1.44k likes | 2.91k Views
Standards in E-Governance. Suchitra Pyarelal Technical Director E-Governance Standards NIC. Agenda. Existing Scenario of E-Governance Applications E-Governance Standards: Background Objectives Approach , Steps and Methodology E-Governance Standards : Open Standards Patents in Standards
E N D
Standards in E-Governance Suchitra Pyarelal Technical Director E-Governance Standards NIC
Agenda Existing Scenario of E-Governance Applications E-Governance Standards: Background Objectives Approach , Steps and Methodology E-Governance Standards : Open Standards Patents in Standards National Considerations Challenges Government Policies Summary Principles E-Governance Standards Areas Identified for Standardisation Areas :Working Groups Working Groups – Status and Roadmap
Existing Scenario of E-Governance Applications Developed independently as stand-alone systems Too much data and not enough information No common data architecture Isolated domains of information Too expensive to bridge
E-Governance Standards : Objectives Increased Adaptibility & Flexibility Interoperability Data Preservation Reduction of vendor lock-in Emphasis on Integration in a non-proprietary form “Platform-Independent” modelling approach
NEGP –Mission Mode Projects (MMPs) Passports/Visa & Immigration Central State Income Tax Industry Initiative * Banking * Insurance Emplmt. Exchange Agriculture Integrated E Procurement e-BIZ Land Records Central Excise Police E-Office EDI Pensions Transport Registration E Courts India Portal EG Gateway Common Service Centers Treasuries Municipalities Commercial Taxes Gram Panchayats NationalID MCA21
E-Governance Standards : Vision • Faster, improved and efficient services • Shared resources and services • Productivity increase • Standards-based approach in all e-Governance application developments by multiple agencies.
E-Governance Standards :Background • Core Group on Standards constituted in 2004 • Chair –Director General,NIC • Initial set of key areas identified for Standardisation • Processes for adoption of Standards in appropriate steps/stages • Institutional Mechanism • NIC entrusted with the responsibility in Sept 2005 • E-Governance Standards Division set up in Nov 2005
Approach and Steps taken Institutional Mechanism & Processes Brainstorming Sessions State Level Workshops National Summits Formation of Task Force Key Areas Identified for Standardisation Formation of Working Groups
Approach and Steps taken Constitution of Working Groups WG 2 WG 3 WG N WG 1 Institutional Mechanism & Processes NIC (e-Governance Standards Division) Working Groups with members (part time/full time) from DIT, Associations, Industry, Academia, representatives from Central & State Government etc constituted with the approval of DIT White papers Apex Body under the Chairmanship of Secretary, DIT with senior representatives from Government, NASSCOM, BIS etc with a mandate to Approve, Notify & Enforce Standards formulated by various Working Group. Standards APEX BODY Internet Approved Standards STQC (e-Governance Standards Division) Publish, Conformance & Certification
Approach and Steps taken-IM&PE-Governance Standards Division of NIC Key Functions To Steer and manage the Standardization activities under NEGP; To Provide Secretariat to the Working Groups , Apex Body; Coordinate with the Working Groups , Apex Body and other bodies; Implementation of the Portal – A powerful Collaborative medium;
Approach and Steps takenIM&PApex Body Secretary, DIT, Chairman Secretary, Department of Law Representative from Planning Commission Representative from Dept. of Expenditure Additional Secretary DAR&PG DG NIC DG, STQC DG, CDAC DG, BIS Secretary (IT), Government of Uttaranchal Secretary (e-Governance), Govt. of Karnataka Nandan Nilekani, Member, National Knowledge Commission President NASSCOM Executive Director, MAIT JS(eGOV), DIT JS&FA, DIT Director (eGovernance) DIT Member Convener
Brain Storming Sessions & State Level Workshops Brainstorming Sessions Chennai Mumbai Guwahati Ahmedabad Bangalore Chandigarh State Level Workshops Kerala West Bengal Orissa Andhra Pradesh Approach and Steps taken
National Summits E-Forms Identity Management Digital Preservation & Information Life Cycle Management Enterprise Architecture E-Mail Services & Architecture Enterprise Portal Design Application Development Strategy Auto-Identification Technologies Meta data and Data Standards Web Services & Localisation Information Security Client Level Security Online Auditing E-Office Approach and Steps taken
