The Netherlands istrategy
|
|
- Susanna Wade
- 5 years ago
- Views:
Transcription
1 DGOBR DIR Contactpersoon Henri Rauch T The Netherlands istrategy Creating a leaner, more efficient Central Government through Information and Communications Technology (ICT) and Information Management (IM) 1. Introduction This document summarises the Dutch Government s istrategy its plans for using Information and Communications Technology (ICT) and Information Management (IM) to streamline the operations of Central Government (i.e., the Civil Service) and the services it provides to the public. This strategy will be implemented between 2012 and The strategy was presented to the Dutch parliament by the Minister of the Interior on 15 November The istrategy is based on principles set out earlier in the government s overall programme for downsizing Central Government and making it more efficient Compact Central Government. The istrategy fleshes out the role to be played by ICT and IM in that programme. This includes unifying the current fragmented ICT infrastructure, reducing the number of data centres, establishing a single Central Government ICT security authority, developing proposals to harmonise the design and use of software, and digitalising services provided by Central Government to the public. The intended outcome of these measures is increased efficiency and reduced costs. 2. Background 2.1 Early days The present ICT infrastructure and IM system of Central Government has been developed over several decades. Initially, a centralised approach was taken, and the establishment of a Central Government Computer Centre was a significant milestone. Subsequently, in the 1980s and 1990s, new technologies led to a reversal of that trend, and ministries no longer had to use centrally developed facilities but were free to choose their own service providers. As a result, a patchwork of different ICT facilities and suppliers/providers gradually emerged to run Central Government operations and support its primary processes. Pagina 1 van 12
2 2.2 Simplification and streamlining However, a need to simplify and streamline Central Government in general soon became apparent, and various coordinated reforms were introduced. In the fields of ICT and IM, this led to the development of generic facilities and other measures that would enable ministries to work together more easily. These measures included the following: A uniform Central Government Digital Work Environment A single platform for collaboration throughout Central Government An overarching Central Government website The alignment of individual ministry websites The appointment of a Chief Information Officer (CIO) within each ministry The appointment of a Central Government CIO. These measures are now embedded in a more general programme to make Central Government more compact and more efficient. 2.3 Constant change is here to stay It would be unfair to conclude that Central Government policymakers were inconsistent or indecisive in their approach to ICT and IM. The way in which Central Government is organised is inevitably affected by the technology available at any given time. Today, constraints once imposed by location and time have been largely reduced or eliminated, and services no longer need to be physically provided on the spot. As a result, the way Central Government is organised is constantly changing, as it adapts to the needs of its environment and evolves in response to emerging technologies. 3. The scope of the istrategy 3.1 Specific activities The government s istrategy will involve the following three main activities: Specifying and implementing the ICT and IM aspects of the programme for making Central Government leaner Aligning and further developing aspects of existing policy Developing any additional policies required The i-infrastructure The primary objective of the istrategy is to develop a government-wide information infrastructure (the i-infrastructure ) that will eliminate unnecessary variation and improve control of ICT and IM matters. This i-infrastructure will consist of: A single ICT infrastructure throughout Central Government A single IM system and related control mechanisms Previous experience In implementing these activities, lessons will be learned from the earlier introduction of the Central Government Digital Work Environment (see above, 2.2). Although the aim of that project was to standardise computer workstations throughout Central Government, there are still today major differences across ministries with respect, for example, to ICT security and data access, software purchasing, digitisation of hard copies, identity management, and the set-up and use of data centres. Pagina 2 van 12
3 3.2 Standardisation To maximise standardisation and use, the strategy will make generic frameworks, services and products available to all Central Government organisations. Examples of such generic frameworks or services include: Software and hardware installed at each workstation Security rules and facilities Network access A message box function A digital archiving function. A service or facility will be designated as generic on the grounds of how widely it will be used and how much money it can save. When a Central Government organisation requires a certain functionality, and that functionality is available among the existing generic services or facilities, the organisation in question will not be permitted to introduce its own specific alternative but will be required to use the generic service or facility. Implementing a government-wide i-infrastructure in this way will result in: Greater uniformity More generic components Fewer specific components More widespread use of the same software Lower costs. For example, in the context of making Central Government leaner, the central agency for collecting fines is grouping its collection activities in ways that make it possible to rationalise the underlying information systems. 