{"id":60998,"date":"2023-12-08T20:24:20","date_gmt":"2023-12-08T11:24:20","guid":{"rendered":"https:\/\/monolith.law\/cs\/?p=60998"},"modified":"2024-04-14T13:33:26","modified_gmt":"2024-04-14T04:33:26","slug":"vendor-compensation","status":"publish","type":"post","link":"https:\/\/monolith.law\/cs\/it\/vendor-compensation","title":{"rendered":"\u0160kody zp\u016fsoben\u00e9 kybernetick\u00fdm \u00fatokem. Jak\u00e1 je odpov\u011bdnost dodavatele syst\u00e9mu za n\u00e1hradu \u0161kody? Vysv\u011btlen\u00ed p\u0159\u00edkladu uveden\u00e9ho ve smlouv\u011b"},"content":{"rendered":"\n<p>V posledn\u00edch letech se po\u010det kybernetick\u00fdch \u00fatok\u016f na podniky neust\u00e1le zvy\u0161uje.<\/p>\n\n\n\n<p>Podle pr\u016fzkumu proveden\u00e9ho Japonskou asociac\u00ed pro s\u00ed\u0165ovou bezpe\u010dnost (JNSA), kter\u00e1 je specifickou neziskovou organizac\u00ed, byl v roce 2013 pod\u00edl neopr\u00e1vn\u011bn\u00fdch p\u0159\u00edstup\u016f na celkov\u00e9m po\u010dtu p\u0159\u00edpad\u016f \u00faniku osobn\u00edch \u00fadaj\u016f 4,7%, ale v roce 2018 (gregori\u00e1nsk\u00fd kalend\u00e1\u0159) se tento pod\u00edl zv\u00fd\u0161il na 20,3% (<a href=\"https:\/\/www.jnsa.org\/result\/incident\/2018.html\" target=\"_blank\" rel=\"noreferrer noopener\">Zpr\u00e1va o pr\u016fzkumu incident\u016f t\u00fdkaj\u00edc\u00edch se informa\u010dn\u00ed bezpe\u010dnosti v roce 2018[ja]<\/a>).<\/p>\n\n\n\n<p>V tomto \u010dl\u00e1nku vysv\u011btl\u00edme rozsah odpov\u011bdnosti, kterou nese dodavatel syst\u00e9mu v p\u0159\u00edpad\u011b kybernetick\u00e9ho \u00fatoku, na z\u00e1klad\u011b p\u0159edchoz\u00edch soudn\u00edch rozhodnut\u00ed. D\u00e1le tak\u00e9 na z\u00e1klad\u011b modelov\u00e9 smlouvy vysv\u011btl\u00edme role a rozsah odpov\u011bdnosti, kter\u00e9 by m\u011bly b\u00fdt stanoveny v smlouv\u011b, aby dodavatel a u\u017eivatel mohli spole\u010dn\u011b p\u0159ijmout opat\u0159en\u00ed proti kybernetick\u00fdm \u00fatok\u016fm.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Nese_systemovy_dodavatel_odpovednost_za_skody_zpusobene_kybernetickym_utokem\" title=\"Nese syst\u00e9mov\u00fd dodavatel odpov\u011bdnost za \u0161kody zp\u016fsoben\u00e9 kybernetick\u00fdm \u00fatokem?\">Nese syst\u00e9mov\u00fd dodavatel odpov\u011bdnost za \u0161kody zp\u016fsoben\u00e9 kybernetick\u00fdm \u00fatokem?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Odpovednost_systemovych_dodavatelu_za_skody_a_priklady_uvedeni_v_smlouvach\" title=\"Odpov\u011bdnost syst\u00e9mov\u00fdch dodavatel\u016f za \u0161kody a p\u0159\u00edklady uveden\u00ed v smlouv\u00e1ch\">Odpov\u011bdnost syst\u00e9mov\u00fdch dodavatel\u016f za \u0161kody a p\u0159\u00edklady uveden\u00ed v smlouv\u00e1ch<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Smlouva_o_vyvoji_softwaru\" title=\"Smlouva o v\u00fdvoji softwaru\">Smlouva o v\u00fdvoji softwaru<\/a><ul class='ez-toc-list-level-4'><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Smlouva_o_dilo\" title=\"Smlouva o d\u00edlo\">Smlouva o d\u00edlo<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Podrizena_smlouva\" title=\"Pod\u0159\u00edzen\u00e1 smlouva\">Pod\u0159\u00edzen\u00e1 smlouva<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Smlouva_o_udrzbe_a_provozu_systemu\" title=\"Smlouva o \u00fadr\u017eb\u011b a provozu syst\u00e9mu\">Smlouva o \u00fadr\u017eb\u011b a provozu syst\u00e9mu<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Smlouva_o_vyuziti_cloudovych_sluzeb\" title=\"Smlouva o vyu\u017eit\u00ed cloudov\u00fdch slu\u017eeb\">Smlouva o vyu\u017eit\u00ed cloudov\u00fdch slu\u017eeb<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Kriteria_pro_posouzeni_rozsahu_odpovednosti_za_skody_na_strane_systemoveho_dodavatele\" title=\"Krit\u00e9ria pro posouzen\u00ed rozsahu odpov\u011bdnosti za \u0161kody na stran\u011b syst\u00e9mov\u00e9ho dodavatele\">Krit\u00e9ria pro posouzen\u00ed rozsahu odpov\u011bdnosti za \u0161kody na stran\u011b syst\u00e9mov\u00e9ho dodavatele<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Byla_provedena_opatreni_v_souladu_s_technickou_urovni_v_dobe_vyvoje\" title=\"Byla provedena opat\u0159en\u00ed v souladu s technickou \u00farovn\u00ed v dob\u011b v\u00fdvoje?\">Byla provedena opat\u0159en\u00ed v souladu s technickou \u00farovn\u00ed v dob\u011b v\u00fdvoje?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Je_na_strane_uzivatelske_firmy_nejaka_chyba\" title=\"Je na stran\u011b u\u017eivatelsk\u00e9 firmy n\u011bjak\u00e1 chyba?\">Je na stran\u011b u\u017eivatelsk\u00e9 firmy n\u011bjak\u00e1 chyba?