800 likes | 980 Views
E-government: the Belgian vision and experience. Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be
E N D
E-government:the Belgian vision and experience Frank Robben General managerCrossroads Bank for Social Security Strategic advisor Federal Public Service for ICT Sint-Pieterssteenweg 375 B-1040 Brussels E-mail: Frank.Robben@ksz.fgov.be Website: http://www.law.kuleuven.ac.be/icri/frobben Crossroads Bank for Social Security Federal Public Service for ICT (FEDICT)
What is E-government ? • E-government is a continuous optimization of service delivery and governance by transforming internal and external relationships through technology, internet and new media • external relationships • government <-> citizen • government <-> business • internal relationships • government <-> government • government <-> employees • all relationships • are bidirectional • can be within a country or border-crossing
E-government: a structural reform process • ICT is only a means by which a result may be obtained • E-government requires • change of basic mindset: from government centric to customer centric • re-engineering of processes and end-to-end integration of these processes • considering information as a strategic resource for all government activity
E-government: a structural reform process (ctd) • E-government requires (ctd) • co-operation between • governmental institutions: one virtual electronic government, with respect for mission and core tasks of each governmental institution and government level • co-operation between government and private sector • adequate legal environment elaborated at the correct level • interoperability framework: ICT, security, unique identification keys, harmonized concepts • implementation with a decentralized approach, but with co-ordinated planning and program management (think global, act local) • adequate measures to prevent a digital divide
Customer centric • unique declaration of every event during the life cycle/business episode of a customer and automatic granting of all related services • delivery of services that cannot be granted automatically to a customer • in an integrated way (information, interaction, transaction) • re-using all available information • in a personalized way (look & feel and interface, content, personalized support) • or at least based on the way of thinking of the customer group (life events, business episodes, life styles, target groups)
Customer centric (ctd) • declaration of events and service delivery via an access method chosen by the customer • application to application • file transfer • various end-user devices • PC, GSM, PDA, digital TV, kiosks, … • use of intermediaries • accessible to disabled • use of integrated customer relation management tools • contact center
Re-engineering and integration of processes • need for re-engineering of processes • within each government institution • within each government level • across government levels and between government • between government and his customers • need for end-to-end integration of processes: concept of value chains for the customers • lack of integration leads to • overloading of the citizens/companies • multiple collection of the same information by several governmental institutions • no re-use of available information • avoidable contacts with citizens/companies due to multiple, unco-ordinated quality checks • waste of efficiency and time • suboptimal support of the policy made by government • higher possibilities of fraud
Information as a strategic resource • respect of basic principles concerning • information modelling • unique collection and re-use of information • management of information • electronic exchange of information • protection of information
Information as strategic resource • information modelling • information is being modelled in such a way that the model fits in as close as possible with the real world • definition of information elements • definition of attributes of information elements • definition of relations between information elements • information modelling takes into account as much as possible the expectable use cases of the information • the information model can be flexibly extended or adapted when the real world or the use cases of the information change
Information as strategic resource (ctd) • unique collection and re-use of information • information is only collected for well-defined purposes and in a proportional way to these purposes • all information is collected once, as close to the authentic source as possible • information is collected via a supplier-chosen channel, but preferably in an electronic way, using uniform basic services (single sign on, arrival receipt of a file, notification for each message, …) • information is collected according to the information model and on the base of uniform administrative instructions
Information as strategic resource (ctd) • unique collection and re-use of information (ctd) • with the possibility of quality control by the supplier before the transmission of the information • the collected information is validated once according to an established task sharing, by the most entitled institution or by the institution which has the greatest interest in a correct validation • and then shared and re-used by authorized users
Information as strategic resource (ctd) • management of information • information in all forms (e.g. voice, print, electronic or image) is managed efficiently through its life cycle • a functional task sharing is established indicating which institution stores which information in an authentic way, manages the information and keeps it at the disposal of the authorized users • information is stored according to the information model • information can be flexibly assembled according to ever changing legal notions • all information is subject to the application of agreed measures to ensure integrity and consistency
