{"id":61600,"date":"2023-12-08T20:25:38","date_gmt":"2023-12-08T11:25:38","guid":{"rendered":"https:\/\/monolith.law\/cs\/?p=61600"},"modified":"2024-03-30T22:47:40","modified_gmt":"2024-03-30T13:47:40","slug":"internal-control-system","status":"publish","type":"post","link":"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system","title":{"rendered":"Jak zabr\u00e1nit bezpe\u010dnostn\u00edm incident\u016fm u dodavatel\u016f? Vysv\u011btlen\u00ed v\u00fdstavby a provozu intern\u00edho kontroln\u00edho syst\u00e9mu objednatele"},"content":{"rendered":"\n<p>Podniky jsou podle japonsk\u00e9ho Obchodn\u00edho z\u00e1kon\u00edku (Japanese Company Law) a Z\u00e1kona o obchodov\u00e1n\u00ed s finan\u010dn\u00edmi produkty (Japanese Financial Instruments and Exchange Act) povinny vytvo\u0159it syst\u00e9m vnit\u0159n\u00ed kontroly. Pojem &#8220;syst\u00e9m vnit\u0159n\u00ed kontroly&#8221; m\u016f\u017ee zn\u00edt slo\u017eit\u011b, ale jednodu\u0161e \u0159e\u010deno, jde o syst\u00e9m, kter\u00fd umo\u017e\u0148uje spr\u00e1vn\u00e9 prov\u00e1d\u011bn\u00ed firemn\u00edch operac\u00ed a prevenci rizik.<\/p>\n\n\n\n<p>Jak tedy funguje syst\u00e9m vnit\u0159n\u00ed kontroly ve vztahu k extern\u00edm obchodn\u00edm partner\u016fm? Toto je zvl\u00e1\u0161t\u011b d\u016fle\u017eit\u00e9, proto\u017ee podniky \u010dasto outsourcuj\u00ed r\u016fzn\u00e9 operace, jako je logistika a \u00fadr\u017eba.<\/p>\n\n\n\n<p>V tomto \u010dl\u00e1nku vysv\u011btl\u00edme, jak funguje syst\u00e9m vnit\u0159n\u00ed kontroly u dodavatel\u016f a jak\u00e9 opat\u0159en\u00ed je t\u0159eba p\u0159ijmout k prevenci bezpe\u010dnostn\u00edch incident\u016f.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_53 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<span class=\"ez-toc-title-toggle\"><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Co_je_to_interni_kontrolni_system\" title=\"Co je to intern\u00ed kontroln\u00ed syst\u00e9m\">Co je to intern\u00ed kontroln\u00ed syst\u00e9m<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Rizika_vnitrniho_kontrolniho_systemu_ktera_mohou_vzniknout_pri_svereni_prace\" title=\"Rizika vnit\u0159n\u00edho kontroln\u00edho syst\u00e9mu, kter\u00e1 mohou vzniknout p\u0159i sv\u011b\u0159en\u00ed pr\u00e1ce\">Rizika vnit\u0159n\u00edho kontroln\u00edho syst\u00e9mu, kter\u00e1 mohou vzniknout p\u0159i sv\u011b\u0159en\u00ed pr\u00e1ce<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Potreba_interniho_kontrolniho_systemu_vcetne_rizeni_dodavatelu\" title=\"Pot\u0159eba intern\u00edho kontroln\u00edho syst\u00e9mu v\u010detn\u011b \u0159\u00edzen\u00ed dodavatel\u016f\">Pot\u0159eba intern\u00edho kontroln\u00edho syst\u00e9mu v\u010detn\u011b \u0159\u00edzen\u00ed