3.3 Progression The redesign of the i-infrastructure should start by addressing the needs of the core policymaking units and their associated agencies. On the basis of a positive business case, the government itself is now connecting its agencies to the Central Government-wide operational infrastructure, and is currently investigating the possibility of also allowing participation by autonomous administrative authorities (public bodies appointed by government, but not subject to ministerial control). The early involvement of government agencies is important as they are particularly active in creating new building blocks for the i-infrastructure. Examples of such building blocks are DigiD (a digital identity that enables people to access many online services offered by government agencies) and a Message Box (a personal online mailbox for correspondence with government agencies). 3.4 Exceptions It is acknowledged that the use of generic services and frameworks may not be realistic in all cases. The two principal exceptions in this respect are: The Ministry of Defence and the intelligence services The primary process Ministry of Defence and the intelligence services Due to their special position, separate arrangements need to be made for the Ministry of Defence and the General Intelligence and Security Service. For example, due to its vertical integration with the armed forces, the Ministry will not concentrate its i-facilities in the Core Policymaking Units. Special agreements will Pagina 3 van 12
4 also be made regarding its participation in matters such as data centre consolidation and the Central Government ICT security authority The primary process As the name suggests, the primary process forms the core of Central Government s business. Although the main point of introducing an i-infrastructure is to increase uniformity and promote the wider use of the same software, it may not always be possible to insist on adherence to this goal where the primary process is concerned as, for practical reasons, this may need a variety of systems. Certainly, however, the decisions currently being made by the Dutch Government about the i- infrastructure (in particular where generic components are concerned) will have implications for ICT systems forming part of the primary process. 3.5 Role of existing policy The istrategy not only consists of the steps needed to set up a Central Government-wide i-infrastructure and the associated organisational, control and human resources aspects, but also focuses on elaborating existing policy concerning such matters as system architecture and information management. Where necessary, that policy will be adjusted or new components will be added to it. 3.6 Security The security of Central Government s ICT systems and the level of public confidence placed in them are important points of concern within the context of the istrategy. The vital importance of reliable digital communication was demonstrated in 2011 by the problems surrounding a government-appointed digital certification agency called DigiNotar, where a security breach resulted in the issue of fraudulent certificates. 4. The aims of the istrategy 4.1 General aim The general aim of the istrategy is to replace the fragmented i-infrastructure that has emerged since the 1980s and 1990s, with its many different internal service providers, with an infrastructure based on state-of-the-art, proven technologies. The Dutch Government will work on raising the organisation, design and control of the i-infrastructure to the required standard during its current term in office. 4.2 General criteria In order to develop a government-wide i-infrastructure, we need a clear idea of what Central Government will require in the years ahead. Clearly, in general terms, Central Government needs an ICT and information management system that is: Uniform and reliable Supportive of its primary process Based on clear-cut agreements covering development, management and control. 4.3 Specific criteria More particularly, the system needs to meet the following additional criteria: The infrastructure should link together policymaking, implementation, monitoring and enforcement, with the aim of facilitating the primary process while improving Pagina 4 van 12
5 quality and reducing costs. It should be designed and implemented by a coordinated team of specialist ICT service providers. The system should operate regardless of time, location or device, and make secure, easy inter-ministerial cooperation possible. Specifically, it should be based on the concept of cloud computing (i.e., buying services, such as the intangible use of software, rather than purchasing products, such as a physical software package). In this way, subject to the necessary data security and data ownership requirements, the government will be able to benefit from the potential of cloud computing. The system should enable close cooperation with the private sector while nonetheless leaving control in the hands of Central Government. Finally, it should enable civil servants in Central Government to have their own digital work environment, providing anytime, anywhere access to whatever they are entitled to access (e.g., the network, generic and specific applications, social media or collaborative platforms), on the device of their choice. The system should ensure that major, high-risk ICT projects are failsafe. Central Government s portfolio of projects with an ICT component (in particular, large-scale and high-risk projects) will be managed so that they will be completed on time and within the allotted budget and produce the intended results. The CIO system will make a visible and effective contribution to ICT project management. 