<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Tri_klicove_body_pro_bezpecny_vyvoj_systemu\" title=\"T\u0159i kl\u00ed\u010dov\u00e9 body pro bezpe\u010dn\u00fd v\u00fdvoj syst\u00e9m\u016f\">T\u0159i kl\u00ed\u010dov\u00e9 body pro bezpe\u010dn\u00fd v\u00fdvoj syst\u00e9m\u016f<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Pochopeni_kybernetickych_rizik_na_ktere_upozornuji_vladni_agentury_a_dalsi\" title=\"Pochopen\u00ed kybernetick\u00fdch rizik, na kter\u00e9 upozor\u0148uj\u00ed vl\u00e1dn\u00ed agentury a dal\u0161\u00ed\">Pochopen\u00ed kybernetick\u00fdch rizik, na kter\u00e9 upozor\u0148uj\u00ed vl\u00e1dn\u00ed agentury a dal\u0161\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Obe_strany_rozumi_potrebe_zabezpeceni\" title=\"Ob\u011b strany rozum\u00ed pot\u0159eb\u011b zabezpe\u010den\u00ed\">Ob\u011b strany rozum\u00ed pot\u0159eb\u011b zabezpe\u010den\u00ed<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Obe_strany_spolecne_celi_kybernetickym_utokum\" title=\"Ob\u011b strany spole\u010dn\u011b \u010del\u00ed kybernetick\u00fdm \u00fatok\u016fm\">Ob\u011b strany spole\u010dn\u011b \u010del\u00ed kybernetick\u00fdm \u00fatok\u016fm<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Shrnuti_Konzultujte_tvorbu_smlouvy_o_vyvoji_systemu_s_pravnikem\" title=\"Shrnut\u00ed: Konzultujte tvorbu smlouvy o v\u00fdvoji syst\u00e9mu s pr\u00e1vn\u00edkem\">Shrnut\u00ed: Konzultujte tvorbu smlouvy o v\u00fdvoji syst\u00e9mu s pr\u00e1vn\u00edkem<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/monolith.law\/cs\/it\/vendor-compensation\/#Predstaveni_opatreni_nasi_kancelare\" title=\"P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e\">P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Nese_systemovy_dodavatel_odpovednost_za_skody_zpusobene_kybernetickym_utokem\"><\/span>Nese syst\u00e9mov\u00fd dodavatel odpov\u011bdnost za \u0161kody zp\u016fsoben\u00e9 kybernetick\u00fdm \u00fatokem?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/02\/shutterstock_134919143.jpg\" alt=\"Nese syst\u00e9mov\u00fd dodavatel odpov\u011bdnost za \u0161kody zp\u016fsoben\u00e9 kybernetick\u00fdm \u00fatokem?\" class=\"wp-image-58926\" \/><\/figure>\n\n\n\n<p>Pokud dojde k po\u0161kozen\u00ed v d\u016fsledku kybernetick\u00e9ho \u00fatoku na stran\u011b u\u017eivatele, prvn\u00ed, kdo by m\u011bl n\u00e9st odpov\u011bdnost, je pachatel kybernetick\u00e9ho \u00fatoku. Nicm\u00e9n\u011b, pokud by mohlo doj\u00edt k \u00fatoku kv\u016fli nedbalosti p\u0159i v\u00fdvoji a provozu syst\u00e9mu, m\u016f\u017ee b\u00fdt uzn\u00e1na \u017e\u00e1dost o n\u00e1hradu \u0161kody ze strany u\u017eivatele v\u016f\u010di dodavateli syst\u00e9mu.<\/p>\n\n\n\n<p>Z\u00e1kladem pro \u017e\u00e1dost o n\u00e1hradu \u0161kody, kter\u00e1 je v\u016f\u010di dodavateli syst\u00e9mu uplat\u0148ov\u00e1na, jsou n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<ul>\n<li>Odpov\u011bdnost za nespln\u011bn\u00ed smlouvy<\/li>\n\n\n\n<li>Poru\u0161en\u00ed povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de<\/li>\n<\/ul>\n\n\n\n<p>Av\u0161ak, \u0161koda m\u016f\u017ee b\u00fdt zv\u011bt\u0161ena vinou u\u017eivatele. V takov\u00e9m p\u0159\u00edpad\u011b je uzn\u00e1na tak\u00e9 odpov\u011bdnost u\u017eivatele. Ve skute\u010dn\u00fdch soudn\u00edch p\u0159\u00edpadech byla tato situace zohledn\u011bna jako kompenzace za nedbalost a byly p\u0159\u00edpady, kdy byla n\u00e1hrada \u0161kody v\u016f\u010di dodavateli syst\u00e9mu omezena.<\/p>\n\n\n\n<p>Souvisej\u00edc\u00ed \u010dl\u00e1nek: <a href=\"https:\/\/monolith.law\/corporate\/categories-of-cyber-crime\" target=\"_blank\" rel=\"noreferrer noopener\">Jak\u00e9 jsou t\u0159i kategorie kybernetick\u00e9 kriminality? Advok\u00e1t vysv\u011btluje opat\u0159en\u00ed proti \u0161kod\u00e1m pro ka\u017ed\u00fd vzorec[ja]<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Odpovednost_systemovych_dodavatelu_za_skody_a_priklady_uvedeni_v_smlouvach\"><\/span>Odpov\u011bdnost syst\u00e9mov\u00fdch dodavatel\u016f za \u0161kody a p\u0159\u00edklady uveden\u00ed v smlouv\u00e1ch<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Jako p\u0159edstavitel\u00e9 IT syst\u00e9mov\u00fdch smluv mezi syst\u00e9mov\u00fdm dodavatelem a u\u017eivatelem, kter\u00fdm je podnik, existuj\u00ed n\u00e1sleduj\u00edc\u00ed t\u0159i p\u0159\u00edklady:<\/p>\n\n\n\n<ol>\n<li>Smlouva o v\u00fdvoji softwaru<\/li>\n\n\n\n<li>Smlouva o \u00fadr\u017eb\u011b a provozu syst\u00e9mu<\/li>\n\n\n\n<li>Smlouva o vyu\u017eit\u00ed cloudov\u00fdch slu\u017eeb<\/li>\n<\/ol>\n\n\n\n<p>Odpov\u011bdnost za \u0161kody je ur\u010dena p\u016fvodn\u00ed smlouvou, proto n\u00ed\u017ee vysv\u011btlujeme podle typu smlouvy.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Smlouva_o_vyvoji_softwaru\"><\/span>Smlouva o v\u00fdvoji softwaru<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Smlouva o v\u00fdvoji softwaru je smlouva uzav\u0159en\u00e1, kdy\u017e spole\u010dnost na stran\u011b u\u017eivatele sv\u011b\u0159\u00ed v\u00fdvoj sv\u00e9ho syst\u00e9mu softwarov\u00e9mu dodavateli.