NIFO - Alignment examples

Transcription

1 NIFO - Alignment examples Interoperability agreements and governance Public administrations, when establishing (European) public services, should base interoperability agreements on existing formalised specifications, or, if they do not exist, cooperate with communities working in the same areas. p.2 Public administrations should use a structured, transparent and objective approach to assessing and selecting formalised specifications. p.3 When establishing (European) public services, public administrations should prefer open specifications, taking due account of the coverage of functional needs, maturity and market support. p.5 Contribution to the standardisation process: Public administrations should lead or actively participate in standardisation work relevant to their needs. p.6 Public administrations, when working together to establish (European) public services, should agree on minimum service requirements for secure data exchange. p.7 Public administrations should establish a framework for the governance of their interoperability activities across administrative levels. p.9 p1

2 EIF element: Interoperability Agreements Public administrations, when establishing (European) public services, should base interoperability agreements on existing formalised specifications, or, if they do not exist, cooperate with communities working in the same areas. Measurement: Does the NIF encourage: EIF reference: EIF, Recommendation 20 - Interoperability agreements to be based on existing formalised specifications? Or - if they do not exist, to cooperate with communities working in the same areas.? Example 1: Italy Via Service Agreements and Cooperation Agreements. Firstly, a Service Agreement is a legally binding agreement established between a provider of a service and a client of the service. It defines the rules for the provision of PA s e-government application services and it is currently specified using the XML language. When generalized to cooperation among multiple parties, the agreement is named Cooperation Agreement. Secondly, a cooperation agreement defines the application services offered by the so-called Cooperation Domain, i.e., a set of different subjects that wish to cooperate for administrative processes automation purposes. See: Example 2: Malta In Malta, two approaches are taken towards interoperability agreements. - Agreement on a common set of formalised specifications for technical connectivity. Formalised specifications which can impact the way public services interoperate can be endorsed by a central body and contextualised for effective use in the public sector. Adopted specifications can also be used in acquisition scenarios as technical requirements. - Building Block: Adopted Specifications Catalogue Interoperability Profiles; Adopted Standards & Services See NIF Framework, chapter 2, 2.6 Presenting the interoperability architecture ( p2

3 EIF element: Interoperability Agreements Public administrations should use a structured, transparent and objective approach to assessing and selecting formalised specifications. Measurement: Does the NIF encourage Public administrations to use a structured, transparent and objective approach to assess and select formalised specifications? EIF reference: EIF Recommendation 21 Example 1: Spain Spain uses a standards - selection method. Generally, for the selection of standards and for the establishment of the catalogue of standards, the following criteria will be particularly considered: a) The definitions of standard and technical specification established in the Directive 98/34/CE of the European Parliament and of the Council of 22 of June of 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on information society services. b) The definition of open standard established in the Law 11/2007, of June 22, annex, letter k. c) Character of formalised specification. d) Definition of «cost not supposing access difficulty», established in the annex of this Royal Decree. e) Additional considerations referred to the adaptation of the standard to the necessities and required functionality; to the conditions related to the development, use or implementation, available and complete documentation, publication, and governing of the standard; to the conditions related to the maturity, support and adoption by the market, to its potential of reuse, to the multiplatform and multichannel applicability and to its implementation under diverse models of applications development. The catalogue of standards will be updated each year. See BOE-A _Catalogo_de_estandares ( See Technical interoperability, (see ES_NIF_Interoperability_Framework_RD4_2010.pdf d_inicio/pae_esquema_nacional_de_interoperabilidad/eni_interoperability_english_3.pdf) Example 2: The Netherlands The Dutch Standardisation Forum has drafted an open procedure for making a list of standards. Organisations need to comply or explain to the standards on the list. The review process for open standards, one of the lists, consists of six stages. 1. Application 2. Intake 3. Expert Research p3

4 4. Public consultation 5. Advice from the Forum standardization 6. Adoption by the College standardization See Standardisation Forum, p4

