| (a) |
after consultation with all relevant stakeholders, develop a strategy regarding the convergence of information systems’ and other systems for departments, and may do so for public bodies; and |
| (b) |
at all times demonstrate the value added by a private telecommunication network3 or value-added network service4 provided by the Agency in terms of section 7(1)(a)(i) of the Act. |
| (a) |
after consultation with the GITO Council and with the approval of the Minister, prepare a comprehensive disaster recovery strategy and business continuity plan and procedures for mandatory services used by departments; |
| (b) |
ensure that the plan take due cognisance of the business and enterprise architecture of departments and complies with legislation regarding archiving and security and any other relevant legislation; |
| (c) |
test the plan and procedures, at such intervals as the Minister determines from time to time and timeously inform departments of defects, problems and risks; |
| (d) |
submit the results of the test contemplated in paragraph (c) to the Minister within 30 days of receipt thereof and the GlTO Council for information; |
| (e) |
review the plan and procedures and, after consultation with the GITO Council and with the approval of the Minister, amend the plan or procedures as may be required from time to time; and |
| (f) |
recover the costs related to the plan and procedures according to the rates determined in terms of section 16(2) of the Act. |
| 4.2 |
SETTING OF STANDARDS 5
|
| 4.2.1 |
Before setting or amending standards regarding the interoperability of information systems between departments and a comprehensive information systems security6 environment for departments in terms of section 7(6)(a) of the Act, the Agency must— |
| (a) |
consult with departments and the GITO Council in order to assess the status of implemented systems and the proposed requirements; |
| (b) |
conduct an implementation impact analysis and develop a business case demonstrating the cost-effectiveness of such standards; and |
| (c) |
give due consideration to all representations received from departments and the GITO Council before submitting proposed standards, or an amendment thereof, to the Minister and the Minister of Intelligence for approval as required by section 7(6)(a)(i) and (ii) of the Act. |
| 4.2.2 |
The Agency must set the standards, contemplated in section 7(6)(a) of the Act, not later than a date determined by the Minister. |
| 4.2.3 |
The standards set in terms of section 7(6)(a) of the Act must be made available to all heads of departments and on the Agency's web site. |
| 4.3 |
CERTIFICATION OF INFORMATION TECHNOLOGY GOODS AND SERVICES 7
|
| 4.3.1 |
The Agency must, within a period determined by the Minister, conduct standard certification in respect of all information technology goods or services, which were acquired by departments before the commencement of these Regulations. |
| 4.3.2 |
The Agency must conduct the standard certification, referred to in regulation 4.3.1, according to a plan, including the time frames, approved by the designated official. |
| 4.3.3 |
The Agency must conduct standard certification of information technology goods or services— |
| (a) |
acquired on or after the commencement of these Regulations by a department from the Agency in terms of section 7(4)(a)(i) or (b)(i) of the Act before conclusion of the relevant service level agreement; and |
| (b) |
procured on or after commencement of these Regulations by a department through the Agency in terms of section 7(4)(a)(ii) or (b)(ii) in accordance with the applicable provisions of Part 3 of these Regulations. |
| (a) |
include in its business plan for the next financial year the priorities and rationale for research planned to be carried out in terms of section 7(6)(d) of the Act; and |
| (b) |
submit the plan to the Minister and the GITO Council for information. |
| 4.4.2 |
For purposes of research envisaged in section 7(6)(d) of the Act, the Agency must annually submit to the Minister and the GITO Council for information a report on— |
| (a) |
all research activities carried out in the previous year; and |
| (b) |
in respect of each research activity— |
| (ii) |
the resources uitilised; |
| (iii) |
the expenditure incurred; and |
| (iv) |
the value added to any one or more department or public body or Government as a whole and the innovations arising there from, and the strategic impact thereof. |
| 4.4.3 |
Before undertaking research envisaged in section 7(6)(d) of the Act that would be directly relevant to the area of responsibility of a department or public body, the Agency must consult with that department or public body. |
| 4.4.4 |
The Agency must endeavour not to duplicate completed or pending research regarding information technology conducted by, or on behalf of, departments and public bodies. |
| 4.5 |
AUTHENTICATION PRODUCTS OR SERVICES 9
|
If the Agency decides not to provide authentication products or services as envisaged in section 7(7) of the Act and more than one preferred authentication service provider are available, the Agency must identify one of such providers by means of a competitive bidding process in accordance with its procurement policy and procedures.
The Agency must compile and maintain an up-to-date inventory of all information systems of departments to serve as basis for determining duplication of information systems.
_______________________________________
|
1 |
See section 7(1)(a) of the Act which provides that the Agency must on request of a department in terms of section 7(4) or may on the request of a public body in terms of section 7(5) provide systems and services listed in section 7(1)(a)(i) to (iii). |
|
2 |
The term ‘information systems” is defined in section 1 of the Act as “applications and systems to support the business whilst utilising information technology as an enabler or tool”. |
|
3 |
The term is defined in the Telecommunications Act, 1996 (Act No. 103 of 1996) as "a telecommunication system provided by a person for purposes principally or integrally related to the operations of that person and which is installed onto two or more separate, non-contiguous premises and where the switching systems (nodes) of at least two of these premises are interconnected to the public switched telecommunication network as contemplated in section 41" of that Act. |
|
4 |
The term is defined in the Telecommunications Act, 1996, as "a telecommunication service provided by a person over a telecommunication facility, which facility has been obtained by that person in accordance with the provisions of section 40(2) of the [Telecommunications] Act, to one or more customers of that person concurrently, during which value is added for the benefit of the customers, which may consist of— |
| (a) |
any kind of technological intervention that would act on the content, format or protocol or similar aspects of the signals transmitted or received by the customer in order to provide those customers with additional, different or restructured information; |
| (b) |
the provision of authorised access to, and interaction with, processes for storing and retrieval of text and data; |
| (c) |
managed data network services. |
| 5 |
See section 7(6)(a) of the Act. |
| 6 |
The term "information systems security" is defined in section 1 of the Act as "to preserve the availability, integrity and confidentiality of information systems and information according to affordable security practices*. |
| 7 |
See section 7(6)(b) of the Act. |
| 8 |
See section 7(1)(b)(v) and (6)(d) of the Act. |
| 9 |
See section 7(6)(c) and (7) of the Act. If necessary, any further regulations pertaining to selling or provisioning authentication products and services for departments will be incorporated prior to such products and services being required. |
| 10 |
See section 7(8)(a) of the Act. |
Debt Collectors Act, 1998
