Upload
kory-roberts
View
219
Download
0
Tags:
Embed Size (px)
Citation preview
2
What is E-government ?
E-government is a continuous optimization of service delivery and governance by transforming internal and external relationships through technology, internet and new media
external relationships- government <-> citizen
- government <-> business internal relationships
- government <-> government
- government <-> employees all relationships
- are bidirectional
- can be within a country or border-crossing
3
Government
not monolithic- EU- in every country
• federal level• regions• communities• provinces• municipalities• parapublic institutions• private instutions participating in delivery of public services• …
integrated E-government is based upon common strategy, multilateral agreements and interoperability
E-government contains the opportunity to realize one virtual electronic government with full respect for every specific competence
4
Advantages
efficiency gains- in terms of costs: same services at lower total costs, e.g.
• unique information collection using co-ordinated notions and administrative instructions
• less re-encoding of information by electronic information exchange
• less contacts
• functional task sharing concerning information management, information validation and application development (distributed information systems)
- in terms of quantity: more services at same total cost, e.g.• all services are available at any time, from anywhere and from any device
• integrated service delivery
- in terms of speed: same services at same total cost in less time• reduction of waiting and travel time
• direct interaction with competent governmental institution
• real time feedback for the user
5
Advantages
effectiveness gains- in terms of quality: same services at same total cost in same
time, but to a higher quality standard, e.g.• more corrected service delivery• personalized and participative service delivery• more transparant and comprehensive service delivery• more secure service delivery• possibility of quality control on service delivery process by customer
- in terms of type of services: new types of services, e.g.• push system: automatic granting of or information about services• active search of non-take-up using datawarehousing techniques• controlled management of own personal information• personalized simulation environments
6
E-government: a structural reform process
ICT is only a means by which a result may be obtained
E-government requires- considering information as a strategic resource for all
government activity- change of basic mindset: from government centric to
customer centric- re-engineering of processes within each government
institution, each government level and across government levels
- clear definition of mission and core tasks of every governmental institution
7
E-government: a structural reform process
E-government requires- co-operation between governmental institutions: one virtual
electronic government, with respect for mission and core tasks of each governmental institution and government level
- co-operation between government and private sector- interoperability framework: ICT, unique identification keys,
harmonized concepts- common security framework- adequate legal environment elaborated at the correct level- implementation with a decentralized approach, but with co-
ordinated planning and program management (think global, act local)
- adequate measures to prevent a digital divide
8
Information as resource: implications
information modelling- information is being modelled in such a way that the model
fits in as close as possible with the real world• definition of information elements• definition of attributes of information elements• definition of relations between information elements
- information modelling takes into account as much as possible the expectable use cases of the information
- the information model can be flexibly extended or adapted when the real world or the use cases of the information change
9
Information as resource: implications
unique collection and re-use of information- information is only collected for well-defined purposes and in
a proportional way to these purposes- all information is collected once, as close to the authentic
source as possible- information is collected via a supplier-chosen channel, but
preferably in an electronic way, using uniform basic services (single sign on, arrival receipt of a file, notification for each message, …)
- information is collected according to the information model and on the base of uniform administrative instructions
10
Information as resource: implications
unique collection and re-use of information- with the possibility of quality control by the supplier before the
transmission of the information- the collected information is validated once according to an
established task sharing, by the most entitled institution or by the institution which has the greatest interest in a correct validation
- and then shared and re-used by authorized users
11
Information as resource: implications
management of information- information in all forms (e.g. voice, print, electronic or image)
is managed efficiently through its life cycle- a functional task sharing is established indicating which
institution stores which information in an authentic way, manages the information and keeps it at the disposal of the authorized users
