Text consolidated by Valsts valodas centrs (State
Language Centre) with amending regulations of:
31 August 2021 [shall come
into force on 3 September 2021];
26 May 2009 [shall come into force on 3 June 2009].
If a whole or part of a paragraph has been amended,
the date of the amending regulation appears in square
brackets at the end of the paragraph. If a whole
paragraph or sub-paragraph has been deleted, the date of
the deletion appears in square brackets beside the
deleted paragraph or sub-paragraph.
|
|
Republic
of Latvia
Cabinet
Regulation No. 764
Adopted 11 October 2005
|
General Technical Requirements of
State Information Systems
Issued pursuant to
Section 4, Paragraph two of the Law on State Information
Systems
1. The Regulation prescribes the general technical
requirements of the State information systems.
2. The general technical requirements of the State information
system (hereinafter - the information system) shall be complied
with in the management of the information and technical resources
of the information system. The management task shall be to
ensure:
2.1. the implementation of the information system functions
specified in laws and regulations;
2.2. the security and development of the information
system;
2.3. the movement of data in an integrated information
system.
[31 August 2021]
2.1 In determining the non-functional technical
requirements of the information systems, the information system
manager shall comply with the minimum non-functional technical
requirements specified in the Annex to this Regulation for the
information systems and shall co-ordinate the exceptions with the
Ministry of Environmental Protection and Regional Development
(hereinafter - the Ministry) in accordance with the laws and
regulations governing the supervision of development projects for
the State information systems.
[31 August 2021]
3. The information system manager is responsible for the
compliance with the general technical requirements of the
information system.
[31 August 2021]
4. With regard to the information resources of the information
system (a set of thematically related, structured information in
electronic form at the disposal of the State authority which is
included in the information system) and technological resources
(a set of information and communication technology hardware or
software units or a separate unit at the disposal of the State
authority) the information system manager shall comply with the
following requirements:
4.1. such software shall be used for the creation of an
interface for the information system users which is not attached
to specific technical equipment or to a specific operating
system;
4.2. the information system shall use software in accordance
with the requirements specified in the software licence;
4.3. the information system shall use software with which
audit trails are performed when registering information about
events in the information system in order to ensure the
opportunity of evaluating their impact on the information system
security;
4.4. the information system user interface shall ensure the
opportunity of sending and receiving data using
platform-independent file formats and data transmission
protocols;
4.5. the information system documentation is sufficient in
order for the authorised person of the information system manager
to be able to make changes to the information system or
completely restore the operation of the information system.
[31 August 2021]
5. When using the technological resources of information
systems, the information system manager shall also comply with
the following requirements:
5.1. they shall be used according to the requirements
specified by the manufacturer;
5.2. they may be replaced with technical equipment offered by
other manufacturers;
5.3. the use thereof shall ensure the security of the
information system and the functioning of the information system
in an integrated information system.
[31 August 2021]
6. Upon determining the requirements for the information and
technological resources of information systems, the information
system manager shall comply with the requirements specified in
laws and regulations in the field of the circulation and storage
of electronic documents.
[31 August 2021]
7. The information system manager shall ensure the
implementation of the requirements specified by Regulation (EU)
2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard to
the processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data Protection
Regulation).
[31 August 2021]
8. If, when using the information system, the circulation of
such information is ensured which, in accordance with the law On
Official Secret, is recognised as an official secret object, the
information system manager shall ensure the implementation of the
requirements specified in this Regulation, insofar as it is not
in contradiction with the laws and regulations regarding the
protection of official secret objects.
[31 August 2021]
9. If, when using the information system, the circulation of
such information is ensured which, in accordance with the Freedom
of Information Law, is regarded as information for official use
only, the information system manager shall ensure the
implementation of the requirements specified in this Regulation,
insofar as it is not in contradiction with the laws and
regulations regarding the protection of information for official
use only.
[31 August 2021]
10. The information system manager shall ensure the
implementation of the requirements specified in this Regulation
according to the State budget funds allocated for this.
[31 August 2021]
11. The Ministry shall supervise the implementation of this
Regulation.