<\/p>\n\n\n\n<p>Pokud se spole\u010dnost na stran\u011b u\u017eivatele stane c\u00edlem kybernetick\u00e9ho \u00fatoku a zranitelnost softwaru se stane p\u0159\u00ed\u010dinou roz\u0161\u00ed\u0159en\u00ed \u0161kody, m\u016f\u017ee b\u00fdt uzn\u00e1na odpov\u011bdnost dodavatele v\u016f\u010di u\u017eivateli.<\/p>\n\n\n\n<p>Odpov\u011bdnost, kterou nese dodavatel syst\u00e9mu, se li\u0161\u00ed podle typu smlouvy o v\u00fdvoji softwaru a m\u016f\u017ee b\u00fdt rozd\u011blena do dvou kategori\u00ed:<\/p>\n\n\n\n<ul>\n<li>Smlouva o d\u00edlo: Odpov\u011bdnost za nespln\u011bn\u00ed smlouvy<\/li>\n\n\n\n<li>Pod\u0159\u00edzen\u00e1 smlouva: Poru\u0161en\u00ed povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de<\/li>\n<\/ul>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Smlouva_o_dilo\"><\/span>Smlouva o d\u00edlo<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>Smlouva o d\u00edlo je smlouva, kter\u00e1 slibuje dokon\u010den\u00ed syst\u00e9mu a za kterou je odm\u011bna placena za v\u00fdsledn\u00fd produkt.<\/p>\n\n\n\n<p>Pokud dodan\u00fd v\u00fdsledek &#8220;nespl\u0148uje \u00fa\u010del smlouvy&#8221;, vznik\u00e1 po ur\u010ditou dobu po dod\u00e1n\u00ed odpov\u011bdnost za nespln\u011bn\u00ed smlouvy (<a href=\"https:\/\/elaws.e-gov.go.jp\/document?lawid=129AC0000000089\" target=\"_blank\" rel=\"noreferrer noopener\">Ob\u010dansk\u00fd z\u00e1kon\u00edk \u00a7559, \u00a7562[ja]<\/a>) na stran\u011b dodavatele.<\/p>\n\n\n\n<p>Jin\u00fdmi slovy, existuje riziko, \u017ee pokud v\u00fdsledek umo\u017en\u00ed snadn\u00e9 zp\u016fsoben\u00ed syst\u00e9mov\u00e9 poruchy kybernetick\u00fdm \u00fatokem, m\u016f\u017ee b\u00fdt pova\u017eov\u00e1n za &#8220;nespln\u011bn\u00ed \u00fa\u010delu smlouvy&#8221; a u\u017eivatel m\u016f\u017ee po\u017eadovat od\u0161kodn\u011bn\u00ed za nespln\u011bn\u00ed smlouvy.<\/p>\n\n\n\n<p>Zda je tento po\u017eadavek uzn\u00e1n, z\u00e1vis\u00ed na \u00farovni zabezpe\u010den\u00ed softwaru, kterou strany p\u0159edem dohodly.<\/p>\n\n\n\n<div class=\"wp-block-group has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"background-color:#f4f4f4\"><div class=\"wp-block-group__inner-container\">\n<p>\u3010P\u0159\u00edklad z\u00e1pisu odpov\u011bdnosti za nespln\u011bn\u00ed smlouvy\u3011<\/p>\n\n\n\n<p>\u010cl\u00e1nek X Po dokon\u010den\u00ed p\u0159ezkoum\u00e1n\u00ed podle p\u0159edchoz\u00edho \u010dl\u00e1nku, pokud je zji\u0161t\u011bna nesrovnalost (v\u010detn\u011b chyb, d\u00e1le jen &#8220;nespln\u011bn\u00ed smlouvy&#8221;) mezi dodan\u00fdm produktem a specifikac\u00ed syst\u00e9mu, m\u016f\u017ee strana A po\u017eadovat od strany B n\u00e1pravu nebo jin\u00e9 pln\u011bn\u00ed (d\u00e1le jen &#8220;dopl\u0148kov\u00e9 pln\u011bn\u00ed&#8221;). Strana B je povinna prov\u00e9st takov\u00e9 dopl\u0148kov\u00e9 pln\u011bn\u00ed. Av\u0161ak, pokud to nep\u0159edstavuje nep\u0159im\u011b\u0159enou z\u00e1t\u011b\u017e pro stranu A, strana B m\u016f\u017ee prov\u00e9st dopl\u0148kov\u00e9 pln\u011bn\u00ed jin\u00fdm zp\u016fsobem, ne\u017e po\u017eadovala strana A.<\/p>\n\n\n\n<p>2. Bez ohledu na p\u0159edchoz\u00ed odstavec, pokud je mo\u017en\u00e9 dos\u00e1hnout c\u00edle individu\u00e1ln\u00ed smlouvy i p\u0159es nespln\u011bn\u00ed smlouvy a pokud by dopl\u0148kov\u00e9 pln\u011bn\u00ed vy\u017eadovalo nadm\u011brn\u00e9 n\u00e1klady, strana B nen\u00ed povinna plnit povinnost dopl\u0148kov\u00e9ho pln\u011bn\u00ed stanovenou v p\u0159edchoz\u00edm odstavci.<\/p>\n\n\n\n<p>3. Pokud strana A utrp\u00ed \u0161kodu v d\u016fsledku nespln\u011bn\u00ed smlouvy (omezeno na p\u0159\u00edpady zp\u016fsoben\u00e9 d\u016fvody, kter\u00e9 lze p\u0159i\u010d\u00edst stran\u011b B), m\u016f\u017ee strana A po\u017eadovat od\u0161kodn\u011bn\u00ed od strany B.<\/p>\n\n\n\n<p>Citace: <a href=\"https:\/\/www.ipa.go.jp\/ikc\/reports\/20201222.html\" target=\"_blank\" rel=\"noreferrer noopener\">Modelov\u00e1 smlouva o informa\u010dn\u00edm syst\u00e9mu (druh\u00e9 vyd\u00e1n\u00ed)[ja]<\/a><\/p>\n<\/div><\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Podrizena_smlouva\"><\/span>Pod\u0159\u00edzen\u00e1 smlouva<span class=\"ez-toc-section-end\"><\/span><\/h4>\n\n\n\n<p>U pod\u0159\u00edzen\u00e9 smlouvy se neuplat\u0148uje odpov\u011bdnost za nespln\u011bn\u00ed smlouvy, proto\u017ee nen\u00ed povinnost\u00ed dokon\u010dit v\u00fdsledn\u00fd produkt. M\u00edsto toho je povinnost\u00ed &#8220;zpracovat z\u00e1le\u017eitosti sv\u011b\u0159en\u00e9 s p\u00e9\u010d\u00ed \u0159\u00e1dn\u00e9ho spr\u00e1vce&#8221; (povinnost \u0159\u00e1dn\u00e9 p\u00e9\u010de).