ict co-ordination and management in the public sector preconditions1 - ict... · ict co-ordination...

1

ICT co-ordination and

management in the public sector

ICT co-ordination and

management in the public sector

Preconditions for information exchange (1)Arvo Ott

What is interoperability?What is interoperability?

• Interoperability - the ability of ICT systems toexchange data and to enable the sharing of information and knowledge.

• An interoperability framework - a set of standards and guidelines that describes the way in which organizations have agreed, or should agree, tointeract with each other.

October 7-8, 2008 2Tirana

Aspects of interoperabilityAspects of interoperability

• Political

• Legislative

• Organizational

• Semantic

• Technical

• …and even psychological


2

ENSABLING COMPONENTS

Legal framework needed (1)



• Regulation(s) specifying availability of the public data. For example, most of the data the governmental offices are producing should be accessible to everyone.

• Regulation(s) that specify how new registers are created and maintained.

• Regulation(s) that assert requirements on data collection. For example, the same data items should not be collected simultaneously by two different ministries or offices.

• Regulation(s) specifying provision of data about the registers. For example, it should be mandatory to supply information about how to access specific data in a specific register.

• Regulation(s) about the data access layer of information systems.






• Regulation(s) about ICT security procedures, measures, and auditing.

• Regulation(s) about classifiers, addresses, geographical information systems, document management etc.

• Specific legislation concerning important registers (for example, the population register).

• Legislation about electronic signature.

• It is necessary to keep track of developments in the wider community. For instance, changes in privacy legislation

may impose requirements to the provision of some

e-services.


Legislation (Estonian example)Legislation (Estonian example)

– Databases Act (1997/ 2006)

– Public Information Act (2001)

– Digital Signatures Act (2000)

– Act on Intellectual Property (applicable also for state databases)

– Principles of Estonian Information Policy (1998, 2004)… this is not legal act

– Action Plan of Estonian Information Policy –(eEstonia) (1998, 1999, 2000, 2001,2002, 2003, 2004, 2005, 2006)….not legal act

– Personal Data Protection Act (1996)


3

Coordination and cooperation

between organizations (1)



• One-stop approach: use of “life events” for citizens (e.g. birth) and “business episodes” (e.g. founding a company) for enterprises. In doing so, citizens and enterprises can remain focused on their needs instead of having to deal with the specific functional organization of the public sector.

• Depending on the way public administrations are organized, a given eGovernment service may imply either a single process or several business processes to be performed in a given sequence between different administrations.

• Decentralized responsibility involves the capability for each partner concerned to organize its business processes in a way best suited to its practices.





between organizations (2)• The cooperating public administrations have to consider the required contributions and commitment necessary from each other to provide an acceptable level of quality and security to the customer. To address these requirements with confidence, public administrations will need to enter into some sort of agreement that gives assurance to all parties (e.g. service level agreements on timely delivery, on quality, on data protection, on security measures, etc.)

• Redesign of administrative processes may be needed, to make the best use of available technology.

• It is recommended to consider priority implementation of the twenty public services (12 for citizens and 8 for enterprises) agreed by the EU Member States for which the online sophistication is being benchmarked at national level.


GovernmentCounty

governmentsCounty

governments

IT managersgovernments

Localgovernments

Representative

IT councils of counties

Local governmentassociations

Representative

ICT work groupsof counties

Councilrepresentative

InformaticsCouncil

Department ofState InformationSystems (RISO)

IT manager

InformaticsCentre

IC secretariat

ICT work groupsof ministries

IT councils ofministries

Ministries

Management representatives &IT managers of

ministriesSubordinateagencies

IT managers

Councilsdirectors

MINISTRY OF ECONOMIC AFFAIRS AND COMMUNICATIONS


4

KIT

Citizen viewEIT

Enterpriser viewAIT

Public servant view

Nation

al Datab

ases

Reg

ister

http

://www.riik.e

e/arr/

Pop

ulation

Reg

ister

Health

Insu

rance

Reg

ister

Nation

al Pen

sionInsu

rance R

egister

Veh

icle Reg

ister

Tallinna V

esi IS

Eesti E

nerg

ia IS

Internet - X-road

Databases / information systems Banks

Central server I

Central server II

Central

monitoring

HelpDesk

X-road certification center

X-road centerTools centrally developed by the State,

i.e. the State Portal

CertificationCenter

ID – card

• Ühispank• Hansapank• Krediidipank • Sampo Pank• Nordea Pank

Security

server

Security

server

Security

server

Security

server

Security

server

Security

server

Security

server

Security

server:: … ::

:: E-institution – institution view ::

:: E-county – county view ::

:: Governmental Portal – Your Estonia ::

Institutional view of the state Thematic view of the statewww.riik.ee www.eesti.ee

Security

server

57 DB

1100000

104 DB

359 org.