dodavatel\u016f<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Vyznam_interniho_kontrolniho_systemu_se_ucime_na_prikladech\" title=\"V\u00fdznam intern\u00edho kontroln\u00edho syst\u00e9mu se u\u010d\u00edme na p\u0159\u00edkladech\">V\u00fdznam intern\u00edho kontroln\u00edho syst\u00e9mu se u\u010d\u00edme na p\u0159\u00edkladech<\/a><ul class='ez-toc-list-level-3'><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Pripad_uniku_informaci_v_Japonske_penzijni_instituci_Nenkin_Kikou\" title=\"P\u0159\u00edpad \u00faniku informac\u00ed v Japonsk\u00e9 penzijn\u00ed instituci (Nenkin Kikou)\">P\u0159\u00edpad \u00faniku informac\u00ed v Japonsk\u00e9 penzijn\u00ed instituci (Nenkin Kikou)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Pripad_uniku_osobnich_udaju_v_korporaci_Benesse\" title=\"P\u0159\u00edpad \u00faniku osobn\u00edch \u00fadaj\u016f v korporaci Benesse\">P\u0159\u00edpad \u00faniku osobn\u00edch \u00fadaj\u016f v korporaci Benesse<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Shrnuti_Konzultujte_system_vnitrni_kontroly_s_pravnikem\" title=\"Shrnut\u00ed: Konzultujte syst\u00e9m vnit\u0159n\u00ed kontroly s pr\u00e1vn\u00edkem\">Shrnut\u00ed: Konzultujte syst\u00e9m vnit\u0159n\u00ed kontroly s pr\u00e1vn\u00edkem<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/monolith.law\/cs\/general-corporate\/internal-control-system\/#Uvod_do_opatreni_nasi_kancelare\" title=\"\u00davod do opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e\">\u00davod do opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Co_je_to_interni_kontrolni_system\"><\/span>Co je to intern\u00ed kontroln\u00ed syst\u00e9m<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/01\/shutterstock_2040715259.jpg\" alt=\"Co je to intern\u00ed kontroln\u00ed syst\u00e9m\" class=\"wp-image-57124\" \/><\/figure>\n\n\n\n<p>Intern\u00ed kontroln\u00ed syst\u00e9m je soubor organiza\u010dn\u00edch prost\u0159edk\u016f a metod, kter\u00e9 jsou nezbytn\u00e9 pro spr\u00e1vn\u00e9 \u0159\u00edzen\u00ed podniku nebo organizace. Je definov\u00e1n v Japonsk\u00e9m z\u00e1kon\u011b o obchodn\u00edch spole\u010dnostech a Japonsk\u00e9m z\u00e1kon\u011b o obchodov\u00e1n\u00ed s finan\u010dn\u00edmi n\u00e1stroji.<\/p>\n\n\n\n<p>Podle Japonsk\u00e9ho z\u00e1konu o obchodn\u00edch spole\u010dnostech jsou n\u00e1sleduj\u00edc\u00ed spole\u010dnosti povinny vytvo\u0159it intern\u00ed kontroln\u00ed syst\u00e9m:<\/p>\n\n\n\n<ul>\n<li>Velk\u00e9 spole\u010dnosti<\/li>\n\n\n\n<li>Spole\u010dnosti s v\u00fdborem pro jmenov\u00e1n\u00ed<\/li>\n\n\n\n<li>Spole\u010dnosti s v\u00fdborem pro audit<\/li>\n<\/ul>\n\n\n\n<p>D\u00e1le Japonsk\u00fd z\u00e1kon o obchodov\u00e1n\u00ed s finan\u010dn\u00edmi n\u00e1stroji ukl\u00e1d\u00e1 povinnost vytvo\u0159it intern\u00ed kontroln\u00ed syst\u00e9m pro ve\u0159ejn\u011b obchodovan\u00e9 spole\u010dnosti. Tyto spole\u010dnosti jsou povinny ka\u017ed\u00fd obchodn\u00ed rok p\u0159edlo\u017eit zpr\u00e1vu o intern\u00ed kontrole, kter\u00e1 mus\u00ed b\u00fdt ov\u011b\u0159ena certifikovan\u00fdm \u00fa\u010detn\u00edm nebo auditorskou spole\u010dnost\u00ed.