National Summits : Task Force Task Force : To prepare the Policy and Guidelines based on the recommendations of the National Summit. Task Force on e-Forms constituted Chairman: Dr.S.C.Gupta,STD,NIC Draft Policy and Guidelines under finalisation Structure of the Policy Document finalised Task Force on Identity and Access Management Constituted Chairman : Prof.S.I.Ahson Dept. of Computer Science Jamia Milia Approach and Steps taken
Principles for Selection of Standards for adoption in E-Governance
E-Governance Standards: Open Standards Standards that are publicly available for implementation All Interested parties should be able to participate in development Essential intellectual property rights(IPR) may be included so long as these IPR can be made available under non-discriminatory terms and a reasonable fee or no fee at all (RAND terms)
E-Governance Standards: Open Standards & Patents Most Standards Bodies eg: IETF,OASIS,W3C,ISO prefer no patents But they do allow the inclusion of patents that can be licensed under Reasonable and Non-Discriminatory Terms (RAND) terms in their Standards Patent Policies revolve around RAND policy,either with some form of royalty payment or royalty free or a mixture of both Some Organisations do not consider a RAND encumbered standard as an Open Standard eg:European Union's E-Governance Interoperability Framework project
E-Governance Standards: National Considerations Enables electronic National records and data to be stored in open file format. Ensures interoperability of National ICT applications and facilitates data interchange Prevents over-reliance on foreign technologies /products Enables smaller local vendors to participate in National Projects Assist Free and Open Source(FOSS) to be promoted.
E-Governance Standards : Challenges Open Standards not available or not mature enough for a required technology Use de facto standard that is publicly published and freely available for implementation Encourage owner of de facto standard to submit to open standards body for adoption/adaption as a standard Entrenched usage of a Proprietary Standard-not practical to ignore it Phase it out slowly,in the interim,work towards interoperability with open standards installations and/or use file format conversion tools
E-Governance Standards: Government Policies More and more public sector agencies all over the world have policies that require open standards; Most e-Government projects have the Interoperability Framework that specifies open standards; If more countries are to insist on open standards, more vendors will be forced to open their file formats and technology specifications; No good reason for an organisation not to mandate open standards .No vendor can reasonably complain about procurement terms mandating open standards
E-Governance Standards:Summary Interoperability is crucial-Conformance to Standards needed; Standards that are open and non-discriminatory preferred No dependence on any single entity,all types of products can implement them and all interested parties can partake in their development; Most governments specifying open standards in their IT policies. (Norway,Denmark,UK,Netherlands,France,Brazil,Australia,New Zealand,Malaysia)
E-Governance Standards: Principles Easy accessibility for all to read and use/implement; Developed by a process that is open and relatively easy for anyone to participate in; No control or tie-in by any specific group /person / entity Main disagreement is in whether to consider Standards that contain RAND-encumbered patents or not;available royalty free or at minimal cost, with other restrictions
Areas ofStandardisation Technical Standards and E-Governance Architecture Network and Information Security Standards Meta data and Data Standards Localisation and Language Technology Standards Quality and Documentation Standards Legal Enablement of ICT Systems Governance Process Re-engineering* *being constituted
Areas ofStandardisation- Working Groups Working Group Technical Standards & E-Governance Architecture Network & Information Security Metadata & Data Standards Quality & Documentation Localisation & Language Technology Standards Legal Enablement of ICT Systems Chairman Prof.S.Krishna,IIM Bangalore Prof.N.Balakrishnan,IISC Bangalore Prof.C.R.Muthukrishnan Dr.S.Sarnot,DG,STQC Dr.Narayanamurthy Justice Somasekhara