5

Popul. ~1,3 mil.

ICT architecture


X-Road - Internet

SS

AS

SS

AS

SS

AS

SS

AS

Population Register

Services

Health insurance Register

Services

Vehicle Register

Services

Information systems

Environments developed by the government

SS

AS

Private Sector

Banksx 5

- authenti-fication

-payments- services

SS

AS

ID-Card

Sertification

Centre

KIT

Citizen’sview

EIT

Enterpriser’sview

AIT

Public servantview

:: Governmental Portal – Your Estonia ::

Institutional view of Thematic view of the state the state

www.riik.ee www.eesti.ee

X-Road Centre

Central Register of DBs

(RIHA)

AS

SS

Certification Agency of X-Road

Central server I

Main server II(Elion)

Monitoring

HELPDESK

SS

AS

Documents Exchange Centre…

Other

IS

SS

AS

IS of infra-

structure enter-prises


The administration system for the

state information system

The administration system for the

state information system

• Obtaining information about existing services as well as those under development.

• Applying for the right to use a service.• Proposing the creation of a new service.• Administering in-house access rights• Ensuring legitimate use of data serviceshttp://www.ria.ee/27313


5

The data exchange layer of

information systems

The data exchange layer of

information systems

• An environment enabling secure internet-based data exchange.

• Reduces the number of communications between different registers and thus increases the efficiency of data

exchange among state agencies and between people and

the state. It allows information systems to use, among

others, the following components.

– A common data exchange environment.

– A common set of interfaces.

– A common authentication system.

http://www.cyber.ee/fotod/x-tee.jpg


The system of security measures for

information systems

The system of security measures for

information systems

• Procedures to specify the criticality of information systems under consideration.

• Procedures to determine security classes depending on the criticality.

• Procedures to select the security measures in accordance with security classes.

• Procedures to implement, check, and audit the selected security measures.


The classification systemThe classification system

• Comprises common principles and objects for the administration and use of classifications

– Requirements for classifications.

– Classifications.

– Administrators of classifications.

– Users of classifications.

– Lists of classifications services.

– List of classifications and their administrators.


6

The system of addressesThe system of addresses

• A set of principles, which allows a unified identification of address objects both in their

physical location and in different databases

– Databases, which process and handle address details.

– Requirements for main maintainers of address details, for respective services and for the users.

– Address services provided by the data exchange layer.


The geodetic systemThe geodetic system

• The geodetic reference system.

• The system of plane rectangular coordinates.

• The height system.

• The gravimetric system.


PKIPKI

• Enables secure authentication and electronic signatures. To support interoperability, it is useful to have in place the

following components relating to the public key

infrastructure.

– Legislation and standards concerning electronic signatures and public key infrastructure.

– System for the distribution of private keys (for example, using ID-cards).

– The service providers.

– The services (important services may be provided by the private sector enterprises, such as banks).

– The users interested in, knowledgeable with and using the services provided by the public key infrastructure.


7

National chip-based Identity Card

(example)

Issuing authority:Estonian Citizenship and Migration Board

Service contractor:TRÜB Switzerland

Start of issue:January 1, 2002

Conformance with:

ICAO Doc. 9303 part 3 Inside 16 Kb RSA crypto chip are :2 private keys; authentication certificate;digital signature certificate; personal data file


• 18 Dec 2001 – ID-card as a compulsory

identity document

• 28 Jan 2002 – first ID-cards issued

• 15 Sept 2002 – over 50,000 ID-cards issued

• Today – more then 1 200 000 ID-cards have

been issued

• New applications under way

• ID-card also carries a certificate for allowing

the use of digital signature and e-mail

address [email protected]


Public sector – digital signature

implementation aspects

– Need for digital signatures in the “back office” of a ministry is small

– “medium” need for digital signatures in communication between ministries (document management, contracts, accounting). Non-existing digital archiving, lack of special training and existing traditions in organizations are the main problems.

– Bigger need for digital signatures in communication between the government and citizens/businesses (DigiDoc, KIT)


8

Lessons learned:

• Infrastructure and software components for digital signature are available –

implementation in public sector is largely

the task of document management, top

executives and IT managers

• Digital signature is not implemented onlyby enforcement of Digital Signatures Act –

political expectations are usually too

optimistic


It is reasonable to set up only one commonly used PKI It is reasonable to set up only one commonly used PKI --one one trust chain in cotrust chain in co--operation with business communityoperation with business community

Political debate Political debate –– Do we need ID cards at all? Do we need ID cards at all?