<\/p>\n\n\n\n<p>Pokud dojde k \u00faniku informac\u00ed nebo jin\u00e9 \u0161kod\u011b v d\u016fsledku nedostatk\u016f v intern\u00edm kontroln\u00edm syst\u00e9mu, spole\u010dnost a jej\u00ed \u0159editel\u00e9 mohou n\u00e9st odpov\u011bdnost za n\u00e1hradu \u0161kody. Pro v\u00edce informac\u00ed o intern\u00edm kontroln\u00edm syst\u00e9mu pro ochranu informac\u00ed se pod\u00edvejte na n\u00e1sleduj\u00edc\u00ed \u010dl\u00e1nek.<\/p>\n\n\n\n<p>Souvisej\u00edc\u00ed \u010dl\u00e1nek: <a href=\"https:\/\/monolith.law\/corporate\/company-regulations\" target=\"_blank\" rel=\"noreferrer noopener\">Vysv\u011btlen\u00ed opat\u0159en\u00ed proti \u00faniku informac\u00ed Obsah intern\u00edch p\u0159edpis\u016f, kter\u00e9 je t\u0159eba vypracovat[ja]<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Rizika_vnitrniho_kontrolniho_systemu_ktera_mohou_vzniknout_pri_svereni_prace\"><\/span>Rizika vnit\u0159n\u00edho kontroln\u00edho syst\u00e9mu, kter\u00e1 mohou vzniknout p\u0159i sv\u011b\u0159en\u00ed pr\u00e1ce<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>I kdy\u017e va\u0161e spole\u010dnost stanovila pravidla t\u00fdkaj\u00edc\u00ed se informa\u010dn\u00ed bezpe\u010dnosti, existuje mo\u017enost, \u017ee pokud sv\u011b\u0159en\u00e1 strana tato pravidla nestanovila nebo jsou jej\u00ed pravidla nedostate\u010dn\u00e1, m\u016f\u017ee doj\u00edt k bezpe\u010dnostn\u00edmu incidentu.<\/p>\n\n\n\n<p>Pokud dojde k bezpe\u010dnostn\u00edmu incidentu, i kdy\u017e se jedn\u00e1 o nehodu na stran\u011b sv\u011b\u0159en\u00e9, existuje riziko, \u017ee se sn\u00ed\u017e\u00ed image spole\u010dnosti, kter\u00e1 m\u00e1 odpov\u011bdnost za \u0159\u00edzen\u00ed.<\/p>\n\n\n\n<p>Proto je d\u016fle\u017eit\u00e9 p\u0159i sv\u011b\u0159en\u00ed pr\u00e1ce vytvo\u0159it syst\u00e9m, kter\u00fd zabr\u00e1n\u00ed vzniku bezpe\u010dnostn\u00edch incident\u016f a podobn\u00fdch ud\u00e1lost\u00ed na stran\u011b sv\u011b\u0159en\u00e9.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Potreba_interniho_kontrolniho_systemu_vcetne_rizeni_dodavatelu\"><\/span>Pot\u0159eba intern\u00edho kontroln\u00edho syst\u00e9mu v\u010detn\u011b \u0159\u00edzen\u00ed dodavatel\u016f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Na z\u00e1klad\u011b soudn\u00edch p\u0159\u00edpad\u016f a podobn\u00fdch situac\u00ed je z\u0159ejm\u00e9, \u017ee v\u00fdstavba syst\u00e9mu informa\u010dn\u00ed bezpe\u010dnosti je jedn\u00edm z kl\u00ed\u010dov\u00fdch prvk\u016f p\u0159i budov\u00e1n\u00ed intern\u00edho kontroln\u00edho syst\u00e9mu.