The Netherlands istrategy

Transcription

1 DGOBR DIR Contactpersoon Henri Rauch T The Netherlands istrategy Creating a leaner, more efficient Central Government through Information and Communications Technology (ICT) and Information Management (IM) 1. Introduction This document summarises the Dutch Government s istrategy its plans for using Information and Communications Technology (ICT) and Information Management (IM) to streamline the operations of Central Government (i.e., the Civil Service) and the services it provides to the public. This strategy will be implemented between 2012 and The strategy was presented to the Dutch parliament by the Minister of the Interior on 15 November The istrategy is based on principles set out earlier in the government s overall programme for downsizing Central Government and making it more efficient Compact Central Government. The istrategy fleshes out the role to be played by ICT and IM in that programme. This includes unifying the current fragmented ICT infrastructure, reducing the number of data centres, establishing a single Central Government ICT security authority, developing proposals to harmonise the design and use of software, and digitalising services provided by Central Government to the public. The intended outcome of these measures is increased efficiency and reduced costs. 2. Background 2.1 Early days The present ICT infrastructure and IM system of Central Government has been developed over several decades. Initially, a centralised approach was taken, and the establishment of a Central Government Computer Centre was a significant milestone. Subsequently, in the 1980s and 1990s, new technologies led to a reversal of that trend, and ministries no longer had to use centrally developed facilities but were free to choose their own service providers. As a result, a patchwork of different ICT facilities and suppliers/providers gradually emerged to run Central Government operations and support its primary processes. Pagina 1 van 12

2 2.2 Simplification and streamlining However, a need to simplify and streamline Central Government in general soon became apparent, and various coordinated reforms were introduced. In the fields of ICT and IM, this led to the development of generic facilities and other measures that would enable ministries to work together more easily. These measures included the following: A uniform Central Government Digital Work Environment A single platform for collaboration throughout Central Government An overarching Central Government website The alignment of individual ministry websites The appointment of a Chief Information Officer (CIO) within each ministry The appointment of a Central Government CIO. These measures are now embedded in a more general programme to make Central Government more compact and more efficient. 2.3 Constant change is here to stay It would be unfair to conclude that Central Government policymakers were inconsistent or indecisive in their approach to ICT and IM. The way in which Central Government is organised is inevitably affected by the technology available at any given time. Today, constraints once imposed by location and time have been largely reduced or eliminated, and services no longer need to be physically provided on the spot. As a result, the way Central Government is organised is constantly changing, as it adapts to the needs of its environment and evolves in response to emerging technologies. 3. The scope of the istrategy 3.1 Specific activities The government s istrategy will involve the following three main activities: Specifying and implementing the ICT and IM aspects of the programme for making Central Government leaner Aligning and further developing aspects of existing policy Developing any additional policies required The i-infrastructure The primary objective of the istrategy is to develop a government-wide information infrastructure (the i-infrastructure ) that will eliminate unnecessary variation and improve control of ICT and IM matters. This i-infrastructure will consist of: A single ICT infrastructure throughout Central Government A single IM system and related control mechanisms Previous experience In implementing these activities, lessons will be learned from the earlier introduction of the Central Government Digital Work Environment (see above, 2.2). Although the aim of that project was to standardise computer workstations throughout Central Government, there are still today major differences across ministries with respect, for example, to ICT security and data access, software purchasing, digitisation of hard copies, identity management, and the set-up and use of data centres. Pagina 2 van 12