<\/p>\n\n\n\n<p>Pokud kybernetick\u00fd \u00fatok zp\u016fsob\u00ed syst\u00e9movou poruchu, i kdy\u017e nebyla \u00farove\u0148 zabezpe\u010den\u00ed stanovena p\u0159i uzav\u0159en\u00ed smlouvy, m\u016f\u017ee b\u00fdt v\u00fdvoj syst\u00e9mu tohoto druhu pova\u017eov\u00e1n za &#8220;poru\u0161en\u00ed povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de&#8221; (<a href=\"https:\/\/elaws.e-gov.go.jp\/document?lawid=129AC0000000089\" target=\"_blank\" rel=\"noreferrer noopener\">Ob\u010dansk\u00fd z\u00e1kon\u00edk \u00a7656, \u00a7644[ja]<\/a>) a m\u016f\u017ee b\u00fdt po\u017eadov\u00e1no od\u0161kodn\u011bn\u00ed.<\/p>\n\n\n\n<div class=\"wp-block-group has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"background-color:#f4f4f4\"><div class=\"wp-block-group__inner-container\">\n<p>\u3010P\u0159\u00edklad z\u00e1pisu povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de\u3011<\/p>\n\n\n\n<p>\u010cl\u00e1nek X Strana B uzav\u0159e individu\u00e1ln\u00ed smlouvu podle \u010dl\u00e1nku X a poskytne slu\u017eby podporuj\u00edc\u00ed vytv\u00e1\u0159en\u00ed specifikac\u00ed po\u017eadavk\u016f (d\u00e1le jen &#8220;podpora p\u0159i vytv\u00e1\u0159en\u00ed specifikac\u00ed po\u017eadavk\u016f&#8221;) na z\u00e1klad\u011b konceptu informa\u010dn\u00edho syst\u00e9mu, pl\u00e1nu syst\u00e9mov\u00e9ho zpracov\u00e1n\u00ed atd., kter\u00e9 vytvo\u0159ila strana A.<\/p>\n\n\n\n<p>2. Strana B, na z\u00e1klad\u011b sv\u00fdch odborn\u00fdch znalost\u00ed a zku\u0161enost\u00ed v oblasti informa\u010dn\u00edch technologi\u00ed, provede podp\u016frn\u00e9 \u010dinnosti, jako je v\u00fdzkum, anal\u00fdza, organizace, n\u00e1vrh a poradenstv\u00ed, s p\u00e9\u010d\u00ed \u0159\u00e1dn\u00e9ho spr\u00e1vce, aby se pr\u00e1ce strany A mohla hladce a spr\u00e1vn\u011b prov\u00e1d\u011bt.<\/p>\n\n\n\n<p>Citace: <a href=\"https:\/\/www.ipa.go.jp\/ikc\/reports\/20201222.html\" target=\"_blank\" rel=\"noreferrer noopener\">Modelov\u00e1 smlouva o informa\u010dn\u00edm syst\u00e9mu (druh\u00e9 vyd\u00e1n\u00ed)[ja]<\/a><\/p>\n<\/div><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Smlouva_o_udrzbe_a_provozu_systemu\"><\/span>Smlouva o \u00fadr\u017eb\u011b a provozu syst\u00e9mu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Smlouva o \u00fadr\u017eb\u011b a provozu syst\u00e9mu je dohoda, v r\u00e1mci kter\u00e9 spole\u010dnost pov\u011b\u0159uje dodavatele softwaru \u00fakoly spojen\u00e9 s \u00fadr\u017ebou a provozem st\u00e1vaj\u00edc\u00edho softwaru. P\u0159i uzav\u00edr\u00e1n\u00ed smlouvy o \u00fadr\u017eb\u011b a provozu je b\u011b\u017en\u00e9, \u017ee se do smlouvy za\u010dlen\u00ed \u00farove\u0148 zabezpe\u010den\u00ed, kterou je t\u0159eba splnit, nap\u0159\u00edklad v technick\u00fdch specifikac\u00edch.<\/p>\n\n\n\n<p>Pokud dojde k po\u0161kozen\u00ed v d\u016fsledku kybernetick\u00e9ho \u00fatoku a \u00farove\u0148 zabezpe\u010den\u00ed syst\u00e9mu je ni\u017e\u0161\u00ed ne\u017e \u00farove\u0148 dohodnut\u00e1 p\u0159i uzav\u0159en\u00ed smlouvy, m\u016f\u017ee b\u00fdt na z\u00e1klad\u011b klauzule o nespln\u011bn\u00ed smlouvy uplatn\u011bna odpov\u011bdnost za nespln\u011bn\u00ed z\u00e1vazk\u016f.<\/p>\n\n\n\n<p>Av\u0161ak, pokud nebyla p\u0159edem stanovena \u00farove\u0148 zabezpe\u010den\u00ed, m\u016f\u017ee b\u00fdt \u00fadr\u017eba a provoz syst\u00e9mu, kter\u00fd je zraniteln\u00fd v\u016f\u010di kybernetick\u00fdm \u00fatok\u016fm, pova\u017eov\u00e1n za poru\u0161en\u00ed povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de, co\u017e m\u016f\u017ee v\u00e9st k uplatn\u011bn\u00ed odpov\u011bdnosti.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Smlouva_o_vyuziti_cloudovych_sluzeb\"><\/span>Smlouva o vyu\u017eit\u00ed cloudov\u00fdch slu\u017eeb<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Smlouva o vyu\u017eit\u00ed cloudov\u00fdch slu\u017eeb je dohoda uzav\u0159en\u00e1 p\u0159i vyu\u017eit\u00ed slu\u017eeb, kter\u00e9 poskytovatel (vendor) nab\u00edz\u00ed v cloudu. Jeliko\u017e se p\u0159edpokl\u00e1d\u00e1, \u017ee poskytovatel nab\u00eddne stejn\u00e9 slu\u017eby velk\u00e9mu po\u010dtu u\u017eivatel\u016f, \u010dasto se smlouva uzav\u00edr\u00e1 podle podm\u00ednek stanoven\u00fdch poskytovatelem.<\/p>\n\n\n\n<p>Obecn\u011b plat\u00ed, \u017ee tato smlouva p\u0159edem uv\u00e1d\u00ed odpov\u011bdnost v p\u0159\u00edpad\u011b, \u017ee slu\u017eby nelze poskytnout kv\u016fli kybernetick\u00e9mu \u00fatoku.