<\/p>\n\n\n\n<p>Pokud by spole\u010dnost nebo organizace zp\u016fsobila \u0161kodu t\u0159et\u00ed stran\u011b kv\u016fli nedostatk\u016fm v syst\u00e9mu informa\u010dn\u00ed bezpe\u010dnosti, mohlo by doj\u00edt k tomu, \u017ee \u0159editel\u00e9 budou obvin\u011bni z poru\u0161en\u00ed povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de za zanedb\u00e1n\u00ed povinnosti vybudovat intern\u00ed kontroln\u00ed syst\u00e9m. Nav\u00edc, pokud by do\u0161lo k po\u0161kozen\u00ed t\u0159et\u00ed strany kv\u016fli nedostatk\u016fm v syst\u00e9mu informa\u010dn\u00ed bezpe\u010dnosti dodavatele, mohla by b\u00fdt odpov\u011bdnost kladena tak\u00e9 na spole\u010dnost zadavatele nebo jej\u00ed \u0159editele.<\/p>\n\n\n\n<p>Je t\u0159eba poznamenat, \u017ee zat\u00edm nebyly zaznamen\u00e1ny p\u0159\u00edpady, kdy by byla uzn\u00e1na n\u00e1roky na n\u00e1hradu \u0161kody zalo\u017een\u00e9 na poru\u0161en\u00ed povinnosti \u0159\u00e1dn\u00e9 p\u00e9\u010de kv\u016fli poru\u0161en\u00ed povinnosti vybudovat intern\u00ed kontroln\u00ed syst\u00e9m v\u016f\u010di \u0159editel\u016fm zadavatele v p\u0159\u00edpad\u011b, kdy do\u0161lo k incidentu v oblasti bezpe\u010dnosti kv\u016fli nedostatk\u016fm v \u0159\u00edzen\u00ed dodavatele. Nicm\u00e9n\u011b, v budoucnu je mo\u017en\u00e9, \u017ee budou pod\u00e1ny \u017ealoby.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Vyznam_interniho_kontrolniho_systemu_se_ucime_na_prikladech\"><\/span>V\u00fdznam intern\u00edho kontroln\u00edho syst\u00e9mu se u\u010d\u00edme na p\u0159\u00edkladech<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/monolith.law\/wp-content\/uploads\/2023\/01\/shutterstock_708636133.jpg\" alt=\"Opat\u0159en\u00ed, kter\u00e1 by m\u011bla b\u00fdt p\u0159ijata p\u0159i extern\u00edm zad\u00e1v\u00e1n\u00ed\" class=\"wp-image-57125\" \/><\/figure>\n\n\n\n<p>Zde se pod\u00edv\u00e1me na to, jak\u00e1 opat\u0159en\u00ed by m\u011bla b\u00fdt p\u0159ijata p\u0159i zad\u00e1v\u00e1n\u00ed prac\u00ed na z\u00e1klad\u011b minul\u00fdch p\u0159\u00edklad\u016f.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Pripad_uniku_informaci_v_Japonske_penzijni_instituci_Nenkin_Kikou\"><\/span>P\u0159\u00edpad \u00faniku informac\u00ed v Japonsk\u00e9 penzijn\u00ed instituci (Nenkin Kikou)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>V roce 2015 do\u0161lo v Japonsk\u00e9 penzijn\u00ed instituci k \u00faniku informac\u00ed zp\u016fsoben\u00e9mu neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem, p\u0159i\u010dem\u017e byl potvrzen \u00fanik osobn\u00edch \u00fadaj\u016f, jako jsou z\u00e1kladn\u00ed penzijn\u00ed \u010d\u00edsla a jm\u00e9na.