applications, there will be greater automation of processes, resulting in reduced costs and increased processing speed. Last but not least, easier integration with systems of external entities will be possible.
In order to successfully achieve the presented approach, the following measures should be implemented:
Further factual and technical additions will be included in future editions and in the Knowledge base after discussion with the professional community.
The ISTC and the Knowledge Base will help to establish and maintain a long-term balanced partnership between ICT services and their suppliers by publishing a series of guides and tools, such as model contracts and tender documents or standards and how-to guides. Consideration will also be given to a model whereby the sub-contracts of individual PSCs will refer to the general terms and conditions of the public administration, issued in agreement with the MoI or the MMR.
Each PSC would still have a choice or modification, but the terms and conditions would already balance the rights of both parties. There may be a separate annex reflecting both the State Property Directive and the provision of knowledge to information systems.
Further factual and technical additions will be included in future editions after discussion with the professional community.
Open Source Software and Free Software (OSS&FS) has been an integral part of ICT for many years. From a security point of view, these products have long been proven to be safe. Unfortunately, many products have historically changed from OSS to paid versions. Further, many products have stopped being supported and almost all OSS projects have the assumption that we have to make the changes ourselves.
Therefore, purchasing OSS is definitely risky if we do not consider all the implications. In any case, using OSS does not give us management and administration for free. The long-term sustainability of OSS is not dependent on a short-term solution. The primary view must be the life of the information unit over its 5+ year lifetime, with a clear strategy for how to continue to operate it beyond the baseline 5 years (relevant to TCO).
A separate methodology will be developed for the use and suitability of integration of each OSS product. It will focus not only on the integration of OSS elements into information units, but also on the possibility of sharing successful products such as a filing cabinet or anonymiser. More information on this topic will be published in Knowledge base.
For better determination of the maximum price of the work or for comparability of solution variants with different degree of software customisation, it is necessary in ICT VS CR to use a unified methodology for valuation of software development (or customisation) for OSS, based e.g. on the function point method according to ČSN ISO/IEC 20926.
This methodology should be developed and issued as another standard of the OŘI MV unit, see Introduction, and published in Knowledge base.
In practice, ICT managers have to deal with many types of contractual relationships (development, operations, support, licensing,…) without adequate support.
An important step is to unify the types of contracts according to content, length, scope, etc., i.e. to bring uniformity and order to the contractual system in the management of ICT relations with suppliers. Furthermore, it is necessary to gather experience and transform it into an expression of best practice in the form of guaranteed contract templates, including their possible combination with general terms and conditions, see above.
One of the objectives of the next edition of the MRICT and the continuous updating of the Knowledge base is to provide additional information, documents and tools to support safe and effective contracting in public administration ICT.
This chapter is the second part of the elaboration of the requirements: "Principles and procedures for the acquisition and creation of public administration information systems" according to §8 of the current Decree 529/2006 Coll., on the requirements for the structure and content of the information concept and operational documentation and on the requirements for the management of security and quality of public administration information systems (Decree on the long-term management of public administration information systems) under the heading of questions: how to successfully implement and put into productive operation the selected solution. It contains essential and nationally applicable standards to the requirements of the Decree (after its expected amendment).
Informatics in the Authority serves its internal clients, informatics projects are intended to contribute to the achievement of Authority-wide goals, and public service change projects increasingly rely on informatics support. In addition, all projects in the Authority share a limited amount of project-appropriate human resources. Therefore, all individual ISMS projects need to be coordinated with each other within the ICT Unit, then more broadly across all projects across the Authority and, in the future, the eGovernment of the country.
The coordination of projects, their linking to programmes and the management of project portfolios is a service of the Project Office of the Authority (also referred to as "PK"16)). It builds on the work of the strategic units and is knowledgeably supported by the services of the Authority's overall architecture unit, the Architectural Office (also referred to as "AK"). For more information on joint project and programme management at the office level, see Management at the ICT unit level.
All projects that are related to each other in time, subject matter or otherwise, must be managed as a programme to ensure that together they deliver greater value and with greater certainty than if they were managed separately.
Whereas project management is primarily focused on achieving planned outputs while maintaining consumption of planned resources, programme management is primarily focused on meeting strategic objectives and achieving expected benefits. From this perspective, it is recommended that each individual project should also be managed using both project and programme principles. More on programme management Management at ICT unit level.
Very often a large number of projects are managed simultaneously in the ICT unit and across the office. The responsibility for their management is divided among several project directors with the support of project managers. A group of projects with a common responsibility of one project director or project manager, or conversely a group of projects similar in content, functional unit, supplier, shared resources or other criteria, is called a portfolio.