WG1-Technical Standards & E-Governance ArchitectureScope 1. Development based on Open standards. 2. Platform Independence. 3. Reusable Component based development. 4. Policies and Guidelines for Systems Development
WG1-Technical Standards & E-Governance ArchitectureAreas 1. Enterprise Architecture 2. Interoperability Framework
WG1-Technical Standards & E-Governance ArchitectureSub Groups Under TSEGA 1. Enterprise Architecture Coordinator – Mr.Neel Ratan,Executive Director,PwC 2. Standards Taxonomy Coordinator –Mr.Jaijit Bhattacharya,Sun Microsystems 3. Standards Process Coordinator- Dr.Shankara Prasad,CEO,INKROMA 4. Interoperability Framework for e-Governance Coordinator-Mr.Ramesh Singh,Senior Technical Director,NIC
WG1-Technical Standards & E-Governance ArchitectureTSEGA Brain Storming Session – Feb 17th 2006 at IIM Bangalore Working Group Meetings First Working Group Meeting - 3rd March 2006 Second Working Group Meeting - 24th July 2006 State Level Workshops at Kerala, West Bengal , Orissa, Andhra Pradesh
Summary of Brainstorming Session 1. A Study of the U.S Federal Enterprise Architecture (FEA) in the Indian Context needs to be taken up. The model could first be studied in terms of successful projects of NIC. A National E-Governance EA could then be formulated. 2. A comprehensive list of Standards need to be made so as to arrive at the framework of Technical Standards of the E-Governance Architecture model. The relevant Specification standards can be plugged to this framework which will also aim to define the complete information system implementation in the Indian context. Base list of provided by manager, Bangalore One can be taken for the broad description of standards to begin with. 3. Process of evolution of standards that include the norms and prescribe the various processes for evolution of standards need to brought out. Legal aspects of standardization process need to be factored into the framework. 4. The scope must involve a flexible and comprehensive architectural model that supports development of complete requirements of all e-Governance initiatives in India (G2G, G2B, G2C, G2E, G2X) . 5. Conceptual architecture is the combination of process architecture, application architecture and technical architecture. The next level to be looked into is the process architecture that has both the private and public processes. 6. Standards for Process Level interoperability need to be addressed. 7. To summarize, Architecture, Interoperability standards and Reuse, Project implementation, Project management, sustenance and service quality standards may be the major focus.
WG1-Technical Standards & E-Governance ArchitectureActivities Sub Group I Identification of Enterprise Architecture Components High Level EA Framework Top Level Detailing of each EA component. Sub Group II Working Draft on Standards Taxonomy Prepared Sub Group III The Standards Process Document prepared Submitted to Quality & Documentation Working Group Sub Group IV Under process of finalsiation of IFEG Version 3.0
Key Recommendations of First Working Group • Enterprise Architecture model in the Indian Context • Taxonomy of Standards • Processes for Evolving Standards
Key Recommendations of Second Working Group • Enterprise Architecture Top Level Detailing • Legal Aspects to be included in the framework • Interoperability Framework to include “Gateway”
Expected Deliverables • Provides business with a systematic approach to describing their business: • common language (e.g., “client”, “service”, “goal”) to describe the business • identify gaps in service delivery models • Highlights the interdependencies in service delivery across organisation boundaries: • across ministries • within ministries across traditional program delivery boundaries • Identifies gaps in business requirements early in design cycle • Lays foundation for re-use of data, applications and technology (component-based physical design) • Introduces discipline in developing, documenting and disseminating standards (data, applications, technology, security) • Facilitates cross-project communications through extensive user involvement
WG1-Technical Standards & E-Governance ArchitectureInteroperability Framework • Reference model of basic technical specifications • Set of Technology Standards • Guidelines for Platform-Independent Applications • development.
