Current developments regarding the Common State IT Infrastructure Program (WIIP)
The WIIP program has been operating since 2019, and to date a number of steps have been completed in the program, including introduction of the Cloud Service Provision System (ZUCH), or for example the drafting of the Cloud Cybersecurity Standards. What are the current developments regarding the program? Is the WIIP program applicable to commercial suppliers?
Working with the COI, NASK, and GovTech Polska as providers assigned Ministry of Digital Affairs tasks, the Ministry of Digital Affairs is working to construct the Common State IT Infrastructure (WIIP).
The WIIP program comprises a range of organizational and investment measures concerning supply of IT infrastructure as cloud computing services. Elements of the program include:
- giving public authorities the option of acquiring Public Cloud services (PChO) – public cloud services provided by commercial suppliers that meet in particular confidentiality, integrity, and accessibility requirements defined in terms of ensuring security for government authorities;
- construction, development, and maintenance of the Government Cloud (RChO) – common public authority cloud;
- the Cloud Service Provision System (ZUCH) – in which buyers can review the services provided in a cloud and cloud support services offered by vetted sellers and procure cloud services, of which the scope and parameters are specified in the Public Cloud Service Catalog by the ZUCH Operator (Ministry of Digital Affairs);
- The Government Cybersecurity Cluster (RKB), which is part of Government Cloud (RChO) security;
- The Cloud Cybersecurity Standards (SCCO) – a set of legal, organizational, and technical requirements ensuring cybersecurity in cloud computing implementation models.
There are plans to expand the ZUCH platform and ensure that the Public Procurement Law is amended accordingly to make using ZUCH easier.
The Cloud Security Standards document is particularly noteworthy (available here). This document specifies the requirements for:
- government entities that manage Data Centers (CPD) for them to be connected to the Government Cybersecurity Cluster (RKB) or incorporated into the Government Cloud (RChO) resources, as well as
- suppliers of cloud computing services as part of the PChO.
More information on how to become a seller in ZUCH can be found here and here. The second edition of the PChO catalog is expected in Q1 2022. In the second edition, a seller will be able to offer cloud services in ZUCH in two service catalogs: The Polish PChO and EU PChO (PChO service catalog in the Polish jurisdiction and in the EU jurisdiction).