The basic feature of a portfolio is that someone specific is responsible for it and reports the progress of all projects in his/her portfolio to someone.
For each individual ISMS project, it follows that it must be clearly assigned to one director or manager and thus become part of his/her portfolio, his/her responsibility and his/her reporting to the SC and the management of the office.
For more information on project portfolio management techniques, see Management at ICT unit level.
=== Rules for managing individual ISVS implementation projects ===.
For any IT activity that meets the definition of a project or, depending on the scope of its implications, the ICCR stipulates that it should be consistently managed as a project from the outset, i.e. using project management methods, responsibilities and tools.
There are several definitions of a project which differ slightly from each other, but all express the same essence:
The obligation to apply project management is established for projects (at least one of them):
where changes to the ICT solution or infrastructure may impact on its resilience to cyber risks or its ability to deliver public services - risk criterion.
After the experience from the practical application of these rules, the next edition of the document may further limit the project management boundaries to accommodate small authorities, especially local governments.
For each project meeting the above conditions, the authority is obliged to include an adequate number of internal staff in the project team before the project starts, to ensure that the know-how applied or created in the project remains available as knowledge and skills (not just documentation) in the authority. This is one of several prerequisites to defend against an undesirable level of dependency on suppliers (Vendor Lock-In). In this context, we need to ensure that:
To the extent of their integration into the project, * the employees were subject to the project management, i.e. their direct supervisor is the head of the project team, who, inter alia, approves the employee's statements of work and awards remuneration for work on the project. The escalation levels are the project manager and the steering committee. This can be handled by means of delegation decrees, see below.
The section of the MCIT on the approach to the management of IT services describes the minimum roles and positions that the office and the IT service must have (In/Out) in order to fulfil the above requirements. At a minimum, specific human resources (by name) must be assigned to the following roles to ensure quality and safe management of ICT change projects:
In the Knowledge base a table of expected job and service roles for each project role will be prepared.
Appointments must be made in writing, via a letter of appointment signed by the appointee and the supervisor/manager. In doing so, it is clear that the Authority may use external service providers for the implementation of these roles, but this does not absolve it of the obligation to have internal staff assigned to the roles, "shadowing" - controlling external staff, with clearly defined responsibilities. The roles of project sponsor, project director and IT economist (project budget manager) cannot be outsourced.
Each project must have these roles arranged in an organizational structure containing a hierarchy of authority and responsibility:
For very small projects19), roles and responsibilities in the project management plan can be reduced accordingly, for example by having a separate Project Director (who must never be absent) take on part of the Steering Committee's roles and responsibilities, with the Authority's management as a whole taking on the remainder of the RCP's responsibilities, the Project Manager taking on part of the Core Team's roles and responsibilities, and the HTP taking on the remainder of the HTP's roles and all of the roles of the project teams. Redundancy is at the discretion of the project office or office management, where there is not already a PC.
Each ICT project, regardless of content or size, contains a minimum set of phases of its life cycle with fixed deadlines as defined by the methodology.
Regardless of the project management methodology used (Prince2, PMI, etc.), the project must pass at least a mandatory, methodology-specified minimum set of control milestones or interim activities aligned with both the need to deliver quality ICT solutions and the requirements of the financial control and procurement processes.
From the mandatory and extended set of milestones, intermediate activities and project deliverables, milestones, activities and deliverables relevant to the specific project are selected in a justified manner during the initial project planning. Non-selection, omission of a mandatory milestone, activity or output must be clearly justified in the project documentation.
A project managed in compliance with these ICRC rules must produce and use at least the minimum set of deliverables/working documents specified by the methodology. Each project must have, at a minimum, a project plan during project preparation, a project management plan during implementation and a project progress report at completion.
The project management mechanism must include mandatory reporting to the management of the Authority, for example through the project office or the project steering committee, once a month, containing a minimum set of data as defined by the methodology.
Project management must include active engagement with key stakeholders, their legitimate needs and expectations.
Project management must include an ongoing and final evaluation of the results and benefits achieved, and a guided learning of lessons learned.
More information and rules on the management of ICT projects and their portfolios, including links to human resources management, will be issued by the Ministry of the Interior of the Czech Republic in the form of an update of the Methodology for IT Project Management, which will also be published as part of the Knowledge Base.
An important and non-negotiable part of project management is, besides managing the scope, time and resources of the project (budget, people and technology/assets), also managing risks and taking appropriate measures to mitigate them.