<\/p>\n\n\n\n<p>V souvislosti s t\u00edmto p\u0159\u00edpadem byla z\u0159\u00edzena Vy\u0161et\u0159ovac\u00ed komise pro p\u0159\u00edpad \u00faniku informac\u00ed zp\u016fsoben\u00e9ho neopr\u00e1vn\u011bn\u00fdm p\u0159\u00edstupem v Japonsk\u00e9 penzijn\u00ed instituci (d\u00e1le jen &#8220;Vy\u0161et\u0159ovac\u00ed komise&#8221;), kter\u00e1 vytvo\u0159ila zpr\u00e1vu z 21. srpna 2015 (Heisei 27) shrnuj\u00edc\u00ed pr\u016fb\u011bh ud\u00e1lost\u00ed. Podle t\u00e9to zpr\u00e1vy byl napaden LAN syst\u00e9m Japonsk\u00e9 penzijn\u00ed instituce a do\u0161lo k \u00faniku velk\u00e9ho mno\u017estv\u00ed osobn\u00edch \u00fadaj\u016f z sd\u00edlen\u00e9 slo\u017eky.<\/p>\n\n\n\n<p>P\u0159i vytv\u00e1\u0159en\u00ed syst\u00e9mu bylo stanoveno, \u017ee na LAN syst\u00e9mu nebudou zpracov\u00e1v\u00e1ny \u017e\u00e1dn\u00e9 osobn\u00ed \u00fadaje, ale za ur\u010dit\u00fdch podm\u00ednek se uk\u00e1zalo, \u017ee do sd\u00edlen\u00e9 slo\u017eky na LAN syst\u00e9mu mohou b\u00fdt vlo\u017eeny osobn\u00ed \u00fadaje. Nav\u00edc, LAN syst\u00e9m Japonsk\u00e9 penzijn\u00ed instituce nebyl p\u0159ipraven na c\u00edlen\u00e9 \u00fatoky, co\u017e zp\u016fsobilo, \u017ee po zji\u0161t\u011bn\u00ed \u00fatoku trvalo dlouho, ne\u017e byla situace pln\u011b pochopena.<\/p>\n\n\n\n<p>Vy\u0161et\u0159ovac\u00ed komise navrhla n\u00e1sleduj\u00edc\u00ed opat\u0159en\u00ed k zabr\u00e1n\u011bn\u00ed opakov\u00e1n\u00ed incidentu:<\/p>\n\n\n\n<ul>\n<li>Zlep\u0161en\u00ed lidsk\u00fdch zdroj\u016f (z\u0159\u00edzen\u00ed odd\u011blen\u00ed pro bezpe\u010dnostn\u00ed opat\u0159en\u00ed atd.)<\/li>\n\n\n\n<li>Zlep\u0161en\u00ed dohledov\u00e9ho syst\u00e9mu Ministerstva zdravotnictv\u00ed, pr\u00e1ce a soci\u00e1ln\u00edch v\u011bc\u00ed (zlep\u0161en\u00ed informa\u010dn\u00edho bezpe\u010dnostn\u00edho syst\u00e9mu ministerstva atd.)<\/li>\n\n\n\n<li>Technick\u00e9 zlep\u0161en\u00ed (vytvo\u0159en\u00ed syst\u00e9mu na z\u00e1klad\u011b skute\u010dn\u00e9ho stavu a rizik pr\u00e1ce atd.)<\/li>\n\n\n\n<li>Zm\u011bna postoj\u016f v Japonsk\u00e9 penzijn\u00ed instituci<\/li>\n<\/ul>\n\n\n\n<p>Jejich doporu\u010den\u00ed jsou uvedena v\u00fd\u0161e.<\/p>\n\n\n\n<p>D\u00e1le, proto\u017ee mezi zadavatelem a dodavatelem byla uzav\u0159ena pouze obecn\u00e1 dohoda o ochran\u011b informa\u010dn\u00ed bezpe\u010dnosti, a nebyla jasn\u00e1 dohoda o konkr\u00e9tn\u00edch opat\u0159en\u00edch v p\u0159\u00edpad\u011b incidentu, reakce byla zpo\u017ed\u011bn\u00e1 a \u0161koda byla v\u011bt\u0161\u00ed. (Zdroj: Ministerstvo zdravotnictv\u00ed, pr\u00e1ce a soci\u00e1ln\u00edch v\u011bc\u00ed, &#8220;<a href=\"https:\/\/www.mhlw.go.jp\/file\/05-Shingikai-10201000-Daijinkanbousoumuka-Soumuka\/0000095309.