- information is stored according to the information model- information can be flexibly assembled according to ever
changing legal notions- all information is subject to the application of agreed
measures to ensure integrity and consistency
12
Information as resource: implications
management of information- every institution has to report probable improprieties of
information to the institution that is designated to validate the information
- every institution that has to validate information according to the agreed task sharing, has to examine the reported probable improprieties, to correct them when necessary and to communicate the correct information to every known interested institution
- information will be retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance
13
electronic exchange of information- once collected and validated, information is stored, managed
and exchanged electronically to avoid transcribing and re-entering it manually
- electronic information exchange can be initiated by• the institution that disposes of information• the institution that needs information• the institution that manages the interoperability framework
- electronic information exchanges take place on the base of a functional and technical interoperabilty framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange
Information as resource: implications
14
Information as resource: implications
electronic exchange of information- available information is used for the automatic granting of
benefits, for prefilling when collecting information and for information delivery to the concerned persons
15
Information as resource: implications
protection of information- security, integrity and confidentiality of government
information will be ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies
- personal information is only used for purposes compatible with the purposes of the collection of the information
- personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirement
- the access authorisation to personal information is granted by an independent institution, after having checked whether the access conditions are met
- the access authorizations are public
16
Information as resource: implications
protection of information- every concrete electronic exchange of personal information
is preventively checked on compliance with the existing access authorisations by an independent institution managing the interoperability framework
- every concrete electronic exchange of personal information is logged, to be able to trace possible abuse afterwards
- every time information is used to take a decision, the used information is communicated to the concerned person together with the decision
- every person has right to access and correct his own personal data
17
Customer centric
unique declaration of every event during the life cycle/business episode of a customer and automatic granting of all related services, e.g.
18
Customer centric
delivery of services that cannot be granted automatically to a customer- in an integrated way
• information• interaction• transaction
- re-using all available information• harmonized concepts• back-office integration• prefilled information
19
Customer centric
delivery of services that cannot be granted automatically to a customer (ctd)- in a personalized way
• look & feel and interface• content
– only relevant information and transactions• personalized support
– contextual help– own language– adapted vocabulary– on-line simulations
- or at least based on the way of thinking of the customer group• life events (birth, marriage, etc.) or business episodes (starting a company,
recruiting personnel, etc.)• life styles (sport, culture, etc.)• life status (unemployed, retired, etc.) or business sectors• specific target groups
20
Customer centric
declaration of events and service delivery via an access method chosen by the customer- application to application- various end-user devices
• PC, Mobile, PDA, digital TV, kiosks, …
- file management
use of integrated customer relation management tools service delivery in principle free of charge
21
Cooperation at government levels
in Belgium, a co-operation agreement has been signed between federal government, regions and communities- coordinated offer of e-services to citizens/companies- guarantee that a citizen/company can use the same tools
• terminal• software• electronic signature
- guarantee of a unique data collection from the citizen/company
- with respect for the partition of competences between government levels
22
Co-operation agreement between government levels
co-ordinated, customer oriented service delivery agreements have to be made on common standards mutual tuning of portals, middleware, websites and
back offices use of common identification keys and electronic
signature mutual tuning of business processes when necessary gradual mutual task-sharing on data storage in
authentic form common policy on SLA’s and security
23
Co-operation government and private sector
private companies as service providers (sharing of investments), e.g.- network and security management- co-sourcing in BPR and development/maintenance/housing
of ICT building blocks, e.g.• certification authorities• portals
private companies as partners- integrated work flow with their own information systems, e.g.