Project risk and security management includes the management of cyber risks and security in accordance with their management methods and using tools at the level of the entire ICT unit and office, Management at the level of the ICT unit.. The optimal risk management method is a combination of practices from standard project management methods, the TOGAF framework and the issued recommendations of the NCIB. It is planned to release a set of accelerators in the Knowledge base to support best practice in this area.
Other principles such as "Security by design" and methods such as secure software development must be applied in the project.
The process is managed in accordance with the OHA's continuously issued Methodological Guidelines and their corresponding forms, see the OHA website, which together with other guidance and tools will be continuously updated in the Knowledge base.
=== Principles for documenting the actual implementation of an IT solution ===.
Knowledge of the current state of configuration items of the ICT application and technology architecture is a prerequisite for its effective management. However, this knowledge often does not include the current documentation of ICT systems, or accepted documentation of the actual implementation of the required change (e.g. setting access rights for individual user roles) or new ICT service, including knowledge of the current contractual support (maintenance), or contractual SLAs (what they are, until when they last, …).
The responsibility for reflecting accepted changes in the current documentation should always be clearly identified for individual ICT systems.
Optimally, this activity should be included as an integral part of the acceptance processes and the responsibility for it should be assigned to the organisationally competent Technical Administrator.
Standards, templates and typical examples of such documentation will be progressively updated in the Knowledge base.
In the last two years, software management has advanced significantly with the possibility of self-deploying the Gitlab portal, which not only manages all software versions, but more importantly, machine checks can be set up for this deployment method. It is also possible to roll back between versions and also check the described source code. In the commercial world, the deployment of systems via Gitlab has changed very quickly, because such deployment does not require human interaction and there is a complete audit trail of the changes made.
Architecture updates should have a set milestone of once a year or a maximum of a two-year cycle for small in-line changes. In the case of project-implemented changes, an update of the subject solution architecture models at all levels of detail (EA-PSA, SA and SD20)) must be completed and submitted together with the documentation of the actual implementation as part of the acceptance of the project deliverables.
The datasheets shall also have a record of all changes and subsequently all changes from the datasheets shall be propagated to the architecture models at a given milestone.
Careful acceptance of the results of the change implementation and verification of the successful transition of the new IS services into productive operation is one of the key project milestones and a milestone in the information system life cycle.
Proper acceptance of the deliverables is also directly related to the so-called Ex-ante approach to planning and change management (see Management of unified ICT solutions), as it allows to verify the achievement of the planned indicators of the selected solution method.
It is the intention of the MŘICT to follow the types of contracts concluded (Management of unified ICT solutions), the different ways of implementing the solutions of the implemented changes (Management of unified ICT solutions), the Methodology of IT project management (Management of unified ICT solutions) and other aspects of the acquired solution, to prepare and update in Knowledge base a set of guidelines and accelerators to facilitate and make more consistent the proper acceptance of the delivery of implemented changes.
Corresponds to the ITIL processes of part Service Design, part Service Transition, full Service Operation and Continuous Service Improvement, as well as the COBIT 5 processes of Deliver, Service and Support.
We will discuss with other partners and the result will be completed.
Building monitoring, defining monitoring and building a department to support and develop ICT services, including mechanisms for follow-up on datasheets and SLAs.
We will discuss with other partners and the outcome will be completed.
Example of a rule: The Authority is obliged to build its own competence centre (competence centre) for the maintenance and development of IS for which it is responsible as a subject matter manager for the flexible legislative development during the implementation of a new solution or after the effectiveness of this ICD for solutions for which it has not done so in the past. It can replace its own competence centre by securing such competence from another public administration or state-owned entity, either by contract or by law, but it must be competent capacity, independent of the original supplier, which the authority can dispose of as if it were its own staff.
A competence centre must be maintained for the solutions and platforms of these solutions.
We will discuss with other partners and the outcome will be completed.
Sub-recommendations related to the ServiceDesk knowledge base: the handling of every life situation in the ICT world must be measurable, as 90% of all life situations are recurrent and the knowledge base makes the service management system faster in all cases. Each incident takes days to resolve the first time, hours the second time and the next time the same incident is resolved the same day.
If you use an information system, centralise all requests in one place and have a team responsible for dealing with them, then the subsequent classification of these requests will quite naturally speed up their settlement.
Other methods of ISVS client care will be included in future editions of the MIRCT and updated in the Knowledge base after discussion with the professional community.
ISVS indirect governance methods will be included in the next editions of the DGICT and updated in the Knowledge base after consultation with the expert community.]