[31 August 2021]
12. The minimum non-functional technical requirements of the
information systems referred to in the Annex to this Regulation
shall apply to the information systems the establishment or
significant transformation of which has been commenced after 1
October 2021.
[31 August 2021]
Prime Minister A. Kalvītis
Minister for Special Assignments
in Electronic Government Affairs J. Reirs
Annex
Cabinet Regulation
No. 764
11 October 2005
Minimum Non-Functional Technical
Requirements of Information Systems
[31 August 2021 / See Paragraph
12 of the Regulation]
| 1. |
Data
opening requirements* |
| 1.1. |
The information system
requirements and draft project shall be created in accordance
with the "open by default" principle, providing for a certain
part of the system data classified as generally available
information to be published in the form of open data in the
Latvian Open Data Portal (https://data.gov.lv) (hereinafter -
the Open Data Portal) or the State Unified Geospatial
Information Portal (https://geolatvija.lv) |
| 1.2. |
The publishing of open data is
fully automated, following the standards, guidelines, and
corresponding data publishing scenarios set out in the Open
Data Portal |
| 1.3. |
Data in the Open Data Portal
shall be updated (re-published) once new data is available,
concurrently assessing the need of users for up-to-date data
availability |
Note. * Shall not apply to the data relating to the State and
public security, personal data, and data in accordance with the
Freedom of Information Law.
| 2. |
Requirements for Data Storage and Movement |
| 2.1. |
Information systems shall be
designed and developed for the efficient and high-quality
provision of State administration services in accordance with
the single principle (on the submission and request of
data/information) in such a way that the management of their
collection and maintenance is the responsibility of the
authorities which are primarily responsible for them (in
primary data sources), ensuring effective management of
controlled data movement in the State administration if any
of the legal grounds specified in Regulation (EU) 2016/679 of
the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the
processing of personal data and on the free movement of such
data, and repealing Directive 95/46/EC (General Data
Protection Regulation) exist and in accordance with the
procedures specified in laws and regulations - also outside
the State administration. The principles specified in the
State Administration Structure Law and Regulation (EU)
2016/679 of the European Parliament and of the Council of 27
April 2016 on the protection of natural persons with regard
to the processing of personal data and on the free movement
of such data, and repealing Directive 95/46/EC (General Data
Protection Regulation) shall be complied with in the movement
of the data of State administration institutions |
| 2.2. |
The State information systems'
integrator (SISI) shall be used for the controlled movement
of data among different State administration authorities, and
also for the controlled movement of data outside the State
administration, applying the most appropriate technical
solution proposed by the integrator (including the data
distribution network (DDN), the service gateway and the data
aggregator (DGR)) to specific data movements. Where the
transfer of data takes place only between two State
administration institutions, the use of the State information
systems' integrator (SISI) is not compulsory |
| 2.3. |
The technological solutions and
operational processes of the information system shall have
permanently available data to be disseminated in accordance
with the level of availability required by their users and
contracted by the service, unless the data availability
function has been transferred to the data aggregator (DGR) of
the State information systems' integrator. The technological
solutions of the information system shall ensure that data
are available from the interfaces used previously, at least
until functionally appropriate interfaces are transmitted to
SISI (including the DGR) |
| 2.4. |
In order to ensure efficient
(i.e. automated) data movement in the State administration,
the priority of programmable interfaces (including API first
principle) shall be taken into account when programming and
developing information systems. Software interfaces and web
services providing them shall be published in the integrators
of authority, industry or national level (i.e. SISI services
gateway) depending on the scope of the intended use of the
relevant interface |
|
|
|
| 3. |
Identification Requirements for Information System Users |
| 3.1. |
Users shall be provided with the
ability to use identification tools appropriate to their
level of protection, avoiding the use of single-factor means
(passwords) as a means of authentication and taking into
account the requirements of the Law on Electronic
Identification of Natural Persons and Regulation (EU) No
910/2014 of the European Parliament and of the Council of 23
July 2014 on electronic identification and trust services for
electronic transactions in the internal market and repealing
Directive 1999/93/EC (eIDAS Regulation) |
| 3.2. |
In the information systems for
which the level of protection of the information to be
processed or the limitations of the technical solutions
require a higher level of security for authentication as the
directory or end-equipment used for identification, the State