5. Implementing the istrategy in practice 5.1 New and old measures The criteria outlined in the previous section constitute a further development of the policy the Dutch Government has been pursuing in recent years to streamline Central Government. As a further development in the same direction, it is now also implementing measures to improve control and standardise the ICT infrastructure. Some of these measures are completely new; others extend and improve existing policy to bring them into line with the target situation. These various measures can be grouped as follows: Structuring supply (5.2) Sourcing (5.3) Control and accountability (5.4) The individual civil servant (5.5) Personnel and quality (5.6) Trust and data security (5.7) Working with the private sector (5.8) Structuring supply The main issue addressed by the istrategy and its specification is how Central Government decides to use shared facilities and the basic organisational principles on which facilities are made available Workstations First, the system of ICT service providers will be restructured. Already, internal ICT service providers are being regrouped to serve the core policymaking units and their associated agencies. This will involve reforming and extending the current ICT Shared Services Unit to make it responsible for managing the workstations for the core policymaking units in The Hague. Pagina 5 van 12
6 5.2.2 Clustering comparable services It should also be possible to group together services that involve the same or very similar processes. Such grouped services can then be outsourced to the service provider that offers the best terms with respect to available knowledge, spread of risk, and acquired expertise. This may necessitate selecting multiple service providers. Examples of such groupings that could be served by a single provider include: Services that need to satisfy specific security requirements Services that involve the collection of fines from the public Services provided by funding organisations within Central Government. It may even be possible to group together activities that involve conducting inspections, and provide them with a shared provider, since an appropriate unit (with specialist knowledge and expertise) exists within the Ministry of Economic Affairs, Agriculture and Innovation. The possibility of appointing this unit to become a provider of ICT services more generally within Central Government is under consideration. Finally, the document services required by many operations in Central Government are currently provided by a specialist provider. Given that implementing digital document management in all core policy units within five years is a government priority, the possibility of inviting the existing supplier to extend its scope of service to digital document management is also under consideration Results As a result of such rationalisations, the number of internal ICT service providers for generic ICT services will be reduced from approximately 40 to fewer than 10 in the next few years. These 40 providers currently supply specific applications. These specific applications will be replaced by some 20 generic components. 5.3 Sourcing Work can be undertaken in-house, carried out in cooperation with other parties, or fully outsourced to a party in either the public or private sector. Whether or not work should be outsourced will be decided on a case-by-case basis, depending on questions of feasibility and return on investment Criteria for outsourcing Specifically, work will only be outsourced if: The commissioning body has its own house in order (e.g., relevant operations have been suitably harmonised) The commissioning body is competent in applying effective commissioning practices There is a convincing business case for outsourcing the work Uniform assessment More generally, to minimise costs, concentrate operations and provide an unambiguous and transparent decision-making process, all ministries will use the same generic ICT impact assessment framework. This will ensure that: Wherever possible, existing and proven technologies are used (or re-used) Infrastructures are aligned with and linked in to the government-wide i- infrastructure Pagina 6 van 12
7 Decisions are based on a sound business case Internal service providers are used where appropriate. 5.4 Control and accountability It is important that the information infrastructure provides instruments for the efficient and transparent control of operations and provision of clear lines of accountability. The istrategy proposes to achieve this in three ways: Introducing an enterprise architecture Setting up a system of Chief Information Officers (CIOs) Extending reporting obligations Introducing an enterprise architecture A Central Government-wide enterprise architecture will be set up, based on the current Central Government model architecture. This will provide a coherent framework in which the generic, interconnected components of the Central Government-wide i-infrastructure can all be linked up Setting up a system of Chief Information Officers (CIOs) A system of Chief Information Officers (CIOs) has recently been introduced (see above, 2.2). The government is unwilling to change it for the time being, pending the results of an evaluation of the most recent supplementary measures, especially the Central Government-wide introduction of project portfolio management. The impact of the CIO system will be monitored over the next few years, in consultation with the Central Audit Directorate. The practice of conducting Gateway Reviews will be continued Extending reporting obligations Accountability for large-scale and high-risk ICT projects carried out by ministries and their autonomous administrative authorities is given in Central Government s Annual Report on Operations. Consideration is being given to whether additional information should be included in the underlying reporting model. 