<\/p>\n\n\n\n<p>V smlouv\u011b o vyu\u017eit\u00ed cloudov\u00fdch slu\u017eeb se obvykle stanov\u00ed n\u00e1sleduj\u00edc\u00ed:<\/p>\n\n\n\n<ul>\n<li>SLA (Service Level Agreement): z\u00e1ruky kvality a provozn\u00ed pravidla<\/li>\n\n\n\n<li>Omezen\u00ed odpov\u011bdnosti: rozsah odpov\u011bdnosti poskytovatele v p\u0159\u00edpad\u011b vzniku \u0161kody<\/li>\n<\/ul>\n\n\n\n<p>SLA je dokument, kter\u00fd explicitn\u011b uv\u00e1d\u00ed po\u017eadavky u\u017eivatele a provozn\u00ed pravidla poskytovatele. Pokud nen\u00ed poskytnuta slu\u017eba stanoven\u00e1 v tomto dokumentu, m\u016f\u017ee se jednat o \u010d\u00e1ste\u010dn\u00e9 nespln\u011bn\u00ed z\u00e1vazk\u016f a m\u016f\u017ee b\u00fdt pod\u00e1na \u017e\u00e1dost o n\u00e1hradu \u0161kody. Nav\u00edc, v smlouv\u011b m\u016f\u017ee b\u00fdt stanovena &#8220;klauzule o omezen\u00ed odpov\u011bdnosti&#8221;, kter\u00e1 p\u0159edem omezuje podm\u00ednky, za kter\u00fdch m\u016f\u017ee poskytovatel \u010delit n\u00e1rok\u016fm na nespln\u011bn\u00ed z\u00e1vazk\u016f, a omezuje v\u00fd\u0161i n\u00e1hrady \u0161kody, i kdy\u017e je odpov\u011bdnost uzn\u00e1na.<\/p>\n\n\n\n<p>Av\u0161ak klauzule o omezen\u00ed odpov\u011bdnosti \u010dasto obsahuj\u00ed ustanoven\u00ed v\u00fdhodn\u00e9 pro poskytovatele, a pokud dojde k sporu, mohou b\u00fdt omezeny na z\u00e1klad\u011b japonsk\u00fdch pr\u00e1vn\u00edch precedent\u016f.<\/p>\n\n\n\n<div class=\"wp-block-group has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"background-color:#f4f4f4\"><div class=\"wp-block-group__inner-container\">\n<p>\u3010P\u0159\u00edklad ustanoven\u00ed o omezen\u00ed odpov\u011bdnosti\u3011<\/p>\n\n\n\n<p>\u010cl\u00e1nek X: Strany A a B mohou po\u017eadovat n\u00e1hradu \u0161kody od druh\u00e9 strany, pokud utrp\u00ed \u0161kodu zp\u016fsobenou d\u016fvodem, kter\u00fd lze p\u0159i\u010d\u00edst druh\u00e9 stran\u011b, v souvislosti s pln\u011bn\u00edm t\u00e9to smlouvy a jednotliv\u00fdch smluv (omezeno na \u0161kodu XXX). Av\u0161ak tento n\u00e1rok nelze uplatnit po uplynut\u00ed X m\u011bs\u00edc\u016f od data p\u0159ijet\u00ed dod\u00e1vky nebo potvrzen\u00ed ukon\u010den\u00ed pr\u00e1ce podle dan\u00e9 jednotliv\u00e9 smlouvy.<\/p>\n\n\n\n<p>2. Celkov\u00e1 \u010d\u00e1stka n\u00e1hrady \u0161kody v souvislosti s pln\u011bn\u00edm t\u00e9to smlouvy a jednotliv\u00fdch smluv je omezena na \u010d\u00e1stku XXX stanovenou v jednotliv\u00e9 smlouv\u011b, kter\u00e1 byla p\u0159\u00ed\u010dinou d\u016fvodu odpov\u011bdnosti, bez ohledu na d\u016fvod n\u00e1roku, v\u010detn\u011b nespln\u011bn\u00ed z\u00e1vazk\u016f (v\u010detn\u011b odpov\u011bdnosti za nesoulad smlouvy), neopr\u00e1vn\u011bn\u00e9ho obohacen\u00ed, protipr\u00e1vn\u00edho jedn\u00e1n\u00ed atd.<\/p>\n\n\n\n<p>3. P\u0159edchoz\u00ed ustanoven\u00ed se nevztahuje na p\u0159\u00edpady, kdy je odpov\u011bdnost za n\u00e1hradu \u0161kody zalo\u017eena na \u00famyslu nebo hrub\u00e9 nedbalosti dlu\u017en\u00edka.<\/p>\n\n\n\n<p>Citace: <a href=\"https:\/\/www.ipa.go.jp\/ikc\/reports\/20201222.html\" target=\"_blank\" rel=\"noreferrer noopener\">Informa\u010dn\u00ed syst\u00e9m &#8211; Modelov\u00e1 obchodn\u00ed smlouva (druh\u00e9 vyd\u00e1n\u00ed)[ja]<\/a><\/p>\n<\/div><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kriteria_pro_posouzeni_rozsahu_odpovednosti_za_skody_na_strane_systemoveho_dodavatele\"><\/span>Krit\u00e9ria pro posouzen\u00ed rozsahu odpov\u011bdnosti za \u0161kody na stran\u011b syst\u00e9mov\u00e9ho dodavatele<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/02\/shutterstock_646598212.jpg\" alt=\"Krit\u00e9ria pro posouzen\u00ed rozsahu odpov\u011bdnosti za \u0161kody na stran\u011b syst\u00e9mov\u00e9ho dodavatele\" class=\"wp-image-58928\" \/><\/figure>\n\n\n\n<p>Kdy\u017e dojde k po\u0161kozen\u00ed u\u017eivatelsk\u00e9 firmy v d\u016fsledku kybernetick\u00e9ho \u00fatoku, v jak\u00fdch konkr\u00e9tn\u00edch p\u0159\u00edpadech m\u016f\u017ee b\u00fdt zpochybn\u011bna odpov\u011bdnost dodavatele, kter\u00fd syst\u00e9m vyvinul?<\/p>\n\n\n\n<p>N\u00ed\u017ee vysv\u011btl\u00edme na z\u00e1klad\u011b p\u0159\u00edklad\u016f soudn\u00edch spor\u016f, kdy byla zpochybn\u011bna odpov\u011bdnost na stran\u011b dodavatele syst\u00e9mu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Byla_provedena_opatreni_v_souladu_s_technickou_urovni_v_dobe_vyvoje\"><\/span>Byla provedena opat\u0159en\u00ed v souladu s technickou \u00farovn\u00ed v dob\u011b v\u00fdvoje?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>V p\u0159\u00edpad\u011b skute\u010dn\u00fdch soudn\u00edch spor\u016f se klade d\u016fraz na to, zda dodavatel syst\u00e9mu provedl bezpe\u010dnostn\u00ed opat\u0159en\u00ed na \u00farovni odpov\u00eddaj\u00edc\u00ed pokyn\u016fm a manu\u00e1l\u016fm ve\u0159ejn\u00fdch \u00fa\u0159ad\u016f a pr\u016fmyslov\u00fdch organizac\u00ed v dob\u011b v\u00fdvoje.<\/p>\n\n\n\n<p>Existuj\u00ed p\u0159\u00edklady soudn\u00edch rozhodnut\u00ed, kter\u00e9 na\u0159\u00eddily dodavateli syst\u00e9mu n\u00e1hradu \u0161kody za \u0161kody zp\u016fsoben\u00e9 kybernetick\u00fdm \u00fatokem, jak je uvedeno n\u00ed\u017ee.