3 3.2 Standardisation To maximise standardisation and use, the strategy will make generic frameworks, services and products available to all Central Government organisations. Examples of such generic frameworks or services include: Software and hardware installed at each workstation Security rules and facilities Network access A message box function A digital archiving function. A service or facility will be designated as generic on the grounds of how widely it will be used and how much money it can save. When a Central Government organisation requires a certain functionality, and that functionality is available among the existing generic services or facilities, the organisation in question will not be permitted to introduce its own specific alternative but will be required to use the generic service or facility. Implementing a government-wide i-infrastructure in this way will result in: Greater uniformity More generic components Fewer specific components More widespread use of the same software Lower costs. For example, in the context of making Central Government leaner, the central agency for collecting fines is grouping its collection activities in ways that make it possible to rationalise the underlying information systems. 3.3 Progression The redesign of the i-infrastructure should start by addressing the needs of the core policymaking units and their associated agencies. On the basis of a positive business case, the government itself is now connecting its agencies to the Central Government-wide operational infrastructure, and is currently investigating the possibility of also allowing participation by autonomous administrative authorities (public bodies appointed by government, but not subject to ministerial control). The early involvement of government agencies is important as they are particularly active in creating new building blocks for the i-infrastructure. Examples of such building blocks are DigiD (a digital identity that enables people to access many online services offered by government agencies) and a Message Box (a personal online mailbox for correspondence with government agencies). 3.4 Exceptions It is acknowledged that the use of generic services and frameworks may not be realistic in all cases. The two principal exceptions in this respect are: The Ministry of Defence and the intelligence services The primary process Ministry of Defence and the intelligence services Due to their special position, separate arrangements need to be made for the Ministry of Defence and the General Intelligence and Security Service. For example, due to its vertical integration with the armed forces, the Ministry will not concentrate its i-facilities in the Core Policymaking Units. Special agreements will Pagina 3 van 12

4 also be made regarding its participation in matters such as data centre consolidation and the Central Government ICT security authority The primary process As the name suggests, the primary process forms the core of Central Government s business. Although the main point of introducing an i-infrastructure is to increase uniformity and promote the wider use of the same software, it may not always be possible to insist on adherence to this goal where the primary process is concerned as, for practical reasons, this may need a variety of systems. Certainly, however, the decisions currently being made by the Dutch Government about the i- infrastructure (in particular where generic components are concerned) will have implications for ICT systems forming part of the primary process. 3.5 Role of existing policy The istrategy not only consists of the steps needed to set up a Central Government-wide i-infrastructure and the associated organisational, control and human resources aspects, but also focuses on elaborating existing policy concerning such matters as system architecture and information management. Where necessary, that policy will be adjusted or new components will be added to it. 3.6 Security The security of Central Government s ICT systems and the level of public confidence placed in them are important points of concern within the context of the istrategy. The vital importance of reliable digital communication was demonstrated in 2011 by the problems surrounding a government-appointed digital certification agency called DigiNotar, where a security breach resulted in the issue of fraudulent certificates. 4. The aims of the istrategy 4.1 General aim The general aim of the istrategy is to replace the fragmented i-infrastructure that has emerged since the 1980s and 1990s, with its many different internal service providers, with an infrastructure based on state-of-the-art, proven technologies. The Dutch Government will work on raising the organisation, design and control of the i-infrastructure to the required standard during its current term in office. 4.2 General criteria In order to develop a government-wide i-infrastructure, we need a clear idea of what Central Government will require in the years ahead. Clearly, in general terms, Central Government needs an ICT and information management system that is: Uniform and reliable Supportive of its primary process Based on clear-cut agreements covering development, management and control. 4.3 Specific criteria More particularly, the system needs to meet the following additional criteria: The infrastructure should link together policymaking, implementation, monitoring and enforcement, with the aim of facilitating the primary process while improving Pagina 4 van 12

5 quality and reducing costs. It should be designed and implemented by a coordinated team of specialist ICT service providers. The system should operate regardless of time, location or device, and make secure, easy inter-ministerial cooperation possible. Specifically, it should be based on the concept of cloud computing (i.e., buying services, such as the intangible use of software, rather than purchasing products, such as a physical software package). In this way, subject to the necessary data security and data ownership requirements, the government will be able to benefit from the potential of cloud computing. The system should enable close cooperation with the private sector while nonetheless leaving control in the hands of Central Government. Finally, it should enable civil servants in Central Government to have their own digital work environment, providing anytime, anywhere access to whatever they are entitled to access (e.g., the network, generic and specific applications, social media or collaborative platforms), on the device of their choice. The system should ensure that major, high-risk ICT projects are failsafe. Central Government s portfolio of projects with an ICT component (in particular, large-scale and high-risk projects) will be managed so that they will be completed on time and within the allotted budget and produce the intended results. The CIO system will make a visible and effective contribution to ICT project management. 5. Implementing the istrategy in practice 5.1 New and old measures The criteria outlined in the previous section constitute a further development of the policy the Dutch Government has been pursuing in recent years to streamline Central Government. As a further development in the same direction, it is now also implementing measures to improve control and standardise the ICT infrastructure. Some of these measures are completely new; others extend and improve existing policy to bring them into line with the target situation. These various measures can be grouped as follows: Structuring supply (5.2) Sourcing (5.3) Control and accountability (5.4) The individual civil servant (5.5) Personnel and quality (5.6) Trust and data security (5.7) Working with the private sector (5.8) Structuring supply The main issue addressed by the istrategy and its specification is how Central Government decides to use shared facilities and the basic organisational principles on which facilities are made available Workstations First, the system of ICT service providers will be restructured. Already, internal ICT service providers are being regrouped to serve the core policymaking units and their associated agencies. This will involve reforming and extending the current ICT Shared Services Unit to make it responsible for managing the workstations for the core policymaking units in The Hague. Pagina 5 van 12