Is ID card compulsory or voluntary ?Is ID card compulsory or voluntary ?

Why do we need digital signatures at all when there are no Why do we need digital signatures at all when there are no services ready.services ready.

Questions to ask Questions to ask –– Are there services to appear when there are Are there services to appear when there are no digital identities? What is it going to cost later?no digital identities? What is it going to cost later?

We must start ID issuance now where the passports start to We must start ID issuance now where the passports start to expire in 2002. expire in 2002. ((itit waswas inin casecase ofof Estonia)Estonia)

Later implementation of digital signature will become more Later implementation of digital signature will become more costly or won’t be reasonable at all. costly or won’t be reasonable at all.

Starting point assumptions/questions:


ID-tickets

Population registerPhone/GSM

Internet bank

Service points

ID-card is used to purchase ID-ticket and on validation

ID ID cardcard basedbased publicpublic transportationtransportation ticketsticketsID ID cardcard basedbased publicpublic transportationtransportation ticketstickets


9

• ID-card is key component

– e-police

– e-health record

– e-school

– e-elections

– ...

ID card as key


Nation-wide information systems enabling

interoperability: Portals

Nation-wide information systems enabling

interoperability: Portals

• Common single point of entries that operate in collaboration of state information systems.

• The state domains and portals are regulated by an institution responsible for the co-ordination of state

information systems.

• The users of public sector information systems are typically interested in specific services, not in

separate information systems. To provide theses

services, the state information systems have to co-

operate and function as a whole for users.

Example: http://www.eesti.ee/est/


Document management systemsDocument management systems

• Interoperable document management systems enable mutual exchange and management of

digital documents.


10

RegistersRegisters

• There is the concept about basic registers – population register, real-estate registers, business register. According to new understanding of databases interoperability, concept about basic data (not basic information) is developing.

• The population register is the uniform database of the personal data of itizens and foreigners with residence permits. All other registers should rely on the data provided by the population register and not collect separate data from the people. Data in the population register should be adequately protected. There is the question about the content of record in Population register.... to avoid collecting too much information.

• Many other vital information systems contribute to interoperability, such as the business register, the property register, and others.


Requirements for eGovernment

services (1)


services (1)

• E-services are made known to users and users are aware of the benefits of using the services.

• E-services can be located easily.

• E-services must be accessible to all members of the intended target groups. This may imply a differentiation

between services that are used anonymously and services

that require identification. Accessibility also includes

awareness of the needs of disabled and elderly persons.

• E-services should be user-centered.

• They should be comprehensive, correct, readily available, and easy to understand in terms of language and structure.



services (2)


services (2)

• E-services should add value.

• Where applicable, a service should be integrated with other services.

• The design of eGovernment applications should comply with the existing legal data protection

• The provision of e-services should be safe, confidential and in no way harm the privacy of either party.


11

EUROPEAN INTEROPERABILITY FRAMEWORK

FOR PAN-EUROPEAN eGOVERNMENT SERVICES

v 1.0

EUROPEAN INTEROPERABILITY FRAMEWORK

FOR PAN-EUROPEAN eGOVERNMENT SERVICES

v 1.0

Objecitves

• To support the European Union's strategy of providing user-centred eServices by facilitating the interoperability of services and systems between public administrations, as well asbetween administrations and the public (citizens and enterprises), at a pan-European level.

• To supplement national interoperability frameworks in areas that cannot be adequately addressed by a purely national approach.

• To help achieve interoperability both within and across different policy areas, notably in the context of the IDABC programme and any other relevant Community programmes and initiatives.


Examples of e-servicesExamples of e-services

• Parential leave benefit claim

– 18 data requests between 5 information systems + calculation = 7 documents in real life = 3 minutes data input +1 mouse click

• ID card as a bus ticket

• Mobile parking for municipalities

• Exam results with SMS

• Registration of an enterprise on-line


Parental benefit – best eGov service in 2004

(interoperability of 5 information systems from 5

goverment institutions)

Parental benefit – best eGov service in 2004

(interoperability of 5 information systems from 5

goverment institutions)


12

One portal serves citizens as a gateway to the services

of approximately 60 different databases www.eesti.ee


Consult data about their real estate possessions www.eesti.ee


Thank you for your

attention!

Arvo Ott, PhDeGovernance [email protected]