<\/p>\n\n\n\n<div class=\"wp-block-group has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"background-color:#f4f4f4\"><div class=\"wp-block-group__inner-container\">\n<p>\u3010P\u0159\u00edklad soudn\u00edho rozhodnut\u00ed\u3011Tokyo District Court, 23.1. Heisei 26 (2014)<br>U\u017eivatel: Spole\u010dnost X, kter\u00e1 se zab\u00fdv\u00e1 maloobchodem a prodejem interi\u00e9rov\u00fdch materi\u00e1l\u016f<br>Dodavatel: Spole\u010dnost Y, kter\u00e1 p\u0159evzala n\u00e1vrh a \u00fadr\u017ebu webov\u00e9ho objedn\u00e1vkov\u00e9ho syst\u00e9mu<\/p>\n\n\n\n<p>P\u0159\u00edpad \u00faniku 7 000 z\u00e1znam\u016f o kreditn\u00edch kart\u00e1ch z\u00e1kazn\u00edk\u016f v d\u016fsledku kybernetick\u00e9ho \u00fatoku<\/p>\n\n\n\n<p>\u25a0Rozsudek<br>Na\u0159\u00edzen\u00ed k n\u00e1hrad\u011b \u0161kody ve v\u00fd\u0161i cca 20 milion\u016f jen\u016f na stran\u011b dodavatele syst\u00e9mu<br>Byla uzn\u00e1na \u010d\u00e1stka p\u0159esahuj\u00edc\u00ed cca 2 miliony jen\u016f v\u00fdvojov\u00fdch n\u00e1klad\u016f<br>Byla uzn\u00e1na nedbalost na stran\u011b spole\u010dnosti X, 30% nedbalostn\u00ed kompenzace<\/p>\n\n\n\n<p>\u25a0D\u016fvod<br>\u30fbDodavatel syst\u00e9mu zanedbal povinnost prov\u00e9st bezpe\u010dnostn\u00ed opat\u0159en\u00ed v souladu s tehdej\u0161\u00ed technickou \u00farovn\u00ed.<br>\u30fbByla uzn\u00e1na nedbalost na stran\u011b u\u017eivatelsk\u00e9 firmy, kter\u00e1 zanedbala opat\u0159en\u00ed, p\u0159esto\u017ee obdr\u017eela vysv\u011btlen\u00ed rizika od dodavatele syst\u00e9mu, a byla provedena 30% nedbalostn\u00ed kompenzace.<\/p>\n<\/div><\/div>\n\n\n\n<p>V roce 2014 byl &#8220;SQL Injection Attack&#8221; hlavn\u00edm prost\u0159edkem kybernetick\u00fdch \u00fatok\u016f a Ministerstvo hospod\u00e1\u0159stv\u00ed, obchodu a pr\u016fmyslu zve\u0159ejnilo dokument nazvan\u00fd &#8220;<a href=\"https:\/\/www.meti.go.jp\/policy\/it_policy\/privacy\/kanki.html\" target=\"_blank\" rel=\"noreferrer noopener\">Upozorn\u011bn\u00ed na zaveden\u00ed bezpe\u010dnostn\u00edch opat\u0159en\u00ed pro osobn\u00ed data na z\u00e1klad\u011b z\u00e1kona o ochran\u011b osobn\u00edch \u00fadaj\u016f[ja]<\/a>&#8220;, kter\u00fd poukazoval na kybernetick\u00e9 riziko a vyz\u00fdval k pos\u00edlen\u00ed syst\u00e9mu.<\/p>\n\n\n\n<p>Rozsudek uznal odpov\u011bdnost dodavatele syst\u00e9mu, kter\u00fd neprovedl opat\u0159en\u00ed, a na\u0159\u00eddil n\u00e1hradu \u0161kody, zat\u00edmco uznal, \u017ee u\u017eivatelsk\u00e1 firma tak\u00e9 nese odpov\u011bdnost, a uznal 30% nedbalostn\u00ed kompenzaci.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Je_na_strane_uzivatelske_firmy_nejaka_chyba\"><\/span>Je na stran\u011b u\u017eivatelsk\u00e9 firmy n\u011bjak\u00e1 chyba?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Firmy na stran\u011b u\u017eivatel\u016f, kter\u00e9 zad\u00e1vaj\u00ed v\u00fdvoj syst\u00e9m\u016f, tak\u00e9 maj\u00ed sv\u00e9 povinnosti a pokud je n\u011bjak\u00e1 chyba, mohou n\u00e9st plnou odpov\u011bdnost.<\/p>\n\n\n\n<p>N\u00ed\u017ee je p\u0159\u00edklad soudn\u00edho rozhodnut\u00ed, kter\u00e9 pln\u011b uznalo odpov\u011bdnost firmy na stran\u011b u\u017eivatele a na\u0159\u00eddilo n\u00e1hradu \u0161kody, a\u010dkoli to nen\u00ed p\u0159\u00edklad kybernetick\u00e9ho \u00fatoku.<\/p>\n\n\n\n<div class=\"wp-block-group has-background is-layout-constrained wp-block-group-is-layout-constrained\" style=\"background-color:#f4f4f4\"><div class=\"wp-block-group__inner-container\">\n<p>\u3010P\u0159\u00edklad soudn\u00edho rozhodnut\u00ed\u3011Asahikawa District Court, 31.8. Heisei 29 (2017)<\/p>\n\n\n\n<p>U\u017eivatel: Univerzitn\u00ed nemocnice<br>Dodavatel: Syst\u00e9mov\u00e1 spole\u010dnost, kter\u00e1 byla po\u017e\u00e1d\u00e1na o v\u00fdvoj elektronick\u00e9ho zdravotnick\u00e9ho z\u00e1znamu univerzitn\u00ed nemocnic\u00ed<\/p>\n\n\n\n<p>Hned po zah\u00e1jen\u00ed projektu se objevily dal\u0161\u00ed po\u017eadavky od l\u00e9ka\u0159\u016f na m\u00edst\u011b.<br>Po\u017eadavky nep\u0159est\u00e1valy a v\u00fdvoj se zpozdil, nemocnice zru\u0161ila smlouvu kv\u016fli zpo\u017ed\u011bn\u00ed.<\/p>\n\n\n\n<p>\u25a0Rozsudek (odvolac\u00ed soud)<br>Na\u0159\u00edzen\u00ed k n\u00e1hrad\u011b \u0161kody ve v\u00fd\u0161i cca 1,4 miliardy jen\u016f na stran\u011b univerzitn\u00ed nemocnice<br>Zru\u0161en\u00ed prvostup\u0148ov\u00e9ho rozsudku, kter\u00fd na\u0159\u00eddil n\u00e1hradu \u0161kody ob\u011bma stran\u00e1m<\/p>\n\n\n\n<p>\u25a0D\u016fvod<br>\u30fbByl zpochybn\u011bn probl\u00e9m, \u017ee nemocnice nev\u011bnovala pozornost varov\u00e1n\u00ed dodavatele, \u017ee pokud vyhov\u00ed dal\u0161\u00edm po\u017eadavk\u016fm, nebude schopna dodr\u017eet term\u00edn.<\/p>\n<\/div><\/div>\n\n\n\n<p>Tento soudn\u00ed spor vyplynul z toho, \u017ee u\u017eivatelsk\u00e1 strana ozn\u00e1mila zru\u0161en\u00ed smlouvy kv\u016fli zpo\u017ed\u011bn\u00ed v\u00fdvoje syst\u00e9mu, a ob\u011b strany se vz\u00e1jemn\u011b \u017ealovaly o n\u00e1hradu \u0161kody.