ict co-ordination and management in the public sector preconditions1 - ict... · ict co-ordination...
TRANSCRIPT
1
ICT co-ordination and
management in the public sector
ICT co-ordination and
management in the public sector
Preconditions for information exchange (1)Arvo Ott
What is interoperability?What is interoperability?
• Interoperability - the ability of ICT systems toexchange data and to enable the sharing of information and knowledge.
• An interoperability framework - a set of standards and guidelines that describes the way in which organizations have agreed, or should agree, tointeract with each other.
October 7-8, 2008 2Tirana
Aspects of interoperabilityAspects of interoperability
• Political
• Legislative
• Organizational
• Semantic
• Technical
• …and even psychological
October 7-8, 2008 3Tirana
2
ENSABLING COMPONENTS
Legal framework needed (1)
ENSABLING COMPONENTS
Legal framework needed (1)
• Regulation(s) specifying availability of the public data. For example, most of the data the governmental offices are producing should be accessible to everyone.
• Regulation(s) that specify how new registers are created and maintained.
• Regulation(s) that assert requirements on data collection. For example, the same data items should not be collected simultaneously by two different ministries or offices.
• Regulation(s) specifying provision of data about the registers. For example, it should be mandatory to supply information about how to access specific data in a specific register.
• Regulation(s) about the data access layer of information systems.
October 7-8, 2008 4Tirana
ENSABLING COMPONENTS
Legal framework needed (2)
ENSABLING COMPONENTS
Legal framework needed (2)
• Regulation(s) about ICT security procedures, measures, and auditing.
• Regulation(s) about classifiers, addresses, geographical information systems, document management etc.
• Specific legislation concerning important registers (for example, the population register).
• Legislation about electronic signature.
• It is necessary to keep track of developments in the wider community. For instance, changes in privacy legislation
may impose requirements to the provision of some
e-services.
October 7-8, 2008 5Tirana
Legislation (Estonian example)Legislation (Estonian example)
– Databases Act (1997/ 2006)
– Public Information Act (2001)
– Digital Signatures Act (2000)
– Act on Intellectual Property (applicable also for state databases)
– Principles of Estonian Information Policy (1998, 2004)… this is not legal act
– Action Plan of Estonian Information Policy –(eEstonia) (1998, 1999, 2000, 2001,2002, 2003, 2004, 2005, 2006)….not legal act
– Personal Data Protection Act (1996)
October 7-8, 2008 6Tirana
3
Coordination and cooperation
between organizations (1)
Coordination and cooperation
between organizations (1)
• One-stop approach: use of “life events” for citizens (e.g. birth) and “business episodes” (e.g. founding a company) for enterprises. In doing so, citizens and enterprises can remain focused on their needs instead of having to deal with the specific functional organization of the public sector.
• Depending on the way public administrations are organized, a given eGovernment service may imply either a single process or several business processes to be performed in a given sequence between different administrations.
• Decentralized responsibility involves the capability for each partner concerned to organize its business processes in a way best suited to its practices.
October 7-8, 2008 7Tirana
Coordination and cooperation
between organizations (2)
Coordination and cooperation
between organizations (2)• The cooperating public administrations have to consider the required contributions and commitment necessary from each other to provide an acceptable level of quality and security to the customer. To address these requirements with confidence, public administrations will need to enter into some sort of agreement that gives assurance to all parties (e.g. service level agreements on timely delivery, on quality, on data protection, on security measures, etc.)
• Redesign of administrative processes may be needed, to make the best use of available technology.
• It is recommended to consider priority implementation of the twenty public services (12 for citizens and 8 for enterprises) agreed by the EU Member States for which the online sophistication is being benchmarked at national level.
October 7-8, 2008 8Tirana
GovernmentCounty
governmentsCounty
governments
IT managersgovernments
Localgovernments
Representative
IT councils of counties
Local governmentassociations
Representative
ICT work groupsof counties
Councilrepresentative
InformaticsCouncil
Department ofState InformationSystems (RISO)
IT manager
InformaticsCentre
IC secretariat
ICT work groupsof ministries
IT councils ofministries
Ministries
Management representatives &IT managers of
ministriesSubordinateagencies
IT managers
Councilsdirectors
MINISTRY OF ECONOMIC AFFAIRS AND COMMUNICATIONS
October 7-8, 2008 9Tirana
4
KIT
Citizen viewEIT
Enterpriser viewAIT
Public servant view
Nation
al Datab
ases
Reg
ister
http
://www.riik.e
e/arr/
Pop
ulation
Reg
ister
Health
Insu
rance
Reg
ister
Nation
al Pen
sionInsu
rance R
egister
Veh
icle Reg
ister
Tallinna V
esi IS
Eesti E
nerg
ia IS
Internet - X-road
Databases / information systems Banks
Central server I
Central server II
Central
monitoring
HelpDesk
X-road certification center
X-road centerTools centrally developed by the State,
i.e. the State Portal
CertificationCenter
ID – card
• Ühispank• Hansapank• Krediidipank • Sampo Pank• Nordea Pank
Security
server
Security
server
Security
server
Security
server
Security
server
Security
server
Security
server
Security
server:: … ::
:: E-institution – institution view ::
:: E-county – county view ::
:: Governmental Portal – Your Estonia ::
Institutional view of the state Thematic view of the statewww.riik.ee www.eesti.ee
Security
server
57 DB
1100000
104 DB
359 org.