• e-procurement• tax declaration• social security declarations
24
Interoperability framework
goal: to guarantee the ability of government organizations and customers to share information and integrate information and business processes by use of- interoperable ICT- common identification keys/sets for every entity- harmonized concepts and data modelling
25
Common identification keys
at least common identification keys and identification sets for every entity- person- company- patch of ground
between nations- unique schemes- conversion tables
regulation of interconnection of information based on unique identification keys
26
Common identification keys
characterictics- unicity
• one entity – one identification key• same identification key is not assigned to several entities
- exhaustivity• every entity to be identified has an identification key
- stability through time• identification key doesn’t contain variable characterics of the identified
entity• identification key doesn’t contain references to the identification key or
characteristics of other entities• identification key doesn’t change when a quality or characteristic of the
identified entity changes
27
Harmonized concepts and data model
standard elements- with well defined characteristics
- used within all services OO-oriented, e.g. inheritance in a multilingual environment version management in an ever changing environment define once, use many (different presentations) workflow for validation of standard elements and characteristics multi criteria search
- by element
- by scheme
- by version
- …
28
Common security framework
issues- confidentiality- integrity- availability- authentication- autorisation- non-repudiation- audit
29
Common security framework
specific points of interest- risk awareness based on risk analysis- security policies - structural and organisational aspects- encryption standards- interoperability of
• PKI• electronic certificates
– procedures (registration authority, certification authority)– difference between identification certificates and attribute
certificates– attributes, optional fields
• revocation lists• directories
- application security
30
Changes of the legal environment
organization of integrated data management and electronic service delivery: legal base for Royal Decree exists- functional task sharing on information management- obligation to respect unique data collection from the
customer- obligation to exchange information in an electronic way- permission or obligation to use unique identification keys
harmonization of basic concepts
31
Changes of legal environment
ICT-law- data protection- public access to information- electronic signature- probative value
no overregulation- only basic principles- technology-neutral, but not technology unaware
32
Some interesting Belgian projects
social security sector network of service integrators integration of portal sites electronic identity card
33
Reference directory
serves as a base for organization of information flows structure
- directory of persons: what persons in what capacities have personal files in what social security institutions for what periods
- data availability table: what data are available in what social security institutions for what types of files
- access authorization table: what data may be transmitted to what institutions for what types of files
functions- routing of information- preventive access control- automatic communication of changes to information
34
Measurement at Institution level
central data storage ? independent Control Committee preventive control on legitimacy of data exchange by
Crossroads Bank according to authorizations of the independent Control Committee
information security department in each social security institution
specialized information security service providers working party on information security
35
Information security department
in each social security institution composition
- information security officer- one or more assistants
control on independence and permanent education of the information security officers is performed by the Control Committee
the Control Committee can allow to commit the task of the information security department to a recognized specialized information security service provider
36
IS security department: tasks-Management
information security department - recommends
- promotes
- documents
- controls
- reports directly to the general management
- formulates the blueprint of the security plan
- elaborates the annual security report
general management- takes the decision
- is finally responsible
- gives motivated feedback
- approves the security plan
- supplies the resources
37
Contents of the security report
general overview of the security situation overview of the activities
- recommendations and their effects- control- campaigns in order to promote information security
overview of the external recommendations and their effects
overview of the received trainings
38
Specialized information security service providers
to be recognized by the Government recognition conditions
- non-profit association- having information security in social security as the one and
only activity- respecting the tariff principles determined by the Government
control on independence is performed by the Control Committee
39
Specialized information security service providers
tasks- keeping information security specialists at the disposal of the
associated institutions- recommending- organizing information security trainings- supporting campaigns promoting information security- external auditing on request of the institution or the Control
Committee
each institution can only associate with one specialised information security service provider
40
Working party on information security
composition- information security officers of all institutions
task- coordination- communication- proposal of minimal security conditions- check list- recommendations to the Control Committee
41
Organizational & technical measures
security policies classification of information security requirements towards the personnel physical protection management of communication and service processes processing of personal data logical access control development and maintenance of systems continuity management internal and external control communication to the public of the policy concerning security