<\/p>\n\n\n\n<p>Rozsudek uznal, \u017ee p\u0159\u00ed\u010dinou zpo\u017ed\u011bn\u00ed v\u00fdvoje bylo to, \u017ee u\u017eivatelsk\u00e1 strana nev\u011bnovala pozornost varov\u00e1n\u00ed dodavatele syst\u00e9mu, uznal 100% odpov\u011bdnost na stran\u011b u\u017eivatele a zam\u00edtl po\u017eadavek u\u017eivatele. Na stran\u011b dodavatele je &#8220;povinnost \u0159\u00edzen\u00ed projektu&#8221;, kter\u00e1 zaji\u0161\u0165uje, \u017ee projekt postupuje tak, aby byl dod\u00e1n v\u010das. Na stran\u011b u\u017eivatele je tak\u00e9 &#8220;povinnost spolupr\u00e1ce&#8221;, a pokud je tato povinnost zanedb\u00e1na, m\u016f\u017ee n\u00e9st plnou odpov\u011bdnost. Ve skute\u010dn\u00fdch soudn\u00edch p\u0159\u00edpadech se odpov\u011bdnost za n\u00e1hradu \u0161kody ur\u010duje podle tohoto pom\u011bru.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Tri_klicove_body_pro_bezpecny_vyvoj_systemu\"><\/span>T\u0159i kl\u00ed\u010dov\u00e9 body pro bezpe\u010dn\u00fd v\u00fdvoj syst\u00e9m\u016f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/02\/shutterstock_2004030665.jpg\" alt=\"T\u0159i kl\u00ed\u010dov\u00e9 body pro bezpe\u010dn\u00fd v\u00fdvoj syst\u00e9m\u016f\" class=\"wp-image-58929\" \/><\/figure>\n\n\n\n<p>Pro p\u0159\u00edpravu na kybernetick\u00e1 rizika je d\u016fle\u017eit\u00e9, aby se u\u017eivatel\u00e9 a dodavatel\u00e9 spole\u010dn\u011b pod\u00edleli na opat\u0159en\u00edch.<\/p>\n\n\n\n<p>N\u00ed\u017ee vysv\u011btlujeme opat\u0159en\u00ed, kter\u00e1 mohou dodavatel\u00e9 a u\u017eivatel\u00e9 podniknout z jejich vlastn\u00edch pozic.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Pochopeni_kybernetickych_rizik_na_ktere_upozornuji_vladni_agentury_a_dalsi\"><\/span>Pochopen\u00ed kybernetick\u00fdch rizik, na kter\u00e9 upozor\u0148uj\u00ed vl\u00e1dn\u00ed agentury a dal\u0161\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Dodavatel\u00e9 syst\u00e9m\u016f by m\u011bli zkontrolovat pokyny od odborn\u00fdch instituc\u00ed, jako je Ministerstvo hospod\u00e1\u0159stv\u00ed, obchodu a pr\u016fmyslu (Japanese Ministry of Economy, Trade and Industry) nebo Nez\u00e1visl\u00e1 spr\u00e1vn\u00ed instituce pro podporu zpracov\u00e1n\u00ed informac\u00ed (Japanese Information-technology Promotion Agency &#8211; IPA), pochopit sou\u010dasn\u00e1 kybernetick\u00e1 rizika a jejich \u0159e\u0161en\u00ed a pak se podle toho \u0159\u00eddit p\u0159i v\u00fdvoji a provozu.<\/p>\n\n\n\n<p>Nejen dodavatel\u00e9, ale i u\u017eivatelsk\u00e9 firmy by m\u011bly m\u00edt alespo\u0148 z\u00e1kladn\u00ed porozum\u011bn\u00ed t\u011bmto pokyn\u016fm, po\u017eadovat v\u00fdvoj a provoz v souladu s nimi a do smlouvy zahrnout klauzule o \u00farovni zabezpe\u010den\u00ed.<\/p>\n\n\n\n<p>Reference: Ministerstvo hospod\u00e1\u0159stv\u00ed, obchodu a pr\u016fmyslu\uff5cKybernetick\u00e9 bezpe\u010dnostn\u00ed pokyny pro podnik\u00e1n\u00ed Ver 2.0<\/p>\n\n\n\n<p>Reference: <a href=\"https:\/\/www.ipa.go.jp\/security\/vuln\/websecurity.html\" target=\"_blank\" rel=\"noreferrer noopener\">Nez\u00e1visl\u00e1 spr\u00e1vn\u00ed instituce pro podporu zpracov\u00e1n\u00ed informac\u00ed\uff5cJak vytvo\u0159it bezpe\u010dn\u00fd web[ja]<\/a><\/p>\n\n\n\n<p>Obzvl\u00e1\u0161t\u011b v oblasti financ\u00ed a podobn\u00fdch oborech mohou b\u00fdt z\u00e1kony a pokyny vy\u017eadovat vysokou \u00farove\u0148 zabezpe\u010den\u00ed. Bezpe\u010dnostn\u00ed opat\u0159en\u00ed t\u00fdkaj\u00edc\u00ed se kryptom\u011bn jsou podrobn\u011b vysv\u011btleny n\u00ed\u017ee.<\/p>\n\n\n\n<p>Souvisej\u00edc\u00ed \u010dl\u00e1nek: <a href=\"https:\/\/monolith.law\/corporate\/cryptoassets-security\" target=\"_blank\" rel=\"noreferrer noopener\">Jak\u00e1 jsou bezpe\u010dnostn\u00ed opat\u0159en\u00ed pro kryptom\u011bny? Vysv\u011btlen\u00ed s t\u0159emi p\u0159\u00edpady \u00fanik\u016f[ja]<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Obe_strany_rozumi_potrebe_zabezpeceni\"><\/span>Ob\u011b strany rozum\u00ed pot\u0159eb\u011b zabezpe\u010den\u00ed<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>V &#8220;Kybernetick\u00fdch bezpe\u010dnostn\u00edch pokynech pro podnik\u00e1n\u00ed Ver2.0&#8221; Ministerstva hospod\u00e1\u0159stv\u00ed, obchodu a pr\u016fmyslu je jasn\u011b uvedeno, \u017ee &#8220;kybernetick\u00e1 bezpe\u010dnost je ot\u00e1zka podnik\u00e1n\u00ed&#8221;.<\/p>\n\n\n\n<p>M\u00edsto toho, aby firmy p\u0159enechaly zabezpe\u010den\u00ed dodavatel\u016fm, proto\u017ee o n\u011bm nic nev\u011bd\u00ed, by m\u011bly pova\u017eovat \u0159\u00edzen\u00ed t\u011bchto rizik za sou\u010d\u00e1st sv\u00e9ho podnik\u00e1n\u00ed a m\u011bly by se zodpov\u011bdn\u011b pod\u00edlet na opat\u0159en\u00edch.