6 5.2.2 Clustering comparable services It should also be possible to group together services that involve the same or very similar processes. Such grouped services can then be outsourced to the service provider that offers the best terms with respect to available knowledge, spread of risk, and acquired expertise. This may necessitate selecting multiple service providers. Examples of such groupings that could be served by a single provider include: Services that need to satisfy specific security requirements Services that involve the collection of fines from the public Services provided by funding organisations within Central Government. It may even be possible to group together activities that involve conducting inspections, and provide them with a shared provider, since an appropriate unit (with specialist knowledge and expertise) exists within the Ministry of Economic Affairs, Agriculture and Innovation. The possibility of appointing this unit to become a provider of ICT services more generally within Central Government is under consideration. Finally, the document services required by many operations in Central Government are currently provided by a specialist provider. Given that implementing digital document management in all core policy units within five years is a government priority, the possibility of inviting the existing supplier to extend its scope of service to digital document management is also under consideration Results As a result of such rationalisations, the number of internal ICT service providers for generic ICT services will be reduced from approximately 40 to fewer than 10 in the next few years. These 40 providers currently supply specific applications. These specific applications will be replaced by some 20 generic components. 5.3 Sourcing Work can be undertaken in-house, carried out in cooperation with other parties, or fully outsourced to a party in either the public or private sector. Whether or not work should be outsourced will be decided on a case-by-case basis, depending on questions of feasibility and return on investment Criteria for outsourcing Specifically, work will only be outsourced if: The commissioning body has its own house in order (e.g., relevant operations have been suitably harmonised) The commissioning body is competent in applying effective commissioning practices There is a convincing business case for outsourcing the work Uniform assessment More generally, to minimise costs, concentrate operations and provide an unambiguous and transparent decision-making process, all ministries will use the same generic ICT impact assessment framework. This will ensure that: Wherever possible, existing and proven technologies are used (or re-used) Infrastructures are aligned with and linked in to the government-wide i- infrastructure Pagina 6 van 12

7 Decisions are based on a sound business case Internal service providers are used where appropriate. 5.4 Control and accountability It is important that the information infrastructure provides instruments for the efficient and transparent control of operations and provision of clear lines of accountability. The istrategy proposes to achieve this in three ways: Introducing an enterprise architecture Setting up a system of Chief Information Officers (CIOs) Extending reporting obligations Introducing an enterprise architecture A Central Government-wide enterprise architecture will be set up, based on the current Central Government model architecture. This will provide a coherent framework in which the generic, interconnected components of the Central Government-wide i-infrastructure can all be linked up Setting up a system of Chief Information Officers (CIOs) A system of Chief Information Officers (CIOs) has recently been introduced (see above, 2.2). The government is unwilling to change it for the time being, pending the results of an evaluation of the most recent supplementary measures, especially the Central Government-wide introduction of project portfolio management. The impact of the CIO system will be monitored over the next few years, in consultation with the Central Audit Directorate. The practice of conducting Gateway Reviews will be continued Extending reporting obligations Accountability for large-scale and high-risk ICT projects carried out by ministries and their autonomous administrative authorities is given in Central Government s Annual Report on Operations. Consideration is being given to whether additional information should be included in the underlying reporting model. 5.5 The individual civil servant The new i-infrastructure will have implications for individual civil servants. The Central Government Digital Work Environment (see above, 2.2) will be developed in line with the government s cloud strategy (see above, 4.3), user wishes (specifically concerning the primary process), and technological and social changes Apps and mobile devices Civil servants using the Digital Work Environment will be able to choose from a wide range of work-related apps and download them from an online store. They will also be able to bring (or choose) their own device, so that they are not tied to a particular device or tool Access controls Setting up processes (primary and secondary) that transcend departmental boundaries necessitates Central Government-wide identity management and access rights control (e.g., by means of a special smartcard). Previously, this was achieved by creating a central framework and then leaving implementation to the ministries (and their departments and units). However, such loose links are no longer adequate, and need to be replaced by genuine integration. Pagina 7 van 12