5.5 The individual civil servant The new i-infrastructure will have implications for individual civil servants. The Central Government Digital Work Environment (see above, 2.2) will be developed in line with the government s cloud strategy (see above, 4.3), user wishes (specifically concerning the primary process), and technological and social changes Apps and mobile devices Civil servants using the Digital Work Environment will be able to choose from a wide range of work-related apps and download them from an online store. They will also be able to bring (or choose) their own device, so that they are not tied to a particular device or tool Access controls Setting up processes (primary and secondary) that transcend departmental boundaries necessitates Central Government-wide identity management and access rights control (e.g., by means of a special smartcard). Previously, this was achieved by creating a central framework and then leaving implementation to the ministries (and their departments and units). However, such loose links are no longer adequate, and need to be replaced by genuine integration. Pagina 7 van 12
8 5.5.2 Digital document management The government wishes to improve the efficiency of inter-ministerial cooperation by implementing effective digital document management. Information management within Central Government will therefore be designed so that ministries can provide government-wide access to as many documents as possible. This will require the introduction of various IM standards. The document management systems will also be interlinked to permit document-sharing across ministry boundaries Digital archiving and data centres A single, Central Government-wide generic facility will be introduced for digital archiving, and the current data centres of ministries will be merged into shared centres, enabling the number of centres to be drastically reduced from 64 to a mere 4 or 5. This change was already announced in the Compact Central Government Programme (see above, 1.). 5.6 Personnel and quality Although much ICT and IM work seems to revolve around hardware and software considerations, in fact people play a crucial role. Unless the people developing and operating the system have the right expertise and skills, it will never perform well. For that reason, part of the istrategy is about ensuring the optimum quality of staff, as described below ICT professionals with commissioning expertise A pool of ICT professionals drawn from across Central Government has been set up with the purpose of building and maintaining crucial expertise in-house and reducing the number of external professionals who need to be engaged. Being able to access such expertise easily is especially important in complex tendering procedures, as these also require considerable familiarity with the technical side of ICT products and services HR quality In an effort to improve internal and external labour market policy and personnel planning in ICT and IM, a quality framework was developed in 2010, based on the EU s e-skills Programme. This framework specifies the required levels of knowledge and competence for all job categories and levels, from ICT service providers and tactical and strategic managers to project and programme managers responsible for projects with a major ICT component. This quality framework will be introduced for all matching and training operations starting in In 2013, a full range of training courses will become available for commissioners and senior staff. They will include courses in how to deal with tendering procedures in the context of European law a topic that is increasingly in demand, and is the subject of attention in many ministries. 5.7 Trust and information security It is important that citizens feel they can trust Central Government to store and use any data relating to them with the greatest of care, making sure that it is accurate and used in accordance with the law. This means we need to continue to invest in: Making the Central Government system resilient to deliberate or inadvertent breaches of security Enabling it to recover rapidly from security breaches Developing processes for dealing with privacy-sensitive data. Pagina 8 van 12
9 Some of the ways this may be achieved are given below Robust information security concepts Investments need to be made in securing data above and beyond the device and network level. This will make it possible to work regardless of a particular device (within a bring or choose your own device policy). Where classified information is subject to special security requirements, the knowledge and expertise of the intelligence services will be enlisted Fewer internet connections Network security will be improved by cutting back on the number of internet connections maintained by Central Government. Instead, a single Central Government internet connection will be created, thereby streamlining management, improving quality, cutting costs and reducing risk From unconscious risk aversion to conscious and responsible risk management Staff must be willing and able to deal securely with information. Now that they are able to choose their own tools and have many more communication options at their disposal (e.g., social media), today s civil servants must be more aware than ever of the risks inherent in using digital tools, and must therefore know how to use them properly. Central Government will assist staff by providing them with satisfactory tools and clear rules and advice Security agreements Efforts must also be made to enter into agreements with internal and external parties on information security (e.g., by harmonising the relevant process, and by monitoring compliance with those agreements) Reporting requirement The Minister of Security and Justice intends to require organisations that play a crucial role in society to report ICT incidents. This type of transparency should increase the public s confidence in Central Government s security Instruments It is vital that Central Government can recover quickly from any breaches of the ICT infrastructure. To this end, relevant supplementary instruments (both operational and legal) are currently being developed that will allow government to take decisive action in such situations Research and expertise It is also important that appropriate research capability and expertise is available with Central Government (as specified in the government s National Cyber Security Strategy). Steps are being taken to ensure that this is the case Single IT Security Unit The Ministry of Justice and Security is currently developing a single authority for government-wide operational ICT security. This authority will serve as a repository for rare knowledge and expertise. Pagina 9 van 12
