File Service. Document verification and extraction, HR systems, emails, remote storage. Even public administration is going digital. These are just some of the areas where digitalisation is not only necessary but also desirable. And if you, as a *aaS solution provider, want to be there, there is an administrative task ahead of you - registering in the cloud computing provider directory. How and why can you join the directory? Find out below.
Public administrations process huge amounts of data in their information systems. With the advent of the possibility of providing services in the cloud (through cloud computing) instead of having to install them on their own hardware, this option has become attractive for public administration.
On the other hand, however, what is typically highlighted as an advantage of the cloud - less worries about their own hardware, flexibility of the provided performance and the ability to access data from anywhere - is also a security risk for the owners of the processed data.
The National Office for Cybersecurity and Information Security (NUCSIS) also responded to these security risks by issuing Decree No. 316/2021 Coll., on requirements for entry into the cloud computing directory, and Decree No. 315/2021 Coll., on security levels for the use of cloud computing by public authorities, which supplement Act No. 365/2000 Coll., on public administration information systems. ↗
The directory of cloud computing providers is a database maintained by the Ministry of the Interior of the Czech Republic. The creation of a unified list of secure cloud providers to the public administration is aimed at streamlining the operation of public administration bodies and ensuring that the public administration will use only providers capable of ensuring a basic level of protection of confidentiality, integrity and availability of information of the public administration body to operate its information systems.
Public administrations may only use cloud service providers that provide sufficient data protection against cyber-attacks. From 1 January 2023, public authorities may only conclude new contracts for the provision of cloud services with providers listed in the directory.
The provider itself does not have to be a cloud computing operator, as is the case in the vast majority of cases where the cloud provider resells the services of large cloud companies such as MS, Google or AWS.
Therefore, the Information Systems Act sets out an additional set of rules for the security of cloud computing itself. Public administrations may only use such cloud services for their information systems:
The formal step is to fill in the application form for registration of the provider in the cloud computing directory ↗, which is publicly available on the website of the Ministry of the Interior of the Czech Republic. The Ministry decides on registration in the directory within 45 days from the date of submission.
Poskytovatel musí splnit následující požadavky:
The application must also be submitted with:
The absence of relevant references is not in itself a reason to reject a provider's application for inclusion in the cloud computing directory.
Do you want to get registered as a cloud computing provider? We will be happy to help you with the registration. For more information, please see our service offer ↗.
Cloud is the future, even in public administration. But access to shared technical or software resources must be secure.
Providing evidence of having fulfilled the requirements for cloud computing enrolment requires a systematic approach that responds to the requirements and environment of the public administration. At the same time, it can be an administrative process that we are happy to help you with.