8 5.5.2 Digital document management The government wishes to improve the efficiency of inter-ministerial cooperation by implementing effective digital document management. Information management within Central Government will therefore be designed so that ministries can provide government-wide access to as many documents as possible. This will require the introduction of various IM standards. The document management systems will also be interlinked to permit document-sharing across ministry boundaries Digital archiving and data centres A single, Central Government-wide generic facility will be introduced for digital archiving, and the current data centres of ministries will be merged into shared centres, enabling the number of centres to be drastically reduced from 64 to a mere 4 or 5. This change was already announced in the Compact Central Government Programme (see above, 1.). 5.6 Personnel and quality Although much ICT and IM work seems to revolve around hardware and software considerations, in fact people play a crucial role. Unless the people developing and operating the system have the right expertise and skills, it will never perform well. For that reason, part of the istrategy is about ensuring the optimum quality of staff, as described below ICT professionals with commissioning expertise A pool of ICT professionals drawn from across Central Government has been set up with the purpose of building and maintaining crucial expertise in-house and reducing the number of external professionals who need to be engaged. Being able to access such expertise easily is especially important in complex tendering procedures, as these also require considerable familiarity with the technical side of ICT products and services HR quality In an effort to improve internal and external labour market policy and personnel planning in ICT and IM, a quality framework was developed in 2010, based on the EU s e-skills Programme. This framework specifies the required levels of knowledge and competence for all job categories and levels, from ICT service providers and tactical and strategic managers to project and programme managers responsible for projects with a major ICT component. This quality framework will be introduced for all matching and training operations starting in In 2013, a full range of training courses will become available for commissioners and senior staff. They will include courses in how to deal with tendering procedures in the context of European law a topic that is increasingly in demand, and is the subject of attention in many ministries. 5.7 Trust and information security It is important that citizens feel they can trust Central Government to store and use any data relating to them with the greatest of care, making sure that it is accurate and used in accordance with the law. This means we need to continue to invest in: Making the Central Government system resilient to deliberate or inadvertent breaches of security Enabling it to recover rapidly from security breaches Developing processes for dealing with privacy-sensitive data. Pagina 8 van 12

9 Some of the ways this may be achieved are given below Robust information security concepts Investments need to be made in securing data above and beyond the device and network level. This will make it possible to work regardless of a particular device (within a bring or choose your own device policy). Where classified information is subject to special security requirements, the knowledge and expertise of the intelligence services will be enlisted Fewer internet connections Network security will be improved by cutting back on the number of internet connections maintained by Central Government. Instead, a single Central Government internet connection will be created, thereby streamlining management, improving quality, cutting costs and reducing risk From unconscious risk aversion to conscious and responsible risk management Staff must be willing and able to deal securely with information. Now that they are able to choose their own tools and have many more communication options at their disposal (e.g., social media), today s civil servants must be more aware than ever of the risks inherent in using digital tools, and must therefore know how to use them properly. Central Government will assist staff by providing them with satisfactory tools and clear rules and advice Security agreements Efforts must also be made to enter into agreements with internal and external parties on information security (e.g., by harmonising the relevant process, and by monitoring compliance with those agreements) Reporting requirement The Minister of Security and Justice intends to require organisations that play a crucial role in society to report ICT incidents. This type of transparency should increase the public s confidence in Central Government s security Instruments It is vital that Central Government can recover quickly from any breaches of the ICT infrastructure. To this end, relevant supplementary instruments (both operational and legal) are currently being developed that will allow government to take decisive action in such situations Research and expertise It is also important that appropriate research capability and expertise is available with Central Government (as specified in the government s National Cyber Security Strategy). Steps are being taken to ensure that this is the case Single IT Security Unit The Ministry of Justice and Security is currently developing a single authority for government-wide operational ICT security. This authority will serve as a repository for rare knowledge and expertise. Pagina 9 van 12