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Zpr\u00e1va z 21. srpna roku Heisei 27 (2015)[ja]<\/a>&#8220;)<\/p>\n\n\n\n<p>Aby se p\u0159ede\u0161lo takov\u00fdm situac\u00edm, je t\u0159eba:<\/p>\n\n\n\n<ul>\n<li>Uzav\u0159\u00edt smlouvu o \u00farovni slu\u017eeb (SLA) s konkr\u00e9tn\u00edm obsahem<\/li>\n\n\n\n<li>Jasn\u011b se dohodnout, \u017ee dodavatel bude reagovat v p\u0159\u00edpad\u011b nouze<\/li>\n<\/ul>\n\n\n\n<p>Toto by m\u011blo b\u00fdt nezbytn\u00e9.<\/p>\n\n\n\n<p>Smlouva o \u00farovni slu\u017eeb (Service Level Agreement, SLA) je smlouva uzav\u0159en\u00e1 mezi poskytovatelem a p\u0159\u00edjemcem slu\u017eby, kter\u00e1 se dohodne na kvalit\u011b slu\u017eby, rozsahu aplikace, zp\u016fsobu p\u0159ijet\u00ed, odpov\u011bdnosti a n\u00e1kladech atd. Nav\u00edc, p\u0159edem se dohodnout na reakci v p\u0159\u00edpad\u011b incidentu umo\u017e\u0148uje rychle a adekv\u00e1tn\u011b reagovat.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Pripad_uniku_osobnich_udaju_v_korporaci_Benesse\"><\/span>P\u0159\u00edpad \u00faniku osobn\u00edch \u00fadaj\u016f v korporaci Benesse<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>V roce 2014 do\u0161lo k p\u0159\u00edpadu \u00faniku osobn\u00edch \u00fadaj\u016f v korporaci Benesse. Tento incident byl zp\u016fsoben t\u00edm, \u017ee zam\u011bstnanec subdodavatele zkop\u00edroval z\u00e1kaznick\u00e1 data a prodal je seznamovac\u00ed agentu\u0159e, co\u017e vedlo k \u00faniku p\u0159ibli\u017en\u011b 29,89 milionu z\u00e1kaznick\u00fdch informac\u00ed.<\/p>\n\n\n\n<p>Jako p\u0159\u00ed\u010dina tohoto incidentu je uv\u00e1d\u011bno, \u017ee i p\u0159es ud\u011blen\u00ed p\u0159\u00edstupov\u00fdch pr\u00e1v k dat\u016fm subdodavatel\u016fm a dal\u0161\u00edm subdodavatel\u016fm nebyl zaveden dostate\u010dn\u00fd dohledov\u00fd syst\u00e9m, kter\u00fd by zabr\u00e1nil \u00faniku informac\u00ed.<\/p>\n\n\n\n<p>Mo\u017en\u00e1 opat\u0159en\u00ed zahrnuj\u00ed:<\/p>\n\n\n\n<ul>\n<li>Definov\u00e1n\u00ed rozsahu pr\u00e1ce a p\u0159\u00edstupu k informac\u00edm subdodavatele v smlouv\u011b<\/li>\n\n\n\n<li>Pravideln\u00e9 auditov\u00e1n\u00ed subdodavatel\u016f<\/li>\n\n\n\n<li>Nalo\u017een\u00ed povinnosti subdodavatel\u016fm pod\u00e1vat zpr\u00e1vy o dohledov\u00e9m syst\u00e9mu<\/li>\n\n\n\n<li>Vybr\u00e1n\u00ed osob, kter\u00e9 budou u subdodavatele zpracov\u00e1vat d\u016fle\u017eit\u00e9 informace, a proveden\u00ed kontroly<\/li>\n<\/ul>\n\n\n\n<p>Jeden z\u00e1kazn\u00edk pozd\u011bji podal \u017ealobu na korporaci Benesse, poskytovatele slu\u017eby, a po\u017eadoval od\u0161kodn\u011bn\u00ed ve v\u00fd\u0161i 100 000 jen\u016f za \u00fanik sv\u00fdch a d\u011btsk\u00fdch osobn\u00edch \u00fadaj\u016f v tomto incidentu.