Information as strategic resource (ctd) • management of information (ctd) • every institution has to report probable improprieties of information to the institution that is designated to validate the information • every institution that has to validate information according to the agreed task sharing, has to examine the reported probable improprieties, to correct them when necessary and to communicate the correct information to every known interested institution • information will be retained and managed as long as there exists a business need, a legislative or policy requirement, or, preferably anonimized or encoded, when it has historical or archival importance
Information as strategic resource (ctd) • electronic exchange of information • once collected and validated, information is stored, managed and exchanged electronically to avoid transcribing and re-entering it manually • electronic information exchange can be initiated by • the institution that disposes of information • the institution that needs information • the institution that manages the interoperability framework • electronic information exchanges take place on the base of a functional and technical interoperabilty framework that evolves permanently but gradually according to open market standards, and is independent from the methods of information exchange
Information as strategic resource (ctd) • electronic exchange of information (ctd) • available information is used for the automatic granting of benefits, for prefilling when collecting information and for information delivery to the concerned persons
Information as strategic resource (ctd) • protection of information • security, integrity and confidentiality of government information will be ensured by integrating ICT measures with structural, organizational, physical, personnel screening and other security measures according to agreed policies • personal information is only used for purposes compatible with the purposes of the collection of the information • personal information is only accessible to authorized institutions and users according to business needs, legislative or policy requirement • the access authorisation to personal information is granted by an independent institution, after having checked whether the access conditions are met • the access authorizations are public
Information as strategic resource (ctd) • protection of information (ctd) • every concrete electronic exchange of personal information is preventively checked on compliance with the existing access authorisations by an independent institution managing the interoperability framework • every concrete electronic exchange of personal information is logged, to be able to trace possible abuse afterwards • every time information is used to take a decision, the used information is communicated to the concerned person together with the decision • every person has right to access and correct his own personal data
Changes of the legal environment • organization of integrated information management and electronic service delivery • functional task sharing on information management • obligation to respect unique data collection from the customer • obligation to exchange information in an electronic way • permission or obligation to use unique identification keys • harmonization of basic concepts • ICT-law: only basic principles, technology-neutral, but not technology unaware • data protection • public access to information • electronic signature • probative value
Interoperability framework • goal: to guarantee the ability of government organizations and customers to share information and integrate information and business processes by use of • interoperable ICT: technical and functional • common security framework • common identification keys/sets for every entity • harmonized concepts and data modelling
Preventing digital divide • no creation of information haves and information have-nots • possible measures • promoting automatic granting of services • electronic services are (for the time being) considered as extra services, tradional services remain • access to electronic services in public places • role of intermediaries and front office organisations • education and life-long learning • promoting usability of portals and websites
Implementation in Belgian federal government • thorough reform of the federal government • E-government • co-operation agreement between government levels • network of service integrators • towards integrated portal environments • unique identification keys for citizens and companies • electronic identity card • security framework
New Organisational Structure New Vision on HRM New Management Culture New Ways of Working 4 pillars of the reform project Better employer & Better service
4 pillars of the reform project • new organisational structure • new federal organization chart: 10 vertical and 4 horizontal Federal Public Services (FPS) (a.o. ICT) • new structure within each FPS • new way of collaboration between the administration and the political level • new management culture • mandate system for managers • more autonomy in managing own means • evaluation based on the degree of realisation of the objectives • focus shifts to control during and after instead of before • new evaluation system: management is responsible for the development of its employees and for open communication
4 pillars of the reform project • new vision on HRM • new organization • horizontal FPS P&O with local units in each FPS • collaboration in a virtual matrix • new HR policy • recruitment and selection • new career • learning organization • new way of working • business process re-engineering projects in every FPS • creation of change agents • creation of external communication tools