Aug 06 Sept06 Oct 06 Nov 06 Dec06 Jan07 Feb07 Mar07 Technical Standards & E-Governance Architecture 1.Enterprise Architecture Framework 1.1 Enterprise Architecture Framework Top Level Detailing of Components 1.2 Review by Chairman and Working Group Members 1.2 Preparation of RFP for inviting EOI 2. Interoperability framework and Technical Standards 2.1 Working Draft 2.2 Review Stage
WG2-Network & Information SecurityAgenda • Goals (TOR) • Methodology • Schedule • Current Status • What has been done
WG2-Network & Information SecurityTerms of Reference • Advise on development of required White Papers for discussion in the Working Group to evolve standards; • Evolve Standards; • Manage interaction with similar initiatives and standards bodies elsewhere in the world; • Nominate members on various International standards committees and continuously strive towards key roles for India in such international forums; • Define the scope of any deliverables, expected milestones, and the process for the group participants to approve the release of these deliverables (including publishing intermediate results); • Determine any dependencies of other entities on the deliverables of this group; • Define the expected level of involvement by the members of the Team (e.g., to track developments, write and edit technical reports, , etc.); • Must also include an estimate of the expected time commitment from participants; • Requirements that a quorum of group participants support any formal decision of the group; • Change control of the Draft standard document and Version Management. • Create a supporting framework for implementation and testing • Setting timeline for the release of initial set of standards to the Apex Body of Standards of DIT.
Identification of standards/guidelines documents Formation of Working Group Project Initiation Mode Delivery Mode Roll Out Mode Approval by Apex Body Certification Preparation of standards/guideline documents Preparation of Approach Papers, White Papers Conducting Workshops, Summits Test and Evaluation Accreditation Phase I Phase III Phase II WG2-Network & Information SecurityMethodology
Schedule Phase I Phase II Phase III Feb’06-Oct ‘06 Nov ‘06-Mar ‘07 Mar’06-July ‘07 1) Formation of working Group 2) Approach Papers/White Papers 3) Brain Storming/Workshops 4) Identification of deliverable standards/guidelines 5)Preparation of draft standards/guidelines documents 6) Review by Working Group 7) Test and evaluation/gap analysis 8) Approval by Apex body 9) Certification, Accriditation
Prof N. Balakrishnan, IISC Chairman Dr B.K.Gairola, NIC Prof S.V.Raghavan, IIT, Chennai Prof B.N.Jain, IIT, Delhi Mr Vijay Madan, CDOT Mr B.J.Srinath, DIT Ms Renu Budhiraja, DIT Dr C.B.Misra, CMC Mr N.Rajendran, IDRBT Dr P.Upender Rao, SBIICM Dr Atul Sen, DLRL Dr C.R.Chakravarthy, Cryptography Consultant Mr R.Ravi, HCL Mr Sanjay Debnath, Intel Mr Mukhesh saini, Microsoft Mr Devjoy Choudhury, NISG Mr Mohan Ram, CDAC Mr Jaijit Bhattacharya, SUN Micro Mr Umang Bedi, Symantec Mr Subramanyan Nagaraj, CISCO Dr Bhanu Murty, RAMCO Mr Rameesh kailasam, Oracle Mr Sukhbir Singh, BIS WG2-Network & Information SecurityWorking Group
WG2-Network & Information SecuritySome of the Approach papers and White papers produced • Approach Paper on NISS • Network and Information security Framework • Significance of Standards • Network and Information Security Standards and Policies • Comprehensive Threat management • Data Back up and Recovery • Data Centre standards
WG2-Network & Information SecurityBrainstorming, Workshops and Summits
WG2-Network & Information SecurityAreas (deliverables )identified • Preparation of National Information Security Policy document • Security categorization and Mapping • Guidelines for Security categorization (low, medium and high risk environment) • Security Risk Assessment • Guidelines for Security threat and risk assessment • Catalogue of e-Gov threat factors • Risk assessment checklists and Tools • Security Requirement Specification • Guidelines on security assurance and creation of security requirement specification • Guidelines for selection of Information Technology Security products and Services
WG2-Network & Information SecurityAreas (deliverables) identified • Security Planning • Guidelines for Developing Security Plans for Information Technology Systems (Sample security manual and procedures) • ISO 27001 questionnaire • Guidelines for interpretation and implementation of security controls for information systems and selection of baseline security controls • Security Control Design • Provide a master catalog of security controls for information systems incorporated from many sources (e-Governance ISMS document) • Guidelines on secure application development and secure coding practices. • Guidelines on integration of security with SDLC process • Guidelines on security best practices including management, operational and technical controls.