5
Popul. ~1,3 mil.
ICT architecture
October 7-8, 2008 10Tirana
X-Road - Internet
SS
AS
SS
AS
SS
AS
SS
AS
Population Register
Services
Health insurance Register
Services
Vehicle Register
Services
Information systems
Environments developed by the government
SS
AS
Private Sector
Banksx 5
- authenti-fication
-payments- services
SS
AS
ID-Card
Sertification
Centre
KIT
Citizen’sview
EIT
Enterpriser’sview
AIT
Public servantview
:: Governmental Portal – Your Estonia ::
Institutional view of Thematic view of the state the state
www.riik.ee www.eesti.ee
X-Road Centre
Central Register of DBs
(RIHA)
AS
SS
Certification Agency of X-Road
Central server I
Main server II(Elion)
Monitoring
HELPDESK
SS
AS
Documents Exchange Centre…
Other
IS
SS
AS
IS of infra-
structure enter-prises
October 7-8, 2008 11Tirana
The administration system for the
state information system
The administration system for the
state information system
• Obtaining information about existing services as well as those under development.
• Applying for the right to use a service.• Proposing the creation of a new service.• Administering in-house access rights• Ensuring legitimate use of data serviceshttp://www.ria.ee/27313
October 7-8, 2008 12Tirana
5
The data exchange layer of
information systems
The data exchange layer of
information systems
• An environment enabling secure internet-based data exchange.
• Reduces the number of communications between different registers and thus increases the efficiency of data
exchange among state agencies and between people and
the state. It allows information systems to use, among
others, the following components.
– A common data exchange environment.
– A common set of interfaces.
– A common authentication system.
http://www.cyber.ee/fotod/x-tee.jpg
October 7-8, 2008 13Tirana
The system of security measures for
information systems
The system of security measures for
information systems
• Procedures to specify the criticality of information systems under consideration.
• Procedures to determine security classes depending on the criticality.
• Procedures to select the security measures in accordance with security classes.
• Procedures to implement, check, and audit the selected security measures.
October 7-8, 2008 14Tirana
The classification systemThe classification system
• Comprises common principles and objects for the administration and use of classifications
– Requirements for classifications.
– Classifications.
– Administrators of classifications.
– Users of classifications.
– Lists of classifications services.
– List of classifications and their administrators.
October 7-8, 2008 15Tirana
6
The system of addressesThe system of addresses
• A set of principles, which allows a unified identification of address objects both in their
physical location and in different databases
– Databases, which process and handle address details.
– Requirements for main maintainers of address details, for respective services and for the users.
– Address services provided by the data exchange layer.
October 7-8, 2008 16Tirana
The geodetic systemThe geodetic system
• The geodetic reference system.
• The system of plane rectangular coordinates.
• The height system.
• The gravimetric system.
October 7-8, 2008 17Tirana
PKIPKI
• Enables secure authentication and electronic signatures. To support interoperability, it is useful to have in place the
following components relating to the public key
infrastructure.
– Legislation and standards concerning electronic signatures and public key infrastructure.
– System for the distribution of private keys (for example, using ID-cards).
– The service providers.
– The services (important services may be provided by the private sector enterprises, such as banks).
– The users interested in, knowledgeable with and using the services provided by the public key infrastructure.
October 7-8, 2008 18Tirana
7
National chip-based Identity Card
(example)
Issuing authority:Estonian Citizenship and Migration Board
Service contractor:TRÜB Switzerland
Start of issue:January 1, 2002
Conformance with:
ICAO Doc. 9303 part 3 Inside 16 Kb RSA crypto chip are :2 private keys; authentication certificate;digital signature certificate; personal data file
October 7-8, 2008 19Tirana
• 18 Dec 2001 – ID-card as a compulsory
identity document
• 28 Jan 2002 – first ID-cards issued
• 15 Sept 2002 – over 50,000 ID-cards issued
• Today – more then 1 200 000 ID-cards have
been issued
• New applications under way
• ID-card also carries a certificate for allowing
the use of digital signature and e-mail
address [email protected]
October 7-8, 2008 20Tirana
Public sector – digital signature
implementation aspects
– Need for digital signatures in the “back office” of a ministry is small
– “medium” need for digital signatures in communication between ministries (document management, contracts, accounting). Non-existing digital archiving, lack of special training and existing traditions in organizations are the main problems.
– Bigger need for digital signatures in communication between the government and citizens/businesses (DigiDoc, KIT)
October 7-8, 2008 21Tirana
8
Lessons learned:
• Infrastructure and software components for digital signature are available –
implementation in public sector is largely
the task of document management, top
executives and IT managers
• Digital signature is not implemented onlyby enforcement of Digital Signatures Act –
political expectations are usually too
optimistic
October 7-8, 2008 22Tirana
It is reasonable to set up only one commonly used PKI It is reasonable to set up only one commonly used PKI --one one trust chain in cotrust chain in co--operation with business communityoperation with business community
Political debate Political debate –– Do we need ID cards at all? Do we need ID cards at all?