Co-operation agreement • co-ordinated, customer oriented service delivery • guarantee that a citizen/company can use the same tools • terminal • software • electronic signature • guarantee of a unique data collection from the citizen/company • with respect for the partition of competences between government levels • agreements on common standards • mutual tuning of portals, middleware, websites and back offices • use of common identification keys and electronic signature • mutual tuning of business processes when necessary • gradual mutual task-sharing on data storage in authentic form • common policy on SLA’s and security
Network of service integrators Service integrator R/CPS R/CPS Services repository Extranet region or community Service integrator (FEDICT) Services repository FPS FPS FedMAN Internet Municipality SSI FPS Publilink SSI Extranet social security Services repository Service integrator (BCSS) Province Municipality SSI Services repository
Network of service integrators (ctd) • functions of service integrators (FEDICT, CBSS, …) • secure messaging • business logic and work flow support • directory of authorized users and applications • list of users and applications • definition of authentication means and rules • definition of authorization profiles • which service is accessible to which type of user/application for which persons/companies in which capacities in which situation and for which periods • directory of data subjects • which persons/companies in which capacities have personal files in which institutions for which periods • subscription table • which users/applications want to receive automatically which services in which situations for which persons in which capacities
Portal sites: actual situation intermediaries employees suppliers • customers • citizens • companies partners • PORTAL B • single sign on • personalization • user groups • multi-channel • aggregation • PORTAL A • single sign on • personalization • user groups • multi-channel • aggregation content management business intelligence business intelligence content management directory • back-end • systems, e.g. • ERP • groupware • DB’s • applications directory • back-end • systems, e.g. • ERP • groupware • DB’s • applications
Portal sites (ctd) • need to strike the right balance between roles in delivering e-government services: not a single, but many one-stop shops (public and private) Content and Services Public Private Private Channel PPP Public Source: Andrea Di Maio - Gartner
Portal sites (ctd) • public institutions need to concentrate on core activities, such as • information • modular • up to date • information blocks concerning public services • with standardized metadata • based on standardized thesauri • in generally accessible content management systems • with separation between content and metadata (reuse, don’t rewrite) • that can be submitted to automatical re-indexation • transactions • applications that can be easily integrated in private or public portal sites
Portal sites (ctd) • public portals should have added value • integration of services • information • work flow based on life events of the customers • integration with work flow of customers • coordinated basic services for customers • single sign on • ticketing • logging • notification service • … • multi channel enabling • citizen/company relation management • contact center
Portal sites: to be situation intermediaries employees suppliers • customers • citizens • companies partners • PORTAL A • single sign on • personalization • user groups • multi-channel • aggregation • PORTAL B • single sign on • personalization • user groups • multi-channel • aggregation directory directory • back-end • systems, e.g. • ERP • groupware • DB’s • applications • back-end • systems, e.g. • ERP • groupware • DB’s • applications business intelligence content management content management business intelligence
Unique identification keys • citizens • generalization of the use of the social security number (national register number or CBSS-number) • (electronically) readable from the electronic identity card • controlled access to basic identification data in National Register and CBSS • companies • unique company number (based on VAT-number) • unique number for every plant of business • generalized access to basic identification data in Company Register • regulation on data interconnection
Unique identification keys (ctd) • characterictics • unicity • one entity – one identification key • same identification key is not assigned to several entities • exhaustivity • every entity to be identified has an identification key • stability through time • identification key doesn’t contain variable characterics of the identified entity • identification key doesn’t contain references to the identification key or characteristics of other entities • identification key doesn’t change when a quality or characteristic of the identified entity changes
Electronic identity card • retained functions • visual and electronic identification of the holder • electronic authentication of the holder via the technique of the digital signature • generation of electronic signature via the technique of the digital signature (non repudiation) • proof of characteristics of the holder via the technique of the digital signature on the initiative of the holder • only identification data storage • no electronic purse • no biometry