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Obe_strany_spolecne_celi_kybernetickym_utokum\"><\/span>Ob\u011b strany spole\u010dn\u011b \u010del\u00ed kybernetick\u00fdm \u00fatok\u016fm<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>P\u0159i kybernetick\u00e9m \u00fatoku by m\u011bli zadavatel a dodavatel spolupracovat na minimalizaci \u0161kod, m\u00edsto aby si vz\u00e1jemn\u011b p\u0159ehazovali odpov\u011bdnost.<\/p>\n\n\n\n<p>Av\u0161ak, v syst\u00e9mov\u00e9m v\u00fdvoji se \u010dasto st\u00e1v\u00e1, \u017ee pozice zadavatele je siln\u011bj\u0161\u00ed a v\u00fdvoj syst\u00e9mu se zam\u011b\u0159uje na n\u00e1klady a term\u00edny. Dodavatel\u00e9 nemus\u00ed m\u00edt dostatek \u010dasu ani pen\u011bz a jejich n\u00e1vrhy na zabezpe\u010den\u00ed nemus\u00ed b\u00fdt p\u0159ijaty.<\/p>\n\n\n\n<p>Av\u0161ak, pokyny uv\u00e1d\u011bj\u00ed, \u017ee firmy na stran\u011b u\u017eivatel\u016f by m\u011bly pova\u017eovat prov\u00e1d\u011bn\u00ed bezpe\u010dnostn\u00edch opat\u0159en\u00ed ne za &#8220;n\u00e1klady&#8221;, ale za nezbytn\u00e9 pro budouc\u00ed podnik\u00e1n\u00ed a r\u016fst a m\u011bly by je pova\u017eovat za &#8220;investice&#8221;.<\/p>\n\n\n\n<p>V syst\u00e9mov\u00e9m v\u00fdvoji je d\u016fle\u017eit\u00e9, aby dodavatel\u00e9 a u\u017eivatel\u00e9 spole\u010dn\u011b a na rovnocenn\u00e9m z\u00e1klad\u011b \u010delili kybernetick\u00fdm \u00fatok\u016fm.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shrnuti_Konzultujte_tvorbu_smlouvy_o_vyvoji_systemu_s_pravnikem\"><\/span>Shrnut\u00ed: Konzultujte tvorbu smlouvy o v\u00fdvoji syst\u00e9mu s pr\u00e1vn\u00edkem<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>V p\u0159\u00edpad\u011b, \u017ee dojde k po\u0161kozen\u00ed v d\u016fsledku kybernetick\u00e9ho \u00fatoku, m\u016f\u017ee b\u00fdt v\u00fdrobce zapojen\u00fd do v\u00fdvoje syst\u00e9mu obvin\u011bn z nedbalosti v kybernetick\u00e9m rizikov\u00e9m \u0159\u00edzen\u00ed a m\u016f\u017ee b\u00fdt zodpov\u011bdn\u00fd v\u016f\u010di u\u017eivatelsk\u00e9 firm\u011b.<\/p>\n\n\n\n<p>Av\u0161ak, i u\u017eivatelsk\u00e1 firma, kter\u00e1 zanedbala svou povinnost spolupracovat s v\u00fdrobcem, nese zodpov\u011bdnost.<\/p>\n\n\n\n<p>Aby se minimalizovaly \u0161kody z kybernetick\u00fdch \u00fatok\u016f, je t\u0159eba stanovit v smlouv\u011b \u00farove\u0148 syst\u00e9mu a rozsah odpov\u011bdnosti ka\u017ed\u00e9 strany.<\/p>\n\n\n\n<p>P\u0159i tvorb\u011b smlouvy o v\u00fdvoji syst\u00e9mu se pora\u010fte s pr\u00e1vn\u00edkem, kter\u00fd m\u00e1 pokro\u010dil\u00e9 odborn\u00e9 znalosti a je schopen pochopit obsah pokyn\u016f a sou\u010dasn\u00e9 kybernetick\u00e9 riziko.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Predstaveni_opatreni_nasi_kancelare\"><\/span>P\u0159edstaven\u00ed opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Pr\u00e1vnick\u00e1 kancel\u00e1\u0159 Monolith je pr\u00e1vnick\u00e1 kancel\u00e1\u0159 s vysokou odbornost\u00ed v oblasti IT, zejm\u00e9na internetu a pr\u00e1va. P\u0159i uzav\u00edr\u00e1n\u00ed smlouvy o v\u00fdvoji syst\u00e9mu je nutn\u00e9 vytvo\u0159it smlouvu. Na\u0161e kancel\u00e1\u0159 prov\u00e1d\u00ed tvorbu a revizi smluv pro r\u016fzn\u00e9 p\u0159\u00edpady, od spole\u010dnost\u00ed k\u00f3tovan\u00fdch na Tokyo Stock Exchange a\u017e po startupy. Pokud m\u00e1te pot\u00ed\u017ee se smlouvou, pros\u00edm, pod\u00edvejte se na n\u00e1sleduj\u00edc\u00ed \u010dl\u00e1nek.<\/p>\n\n\n\n<p>Obory, kter\u00e9 pokr\u00fdv\u00e1 pr\u00e1vnick\u00e1 kancel\u00e1\u0159 Monolith: <a href=\"https:\/\/monolith.law\/systemdevelopment\" target=\"_blank\" rel=\"noreferrer noopener\">Pr\u00e1vn\u00ed slu\u017eby souvisej\u00edc\u00ed s v\u00fdvojem syst\u00e9m\u016f[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>V posledn\u00edch letech se po\u010det kybernetick\u00fdch \u00fatok\u016f na podniky neust\u00e1le zvy\u0161uje. Podle pr\u016fzkumu proveden\u00e9ho Japonskou asociac\u00ed pro s\u00ed\u0165ovou bezpe\u010dnost (JNSA), kter\u00e1 je specifickou neziskovou organizac\u00ed,  [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":64202,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[35,19],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/60998"}],"collection":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/comments?post=60998"}],"version-history":[{"count":4,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/60998\/revisions"}],"predecessor-version":[{"id":64478,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/60998\/revisions\/64478"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media\/64202"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media?parent=60998"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/categories?post=60998"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/tags?post=60998"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}