Is ID card compulsory or voluntary ?Is ID card compulsory or voluntary ?
Why do we need digital signatures at all when there are no Why do we need digital signatures at all when there are no services ready.services ready.
Questions to ask Questions to ask –– Are there services to appear when there are Are there services to appear when there are no digital identities? What is it going to cost later?no digital identities? What is it going to cost later?
We must start ID issuance now where the passports start to We must start ID issuance now where the passports start to expire in 2002. expire in 2002. ((itit waswas inin casecase ofof Estonia)Estonia)
Later implementation of digital signature will become more Later implementation of digital signature will become more costly or won’t be reasonable at all. costly or won’t be reasonable at all.
Starting point assumptions/questions:
October 7-8, 2008 23Tirana
ID-tickets
Population registerPhone/GSM
Internet bank
Service points
ID-card is used to purchase ID-ticket and on validation
ID ID cardcard basedbased publicpublic transportationtransportation ticketsticketsID ID cardcard basedbased publicpublic transportationtransportation ticketstickets
October 7-8, 2008 24Tirana
9
• ID-card is key component
– e-police
– e-health record
– e-school
– e-elections
– ...
ID card as key
October 7-8, 2008 25Tirana
Nation-wide information systems enabling
interoperability: Portals
Nation-wide information systems enabling
interoperability: Portals
• Common single point of entries that operate in collaboration of state information systems.
• The state domains and portals are regulated by an institution responsible for the co-ordination of state
information systems.
• The users of public sector information systems are typically interested in specific services, not in
separate information systems. To provide theses
services, the state information systems have to co-
operate and function as a whole for users.
Example: http://www.eesti.ee/est/
October 7-8, 2008 26Tirana
Document management systemsDocument management systems
• Interoperable document management systems enable mutual exchange and management of
digital documents.
October 7-8, 2008 27Tirana
10
RegistersRegisters
• There is the concept about basic registers – population register, real-estate registers, business register. According to new understanding of databases interoperability, concept about basic data (not basic information) is developing.
• The population register is the uniform database of the personal data of itizens and foreigners with residence permits. All other registers should rely on the data provided by the population register and not collect separate data from the people. Data in the population register should be adequately protected. There is the question about the content of record in Population register.... to avoid collecting too much information.
• Many other vital information systems contribute to interoperability, such as the business register, the property register, and others.
October 7-8, 2008 28Tirana
Requirements for eGovernment
services (1)
Requirements for eGovernment
services (1)
• E-services are made known to users and users are aware of the benefits of using the services.
• E-services can be located easily.
• E-services must be accessible to all members of the intended target groups. This may imply a differentiation
between services that are used anonymously and services
that require identification. Accessibility also includes
awareness of the needs of disabled and elderly persons.
• E-services should be user-centered.
• They should be comprehensive, correct, readily available, and easy to understand in terms of language and structure.
October 7-8, 2008 29Tirana
Requirements for eGovernment
services (2)
Requirements for eGovernment
services (2)
• E-services should add value.
• Where applicable, a service should be integrated with other services.
• The design of eGovernment applications should comply with the existing legal data protection
• The provision of e-services should be safe, confidential and in no way harm the privacy of either party.
October 7-8, 2008 30Tirana
11
EUROPEAN INTEROPERABILITY FRAMEWORK
FOR PAN-EUROPEAN eGOVERNMENT SERVICES
v 1.0
EUROPEAN INTEROPERABILITY FRAMEWORK
FOR PAN-EUROPEAN eGOVERNMENT SERVICES
v 1.0
Objecitves
• To support the European Union's strategy of providing user-centred eServices by facilitating the interoperability of services and systems between public administrations, as well asbetween administrations and the public (citizens and enterprises), at a pan-European level.
• To supplement national interoperability frameworks in areas that cannot be adequately addressed by a purely national approach.
• To help achieve interoperability both within and across different policy areas, notably in the context of the IDABC programme and any other relevant Community programmes and initiatives.
October 7-8, 2008 31Tirana
Examples of e-servicesExamples of e-services
• Parential leave benefit claim
– 18 data requests between 5 information systems + calculation = 7 documents in real life = 3 minutes data input +1 mouse click
• ID card as a bus ticket
• Mobile parking for municipalities
• Exam results with SMS
• Registration of an enterprise on-line
October 7-8, 2008 32Tirana
Parental benefit – best eGov service in 2004
(interoperability of 5 information systems from 5
goverment institutions)
Parental benefit – best eGov service in 2004
(interoperability of 5 information systems from 5
goverment institutions)
October 7-8, 2008 33Tirana
12
One portal serves citizens as a gateway to the services
of approximately 60 different databases www.eesti.ee
October 7-8, 2008 34Tirana
Consult data about their real estate possessions www.eesti.ee
October 7-8, 2008 35Tirana
Thank you for your
attention!
Arvo Ott, PhDeGovernance [email protected]
October 7-8, 2008 36Tirana