and the protection of privacy
42
Information servers
information servers- directory of persons of the Crossroads Bank- National Register- Crossroads Bank Registers- work force register- wages and working time database (LATG) of the ONSS- employers directory (WGR) of the ONSS- database of contribution certificates- SIS-card and professional card registers
services offered- interactive consultation- batch consultation- automatic communication of updates
44
Preprocessed messages
preprocessed messages- beginning/end of labour contract, beginning/end of self-employed activity- contribution certificates medical care (employees, self-employed, beneficiaries
of social security allowances)- unemployment benefits – career break- allowances for incapacity for work (health care, accidents at work, occupational
disease)- young unemployed- allowances to the handicapped- guaranteed income – social support- people suffering from long-term illness- social exemption- fiscal exemption- derived rights (e.g. tax reduction/exemption, free public transport, ...)- special contribution for social security- solidarity contribution on old age pensions- migrant workers- …
47
Derived rights in tax affairs
a number of people are entitled to an increased refund of the costs for medical care
moreover, a number of municipalities and provinces grant these persons reductions or even exemptions of the taxes
50
Some figures
339.137.455 exchanged messages in 2003 15,1 million different persons known in directory of
persons on an average, every person is known in 6,6 sectors response time on-line messages
question CBSS question
answer answer96,1 % in < 1 sec99,8 % in < 2 sec
99,2 % in < 4 sec
51
Social security card
functions- reliable, electronically readable identification card in the
hands of each social insured person, that contains the unique social security identification number
- electronic support owned by every social insured person, containing information on his social security status needed by bodies not connected to the social security network
• first application: proof of health care insurability status to health care professionals applying the third payer rule
protected memory chip card having a capacity of 8 kbits, respecting ISO 7816.1-7816.5
delivered to every insured person (10.000.000 cards)
52
1234567890
Social security card
nameChristian namedate of birthsexsocial security numberperiod of validity of the cardcard number
sickness fundsickness fund registration numberinsurance periodinsurance statussocial exemption status
other data to be added in the future, if useful
key 1
key 2
53
Social security card - example 1
Social identity card
Decryption card
CBSS
in chemistries
and hospitals
Sickness fund 3
Sickness fund 1
Sickness fund 2CIN
55
Integrated service delivery
common basic services (e.g. single sign on, notification
information several categories of transactions
- transactions at the beginning or the end of employment (DIMONA)
- quarterly declaration of wages and working time- transactions when a social risk occurs- transactions in order to manage information about yourself- transactions in order to control the quality of the service
delivery process- ...
56
Integrated service delivery (ctd)
harmonized concepts harmonized data model and XML-schemes self-service and personalization customer relation management contact center
57
Work forceregister
Data-base
Specialwork force
register
Indivudualdocument
Studentscontract
Inspection
Employmentcontract
SimplificationSimplification
OnOn linelineconsultaticonsultationon
ONSS
Work forceregister
Transactions at beginning/end of employment
58
Immediate declaration of jobs
can only be done electronically via- social security portal
- FTP/MQSeries
- interbanking network
- vocal server 24/7 offers the employer a key to on-line consultation and correction
- of the database on employment by using a electronic certificate, of the database concerning
wages and working time and other derived databases- concerning his employees and the period of employment
59
Quarterly declaration wages & working time
can only be done electronically via- social security portal- FTP/MQSeries- interbanking network
24/7 can, by using an electronic certificate
- be consulted and corrected on-line by the employer- concerning his employees and the period of employment
60
Electronical declaration of social risks
past situation: multiple collection of information by using various, complex, not co-ordinated paper forms
61
Electronical declaration of social risks
actual situation- limitation of the collected information to the information not
yet available at other public services (abolition or at least significant simplification of forms)
- unique collection of information from the employer- in a standardized way across all social security institutions- can be done on paper or electronically (24/7) via
• social security portal• FTP/MQSeries• interbanking network
- uniform instructions
62
Operational transactions declaration of the beginning of a part-time job with retention of rights to
unemployment benefits (unemployment sector)- private sector- education, municipalities or provinces
monthly declaration of part-time work for the calculation of guaranteed income payments (unemployment sector)
- private sector- education, municipalities or provinces
monthly submission of work as an employee employed in a protected workplace (unemployment sector)
monthly submission of work in the framework of an activation programme (unemployment sector)
declaration for the establishment of young people’s vacation rights (unemployment sector)
monthly declaration of young people’s vacation hours (unemployment sector)
annual submission of temporary unemployment monthly submission of hours of temporary unemployment authorized request for the temporary removal of a pregnant employee
(sector of professional diseases)
63
Towards a network of service integrators
type of exchanged information- structured data- documents- images- multimedia- metadata- business processes
using web services
64
Towards a network of service integrators
useful functions of service integrators (FEDICT, CBSS, …)- secure messaging
- business logic and work flow support
- directory of authorized users and applications• list of users and applications