10 5.7.9 Privacy protection requirements for large-scale projects Privacy protection requirements are being added to the existing requirements applicable to the management of large-scale ICT projects. Extending the requirements for ICT project management in this way will encourage the cautious use of privacy-sensitive information, increase the involvement of the relevant ministry's CIO, and guarantee that the House of Representatives is kept well informed. The additional measures are described below. Risk profile Project plans for large-scale ICT projects must state whether the project involves privacy-sensitive data and connections with or enhancements of that data. It must also state (with grounds) whether or not the plan should be subject to a Privacy Impact Assessment or similar instrument. The commissioner and the relevant ministry s CIO will take this information into account when drafting the project risk profile. If the risk profile indicates that the project is high-risk, reports on the project must be submitted to the House of Representatives in the Annual Report on Operations and Central Government s ICT Dashboard. Assessment If a project plan includes privacy-sensitive data and connections with or enhancements of that data, the ministry's CIO, when assessing the project, will ask the advice of the ministry s data protection officer, who is responsible for enforcing and monitoring compliance with the Personal Data Protection Act. Report of any change Commissioners of ICT projects will be obliged to report to the relevant ministry s CIO any system change that involves the use of privacy-sensitive data and connections to or enhancements of the same. The CIO will then decide whether the changes call for a new assessment. 5.8 Working with the private sector To ensure the success of our ICT projects and attain our objectives, we will need to work even more closely with commercial providers and suppliers Covenant To encourage and optimise such collaboration in the years ahead, and tailor it to trends and developments within Central Government, we will therefore draw up a covenant with representatives of the ICT sector and SMEs. This will cover a broad set of concerns, including: On-going development and application of precompetitive market consultation Trend-watching, to take advantage of opportunities to improve procurement practices Knowledge-sharing Developing new forms of public-private partnership Nurturing and retaining talent in the sector. Pagina 10 van 12

11 5.8.2 Additional means of consultation In addition, the Dutch Government will encourage consultation with the market by: Performing specially developed feasibility tests (especially on larger-scale ICT projects) Sharing the outcomes of such tests with the CIOs and providers and suppliers Using a looser form of market consultation (a tool called ICT Market Mirror ), where appropriate Strategic supplier structure To improve its position with respect to suppliers and providers, Central Government is also setting up a strategic supplier management structure, which will enable it to take strategic, sustainable investment decisions for the Central Government as a whole. 6. Financing Most of the proposed expenditure on the istrategy is provided for in the long-term budget. Any new or additional activities will need to be paid from existing budgets (e.g., for projects within the Compact Central Government Programme). Each decision will need to be justified by business cases substantiating the potential savings and specifying the expenditure required to realise those savings. In many instances, NGOs will be able to use their credit facility, borrowing funds from the Ministry of Finance, repaying them from its user charges. Although a business case may be financially positive for Central Government as a whole, it may turn out to be disadvantageous for an individual ministry. In such cases, the individual ministry will be compensated in a way that will leave the Central Government-wide savings intact. 7. Reporting The minister will report to the House of Representatives on how implementation of the istrategy is proceeding in the Annual Report on Central Government Operations. Information about large-scale and high-risk ICT projects being conducted by the Central Government is available on a dedicated public-access website ( The Central Government s ICT Dashboard ), at (in Dutch). 8. Final remarks The Dutch Government is aware that the plans and developments outlined here cannot all be implemented overnight. 8.1 Coping with constant change The first major steps towards overhauling the i-infrastructure can be taken during the government s present term in office. But it is important to bear in mind that the Pagina 11 van 12

12 i-infrastructure will change continuously, and that it must be able to accommodate such change. For example, it will need to take account of: The changing needs of the primary process The latest technologies and the opportunities they offer International trends and experience gained in other countries New bureaucratic and governance challenges in Central Government The changing needs and expectations of civil society. 8.2 Achieving government objectives The Dutch Government believes that the istrategy described here will enable it to realise its objectives, creating an i-infrastructure that will: Respond flexibly to new trends and developments Reduce costs Enable ministries to work more efficiently together. It regards the istrategy as forming an important foundation of its Compact Central Government Programme and as a means of making a long-term investment in the professionalism, effectiveness and efficiency of Central Government. Pagina 12 van 12