Organization model • government chooses card producer and certification authority issuing the identity certificates as a result of a public call for tenders • the municipality calls the holder for the issuing of the electronic identity card • the municipality acts as registration authority for 2 certificates: authentication and electronic signature • 2 key pairs are generated within the card at production time and the private keys are stored within the chip of the card
Organization model (ctd) • the 2 certificates are created by the certification authority, but published only when the holder agrees • the use of the private keys within the chip needs an activation of the card by a municipal official using his PUK2 and the PUK1 sent to the holder • first authentication within one session (first private key) and every generation of an electronic signature (second private key) requires the PIN code of the holder • the second private keys and the identity certificate on the electronic identity card can be used to generate an electronic signature within the scope of E-government applications which require such a signature
Organization model (ctd) • the electronic identity card contains the necessary space to store other private keys associated to attribute certificates that holder can obtain at the certification authority of his choice
1 1 ERA 1 2 VRK VRK 10 CM/CP/CI 3 CA CA Meikäläinen Bull Bull Matti PIN & PUK1 - code 8 6 4 9 5 7 Organization model (ctd)
Security framework • issues • confidentiality • integrity • availability • authentication • autorisation • non-repudiation • audit • measures • institutional measures • organizational and technical measures based on (extended) ISO 17799 • legal measures
Security framework: institutional measures • no central data storage • independent Control Committee, assigned by Parliament • supervision of information security • authorizing the data exchange • complaint handling • information security recommendations • extensive investigating powers • annual activity report • preventive control on legitimacy of data exchange by service integrator according to authorizations of the independent Control Committee • information security department in each government institution • specialized information security service providers • working party on information security
Security framework: extended ISO 17799 • security policy • security organization • asset classification and control • personnel security • physical and environmental security • computer and operations management • access control • system development and maintenance • specific measures with regard to the processing of personal data • business continuity planning • compliance • communication towards the public opinion concerning the security policy and the measures with regard to security and privacy protection
Security framework: legal measures • obligations of the controller • principles relating to data quality • criteria for making data processing legitimate • specific rules for processing of sensitive data • information to be given to the data subject • confidentiality and security of processing • notification of the processing of personal data • rights of the data subject • right of information • right of access • right of rectification, erasure or blocking • right of a judicial remedy • penalties
A case study: Belgian social security sector • principles have been implemented under co-ordination of the Crossroads Bank for Social Security, in co-operation with 2.000 public and private social security institutions • functional and technical interoperability framework is functioning • between these institutions • between these institutions and all employers • every socially insured person has a unique identification key throughout the whole social security sector and an electronically readable social identity card containing this identification key
fondsen bestaanszek. Interoperability within social security rsz fod sz rszppo rsvz FEDICT & Rijksregister hvz fod w,a & so rkw Crossroads Bank for Social Security rva adp interUI netwerk riziv fao intermutual. netwerk fbz cimire rvp rjv dosz
Reference directory • serves as a base for organization of information flows • structure • directory of persons: what persons in what capacities have personal files in what social security institutions for what periods • data availability table: what data are available in what social security institutions for what types of files • access authorization table: what data may be transmitted to what institutions for what types of files • functions • routing of information • preventive access control • automatic communication of changes to information
Information servers • information servers • directory of persons of the Crossroads Bank • National Register • Crossroads Bank Registers • work force register • wages and working time database (LATG) of the ONSS • employers directory (WGR) of the ONSS • database of contribution certificates • SIS-card and professional card registers • services offered • interactive consultation • batch consultation • automatic communication of updates
National Register - CBSS Registers - past situation National Register Municipalities
National Register - CBSS Registers –present situation National Register Municipalities
Preprocessed messages • preprocessed messages • beginning/end of labour contract, beginning/end of self-employed activity • contribution certificates medical care (employees, self-employed, beneficiaries of social security allowances) • unemployment benefits – career break • allowances for incapacity for work (health care, accidents at work, occupational disease) • young unemployed • allowances to the handicapped • guaranteed income – social support • people suffering from long-term illness • social exemption • fiscal exemption • derived rights (e.g. tax reduction/exemption, free public transport, ...) • special contribution for social security • solidarity contribution on old age pensions • migrant workers • …