• definition of authentication means and rules
• definition of authorization profiles
– which service is accessible to which type of user/application for which persons/companies in which capacities in which situation and for which periods
- directory of data subjects• which persons/companies in which capacities have personal files in which
institutions for which periods
- subscription table• which users/applications want to receive automatically which services in which
situations for which persons in which capacities
65
Towards a network of service integrators
key issues- evolution of standards- collaboration with vendors- not limited to public agencies- national, European & international standards- every partner is free to implement internally in his own way:
black box philosophy
66
Portal sites
public institutions need to concentrate on core activities, such as- information
• modular• up to date• information blocks concerning public services• with standardized metadata• based on standardized thesauri• in generally accessible content management systems• with separation between content and metadata (reuse, don’t rewrite)• that can be submitted to automatical re-indexation
- transactions• applications that can be easily integrated in private or public portal sites
67
Portal sites
public portals should have added value- integration of services
• information• work flow based on life events of the customers• integration with work flow of customers
- coordinated basic services for own customers• single sign on• ticketing• logging• notification service• …
68
Portal sites
other key issues- multidimensionality: accessibility of same services through
different « views »- multi channel enabling- citizen/company relation management
• integrated service delivery, across all used channels• personalization of service delivery
– first step: personalized home page for every company on social security portal
• evolution to push system• quality control• feedback mechanisms for permanent improvement of service delivery
- contact center
69
Electronic identity card
retained functions- visual and electronic identification of the holder- electronic authentication of the holder via the technique of
the digital signature- generation of electronic signature via the technique of the
digital signature (non repudiation)- proof of characteristics of the holder via the technique of the
digital signature on the initiative of the holder- only identification data storage- no electronic purse- no biometry
70
Electronic identity card: content
visual- identification data: name, first names, sex, date and place of birth- National Register number- photograph- card number- validity period
electronic- serial number (sn)- National Register number (nrn)- card number (cn)- visual identification data + sn + nrn + cn (signed by National
Register = sig1)- address + sig1 (signed by National Register = sig2)- photograph + sig1 (signed by National Register = sig3)
71
Organization model
government chooses card producer and certification authority issuing the identity certificates as a result of a public call for tenders
the municipality calls the holder for the issuing of the electronic identity card
the municipality acts as registration authority for 2 certificates: authentication and electronic signature
2 key pairs are generated within the card at production time and the private keys are stored within the chip of the card
72
Organization model
the 2 certificates are created by the certification authority, but published only when the holder agrees
the use of the private keys within the chip needs an activation of the card by a municipal official using his PUK2 and the PUK1 sent to the holder
first authentication within one session (first private key) and every generation of an electronic signature (second private key) requires the PIN code of the holder
the second private keys and the identity certificate on the electronic identity card can be used to generate an electronic signature within the scope of E-government applications which require such a signature
73
Organization model
the electronic identity card contains the necessary space to store other private keys associated to attribute certificates that holder can obtain at the certification authority of his choice
74
Critical success factors
E-government as a structural reform process- process re-engineering within and across public institutions
- back-office integration for automatic granting of services
- integrated and personalized front-office service delivery support of and access to policymakers at the highest level co-operation between all actors concerned based on repartition
of tasks rather than centralization of tasks quick wins combined with long term vision focus on more efficient and effective service delivery rather than
on the fight against fraud respect for legal repartition of competences between actors legal framework creation of an institution that stimulates and co-ordinates
75
Most important barriers
privacy and security average public sector project is more complex than
average private sector project, due to- interaction with a larger number of stakeholders (elected
officials, public employees, members of interest groups, voters, tax payers, recipients of public services, other governmental institutions, other government levels, …)
- execution in a less stable environment
complexity of BPR in a government environment race for quick wins (cf surveymania) doesn’t stimulate
development of well conceived systems based on re-engineering
76
Most important barriers
public sector tends, perhaps for reason of prestige, to favour tailor-made, high-risk, state-of-the-art solutions even when alternative, off-the-shelf, cheap, tried and tested systems are available
in the public sector, there is typically no financial margin of value to be added by innovation
intermediaries often perceive e-government as a threat
skills and knowledge
77
Most important barriers
need for radical cultural change within government, e.g.- from hierarchy to participation and team work- meeting the needs of the customer, not the government- empowering rather than serving- rewarding entrepreneurship within government- ex post evaluation on output, not ex ante control of every
input