administration employees shall use qualified or increased
security-level qualified electronic identification means for
identification in production environments |
| 3.3. |
Information systems, service
sites, and portals providing for the identification of users
of more than one institution shall provide identification
possibilities with electronic identification means complying
with system security requirements, including national,
qualified, and increased security-level qualified
identification means. If the use of other types of
multi-factor identification means (such as bank eID means) is
also permitted for the extension of the digital service
users, it shall be technically provided through the single
application service of the State Regional Development Agency
(hereinafter - the Agency) |
| 3.4. |
For information systems, service
sites, and portals which, in accordance with the requirements
of the eIDAS Regulation, must also be accessed through the
electronic identification means notified by other EU Member
States, it shall be technically provided through the single
application service of the Agency |
|
|
|
| 4. |
Application Software Sharing and Architecture
Requirements |
| 4.1. |
When developing specialised
application software solutions, the architectural
requirements of effective sharing, re-use, and modular,
interoperable, and ICT infrastructure efficient software
solutions shall be complied with |
| 4.2. |
The functionality of the
information system shall be created by optimally and
efficiently using available sharing services and reusable
software solutions and components at European Union level
(information on the EC website Joinup
https://joinup.ec.europa.eu/ and the Ministry website
www.varam.gov.lv) and at Latvian level (information on the
Agency's website https://viss.gov.lv/ and the Ministry
website www.varam.gov.lv) |
| 4.3. |
When developing information
systems and concluding contracts regarding the development of
commissioning software, the conditions of the contract shall
provide for the transfer of ownership rights of authors which
guarantees the software development customer - the Republic
of Latvia - the right to take over, legally and effectively,
the performance of the contract after termination of the
contract and to continue the activities provided for in the
contract or to transfer them to another supplier |
| 4.4. |
Sharing services (see also
Sub-paragraphs 3.3, 3.4, and 4.2 of this Annex), also
including State administration data publishing (see
Sub-paragraph 1.2 of this Annex) and controlled data movement
(see Sub-paragraph 2.4 of this Annex) services, shall be used
in the technical solution thereof for ensuring the
functionality required for the information system. Use of
shared functionality in user interface solutions is also
allowed in the form of embedded components |
| 4.5. |
Open code platforms and
solutions shall be used when developing new information
systems. Their technological solutions shall meet the
requirements of a modern ICT architecture which is modular,
interoperable, and efficiently uses ICT infrastructure in
accordance with the technology architecture guidelines for
specialised application software published by the Ministry.
The abovementioned requirements also apply to the conversion
of existing information systems or parts thereof by replacing
the software code |
| 4.6. |
The architectural requirements
and design of the application software, including the
platforms to be used and the requirements of support and
licensing, shall be coordinated with the ICT infrastructure
sharing service provider whose services will be used |
|
|
|
| 5. |
Requirements for the Use of ICT Infrastructure Services |
| 5.1. |
ICT infrastructure sharing
services shall be used to operate the information system |
| 5.2. |
Information systems shall not
impose specific requirements on end-user equipment and their
preparation for the operation of the system. The user
interfaces of the information system are fully functional in
both computer and mobile equipment browsers. The requirements
for end-user equipment of the information system shall be
co-ordinated with the computerised workplace development plan
and the service provider. The requirements shall not apply to
the information systems whose architecture prevents the
replacement of technical equipment and need not apply to
specialised information systems for a narrow range of users
(for example, accounting information systems used by
accountants alone) |
| 5.3. |
High value added computing
infrastructure services shall be used during the whole life
cycle of the information system, starting with the
development and testing of the information system, and these
services shall include automation in the management of
software items, including the preparation and application of
releases, testing automation, and performance monitoring |
| 5.4. |
The information system uses, in
accordance with its performance and operational continuity
requirements, computing capacity scalability, capacity
splitting, and reservation capabilities provided by computing
infrastructure services and effectively releases the reserved
computing capacities when they are not in use |
| 5.5. |
The planned specifications for
computing infrastructure services shall be coordinated with
the service provider whose services are intended to be
used |
Translation © 2022 Valsts valodas centrs (State
Language Centre)