5 EIF element: Interoperability Agreements When establishing (European) public services, public administrations should prefer open specifications, taking due account of the coverage of functional needs, maturity and market support. Measurement: Does the NIF encourage public administrations to prefer open specifications, taking due account of the coverage of functional needs, maturity and market support? EIF reference: EIF, Recommendation 22 Example 1: Denmark There are formal decisions. Parliament decision B103 regarding the (mandatory) use of open standard states that public sector procurement of information technology should be based on the administration's assessment of its operation and how service are most effective, properly and economically. Government IT policy should ensure the public sector the best software at the lowest possible prices. This includes parameters such as functionality, stability and security. Government IT policy should contribute to ensuring a competitive market for software in Denmark. See NIF element text: Make demands on open standards Example 2: Lithuania It is described generally by the law 'All recommendations are described generally in By the law it is forbidden to use other standards if open specification could be used." chapter III 36 2 recommendations on standards, p5

6 EIF element: Interoperability Agreements Contribution to the standardisation process Public administrations should lead or actively participate in standardisation work relevant to their needs. Measurement: Does the NIF encourage public administrations to lead or actively participate in standardisation work relevant to their needs? EIF reference: EIF, Chapter 5; Interoperability agreements, Recommendation 23 Example 1: Germany In Germany, the coordinating body for IT -standards (Kosit) has the task of the development and operation of IT to coordinate standards for data exchange in the public administration. The work of Kosit is controlled by an advisory board, in addition to the federal and state governments and municipalities and the Federal Office for Security in Information Technology (BSI). See Prozessmodellierung/XML-in-der-oeffentlichen- Verwaltung/xml_verwaltung_node.html;jsessionid=19E73FBB31DCCDAC134C708F019F9E1F.2_cid324 The goal of XÖV (XML in public administrations) is to improve the interoperability of electronic data exchange within and with the public administration. To achieve this, in the context of XÖV standardization developed common rules for the development and maintenance of standards for the electronic data interchange (XÖV standards) are created and matched in the community of XÖV projects. These common rules (e.g. XÖV manual) serve both as a guide for the performance of XÖV projects and as a basis for the coordination of these projects, the reuse of technical components (XÖV core components) and as concepts and methods to facilitate the XÖV standardization. See Example 2: Portugal The inter-ministerial network for ICT defines guidelines and standards and will then consult all sectors of public Administration. The point of single contact, named "Balcão do Empreendedor", offers all the necessary services for an economic activity provided by central and local administration, providing in some cases seamless electronic form Through the Citizen Call Center and Business Call Center - with a unique phone number or , it is possible to obtain information's about all the public services Also the Simplex Program (Central, local Government and also thematic) is totally devoted to Administrative Simplification, p6

7 EIF element: Interoperability Agreements Public administrations, when working together to establish (European) public services, should agree on minimum service requirements for secure data exchange. Measurement: Does the NIF encourage public administrations to agree on minimum service requirements for secure data exchange? EIF reference: EIF, Recommendation 13 Example 1: Austria The AIF states: 'From a business point of view, administrations and other entities exchange official information that may involve access to base registries. This should go through a secure, harmonised, managed and controlled layer allowing information exchanges between administrations, businesses and citizens that are: - signed and certified both sender and receiver have been identified and authenticated through agreed mechanisms, - encrypted the confidentiality of the exchanged data is ensured, - logged the electronic records are logged and archived to ensure a legal audit trail. In the proposed conceptual model, these functions are grouped in the secure data exchange layer. This layer should allow the secure exchange of certified messages, records, forms and other kinds of information between the different systems. In addition to transporting data, this layer should also handle specific security requirements such as electronic signatures, certification, encryption and time stamping. Security is potentially one of the main barriers to interoperability if it is not applied in a harmonised and agreed way among organisations. The conceptual model highlights this and calls on all service providers to: - consider the security issues head-on; - cooperate on a common framework to meet their respective security needs via compatible mechanisms and commonly agreed specifications; - reach a common understanding on essential characteristics such as protective marking levels, authorisation levels and authentication strength. Therefore, public administrations should agree on a common security framework when establishing an Austrian public service. One of the key prerequisites for implementing the functionality expected in secure data exchange involves leveraging national identification and authentication infrastructures in the organisations to reach a working cross-organisations/sectors scheme. This scheme should establish which ICT architectures and data are needed in a cross-sector context to make existing organisation electronic identity infrastructures interoperable. Ref: AIF v1.0 Section Secure data exchange layer p7