<\/p>\n\n\n\n<p>A\u010dkoli z\u00e1kazn\u00edk prohr\u00e1l v prvn\u00edm a druh\u00e9m stupni soudn\u00edho \u0159\u00edzen\u00ed, Nejvy\u0161\u0161\u00ed soud dne 23. \u0159\u00edjna 2017 (Heisei 29) rozhodl, \u017ee:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\">\n<p>&#8220;Je nespr\u00e1vn\u00e9 okam\u017eit\u011b zam\u00edtnout n\u00e1rok \u017ealobce pouze na z\u00e1klad\u011b skute\u010dnosti, \u017ee nebylo prok\u00e1z\u00e1no ani tvrzeno, \u017ee do\u0161lo k po\u0161kozen\u00ed p\u0159esahuj\u00edc\u00edmu nepohodl\u00ed, ani\u017e by bylo \u0159\u00e1dn\u011b posouzeno, zda do\u0161lo k du\u0161evn\u00edmu po\u0161kozen\u00ed \u017ealobce v d\u016fsledku poru\u0161en\u00ed soukrom\u00ed a jak\u00e9ho rozsahu.&#8221;<\/p>\n<cite><a href=\"https:\/\/www.courts.go.jp\/app\/files\/hanrei_jp\/154\/087154_hanrei.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">Rozhodnut\u00ed druh\u00e9ho mal\u00e9ho soudu dne 23. \u0159\u00edjna 2017 (Heisei 29), p\u0159\u00edpad \u017e\u00e1dosti o n\u00e1hradu \u0161kody \u010d. 1892 (p\u0159ijato v roce Heisei 28)[ja]<\/a><\/cite><\/blockquote>\n\n\n\n<p>Nejvy\u0161\u0161\u00ed soud zru\u0161il rozhodnut\u00ed druh\u00e9ho stupn\u011b a vr\u00e1til p\u0159\u00edpad k dal\u0161\u00edmu projedn\u00e1n\u00ed do Osack\u00e9ho vrchn\u00edho soudu.<\/p>\n\n\n\n<p>Dne 20. listopadu 2019 Osack\u00fd vrchn\u00ed soud uznal poru\u0161en\u00ed soukrom\u00ed a na\u0159\u00eddil korporaci Benesse zaplatit 1 000 jen\u016f.<\/p>\n\n\n\n<p>V prvn\u00edm a druh\u00e9m stupni soudn\u00edho \u0159\u00edzen\u00ed bylo kladen d\u016fraz nejen na poru\u0161en\u00ed soukrom\u00ed, ale tak\u00e9 na ot\u00e1zku, zda skute\u010dn\u011b do\u0161lo k po\u0161kozen\u00ed. Nejvy\u0161\u0161\u00ed soud v\u0161ak rozhodl, \u017ee by m\u011blo b\u00fdt posuzov\u00e1no, zda do\u0161lo k poru\u0161en\u00ed soukrom\u00ed, bez ohledu na to, zda do\u0161lo k po\u0161kozen\u00ed. V jin\u00fdch p\u0159\u00edpadech \u00faniku informac\u00ed jsou \u010dasto uzn\u00e1v\u00e1ny \u017e\u00e1dosti o n\u00e1hradu \u0161kody zalo\u017een\u00e9 na \u00faniku informac\u00ed, a toto rozhodnut\u00ed Nejvy\u0161\u0161\u00edho soudu je pova\u017eov\u00e1no za sou\u010d\u00e1st tohoto trendu.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Shrnuti_Konzultujte_system_vnitrni_kontroly_s_pravnikem\"><\/span>Shrnut\u00ed: Konzultujte syst\u00e9m vnit\u0159n\u00ed kontroly s pr\u00e1vn\u00edkem<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Pro zdrav\u00e9 \u0159\u00edzen\u00ed spole\u010dnosti nebo organizace je nezbytn\u00e9 spr\u00e1vn\u011b budovat a provozovat syst\u00e9m vnit\u0159n\u00ed kontroly. I kdy\u017e dojde k bezpe\u010dnostn\u00edmu incidentu, jako je \u00fanik informac\u00ed ze strany dodavatele, existuje mo\u017enost, \u017ee odpov\u011bdnost bude svalena na zadavatele, a nelze se vyhnout poklesu firemn\u00edho image. Aby se p\u0159ede\u0161lo takov\u00fdm situac\u00edm, je nutn\u00e9 p\u0159edem vytvo\u0159it syst\u00e9m, kter\u00fd zajist\u00ed, \u017ee syst\u00e9m vnit\u0159n\u00ed kontroly bude \u0159\u00e1dn\u011b fungovat i u dodavatele.