8 Example 2: Luxembourg Security standards (seca) exist for years now and are defined and updated regularly by CTIE. All IT systems or solutions have to comply with these standards and requirements and these rules guarantee a very high level of security. A whole division of the CTIE (DSA) is working only on guaranteeing that the systems and infrastructures comply with the security requirements. p8

9 EIF element: Interoperability Governance Public administrations should establish a framework for the governance of their interoperability activities across administrative levels. Measurement: A governance framework exists to control the interoperability activities across administrative levels. EIF reference: EIF, Recommendation 25 Example 1: Cyprus Paragraph 1.6 egif Governance of the Cyprus egif describes the following: The responsible body for the management of the National egovernment Interoperability Framework of the Republic of Cyprus is the Department of Information Technology Services (DITS) of the Ministry of Finance. DITS s responsibilities as regards the egif and interoperability in general include inter alia: Definition of the interoperability strategy of the Cyprus Government. Formulation, maintenance and update of the egif. Planning and execution of dissemination and awareness activities regarding the egif. Monitoring of the adoption of the egif. Gathering and evaluation of suggestions for updates and changes to the egif. Monitoring of and participation in EU interoperability initiatives and events. Paragraph 11.3 of the Cyprus egif describes Governance in greater detail. Example 2: Malta Governance of the interoperability activities in Malta is described in two main topics: - Visualising the public sector architecture In order to facilitate the transformation to a connected Government, it is useful to determine the key responsible owner or custodian for each aspect of a public service and as much as possible to harmonise the decisions made for each domain. See NIF Framework, chapter 2, Visualising the public sector architecture ( - Governance The GMICT Policy Suite is a collection of policies, directives, procedures and standards, managed centrally by MITA, governing the adoption and use of technology within the Government of Malta. More specifically, an Interoperability Policy is used to regulate the building blocks identified by the NIF. In addition, formalised specifications adopted by MITA are also coordinated and governed by GMICT Policies. p9

10 The Architecture Assessment process governed by the Enterprise Architecture Policy, among others, is intended to verify that the Interoperability related building blocks are being used by public services as intended and that the envisaged benefits are in fact being fulfilled. Public services adopting building blocks as defined by the NIF will only need to describe their use within their solution without the need to explain their technical validity as this analysis would have already been done. For instance a solution proposing the use of SAML 2.0 (a formalised specification already adopted and endorsed by MITA) to request an authentication claim from the Government s identity repository of public officers can do so immediately. An added benefit here is that the overall assessment time can be drastically reduced if solutions are standardised and use pre-established services. The Adopted Standards & Services lock can capture where and how the adopted building blocks are used within the public service. Any specialised building blocks (such as formalised specifications which are only relevant to the solution), and international best practices can also be described and linked to the relevant functional component. This mapping gives a deeper understanding on the effectiveness of the chosen building blocks across the Enterprise Architecture and can be used to prioritise actions for the next NIF iteration and for other technical strategies. See NIF Framework, chapter 2, Governance ( - It has to be noted that in Malta, Interoperability is considered as one of the core elements of any given ICT solution. ICT solutions acquired by government are part of the overall enterprise architecture and are therefore governed by the Enterprise Architecture (EA) policy. Architects assessing solutions shall use the NIF and relevant policies to guide solution designers accordingly. The Policy Roadmap outlines the areas of GMICT Policy that shall be focused upon in the period This document is updated every six months and is available upon written request to ictpolicies@gov.mt. p10