<\/p>\n\n\n\n<p>Pros\u00edm, konzultujte s pr\u00e1vn\u00edkem o budov\u00e1n\u00ed a provozov\u00e1n\u00ed syst\u00e9mu vnit\u0159n\u00ed kontroly, v\u010detn\u011b zaveden\u00ed syst\u00e9mu informa\u010dn\u00ed bezpe\u010dnosti.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Uvod_do_opatreni_nasi_kancelare\"><\/span>\u00davod do opat\u0159en\u00ed na\u0161\u00ed kancel\u00e1\u0159e<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Pr\u00e1vnick\u00e1 kancel\u00e1\u0159 Monolith je pr\u00e1vnick\u00e1 kancel\u00e1\u0159 s vysokou odbornost\u00ed v oblasti IT, zejm\u00e9na internetu a pr\u00e1va. Pot\u0159eba pr\u00e1vn\u00ed kontroly p\u0159i budov\u00e1n\u00ed a provozov\u00e1n\u00ed intern\u00edch kontroln\u00edch syst\u00e9m\u016f se st\u00e1le zvy\u0161uje. Podrobnosti jsou uvedeny v n\u00e1sleduj\u00edc\u00edm \u010dl\u00e1nku.<\/p>\n\n\n\n<p>Obory pr\u00e1ce pr\u00e1vnick\u00e9 kancel\u00e1\u0159e Monolith: <a href=\"https:\/\/monolith.law\/practices\/corporate\" target=\"_blank\" rel=\"noreferrer noopener\">Pr\u00e1vn\u00ed z\u00e1le\u017eitosti IT a startupov\u00fdch spole\u010dnost\u00ed[ja]<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Podniky jsou podle japonsk\u00e9ho Obchodn\u00edho z\u00e1kon\u00edku (Japanese Company Law) a Z\u00e1kona o obchodov\u00e1n\u00ed s finan\u010dn\u00edmi produkty (Japanese Financial Instruments and Exchange Act) povinny vytvo\u0159it syst\u00e9m vnit\u0159n\u00ed  [&hellip;]<\/p>\n","protected":false},"author":32,"featured_media":64213,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[24,29],"acf":[],"_links":{"self":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/61600"}],"collection":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/comments?post=61600"}],"version-history":[{"count":2,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/61600\/revisions"}],"predecessor-version":[{"id":64214,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/posts\/61600\/revisions\/64214"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media\/64213"}],"wp:attachment":[{"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/media?parent=61600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/categories?post=61600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/monolith.law\/cs\/wp-json\/wp\/v2\/tags?post=61600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}