10 5.7.9 Privacy protection requirements for large-scale projects Privacy protection requirements are being added to the existing requirements applicable to the management of large-scale ICT projects. Extending the requirements for ICT project management in this way will encourage the cautious use of privacy-sensitive information, increase the involvement of the relevant ministry's CIO, and guarantee that the House of Representatives is kept well informed. The additional measures are described below. Risk profile Project plans for large-scale ICT projects must state whether the project involves privacy-sensitive data and connections with or enhancements of that data. It must also state (with grounds) whether or not the plan should be subject to a Privacy Impact Assessment or similar instrument. The commissioner and the relevant ministry s CIO will take this information into account when drafting the project risk profile. If the risk profile indicates that the project is high-risk, reports on the project must be submitted to the House of Representatives in the Annual Report on Operations and Central Government s ICT Dashboard. Assessment If a project plan includes privacy-sensitive data and connections with or enhancements of that data, the ministry's CIO, when assessing the project, will ask the advice of the ministry s data protection officer, who is responsible for enforcing and monitoring compliance with the Personal Data Protection Act. Report of any change Commissioners of ICT projects will be obliged to report to the relevant ministry s CIO any system change that involves the use of privacy-sensitive data and connections to or enhancements of the same. The CIO will then decide whether the changes call for a new assessment. 5.8 Working with the private sector To ensure the success of our ICT projects and attain our objectives, we will need to work even more closely with commercial providers and suppliers Covenant To encourage and optimise such collaboration in the years ahead, and tailor it to trends and developments within Central Government, we will therefore draw up a covenant with representatives of the ICT sector and SMEs. This will cover a broad set of concerns, including: On-going development and application of precompetitive market consultation Trend-watching, to take advantage of opportunities to improve procurement practices Knowledge-sharing Developing new forms of public-private partnership Nurturing and retaining talent in the sector. Pagina 10 van 12
11 5.8.2 Additional means of consultation In addition, the Dutch Government will encourage consultation with the market by: Performing specially developed feasibility tests (especially on larger-scale ICT projects) Sharing the outcomes of such tests with the CIOs and providers and suppliers Using a looser form of market consultation (a tool called ICT Market Mirror ), where appropriate Strategic supplier structure To improve its position with respect to suppliers and providers, Central Government is also setting up a strategic supplier management structure, which will enable it to take strategic, sustainable investment decisions for the Central Government as a whole. 6. Financing Most of the proposed expenditure on the istrategy is provided for in the long-term budget. Any new or additional activities will need to be paid from existing budgets (e.g., for projects within the Compact Central Government Programme). Each decision will need to be justified by business cases substantiating the potential savings and specifying the expenditure required to realise those savings. In many instances, NGOs will be able to use their credit facility, borrowing funds from the Ministry of Finance, repaying them from its user charges. Although a business case may be financially positive for Central Government as a whole, it may turn out to be disadvantageous for an individual ministry. In such cases, the individual ministry will be compensated in a way that will leave the Central Government-wide savings intact. 7. Reporting The minister will report to the House of Representatives on how implementation of the istrategy is proceeding in the Annual Report on Central Government Operations. Information about large-scale and high-risk ICT projects being conducted by the Central Government is available on a dedicated public-access website ( The Central Government s ICT Dashboard ), at (in Dutch). 8. Final remarks The Dutch Government is aware that the plans and developments outlined here cannot all be implemented overnight. 8.1 Coping with constant change The first major steps towards overhauling the i-infrastructure can be taken during the government s present term in office. But it is important to bear in mind that the Pagina 11 van 12
12 i-infrastructure will change continuously, and that it must be able to accommodate such change. For example, it will need to take account of: The changing needs of the primary process The latest technologies and the opportunities they offer International trends and experience gained in other countries New bureaucratic and governance challenges in Central Government The changing needs and expectations of civil society. 8.2 Achieving government objectives The Dutch Government believes that the istrategy described here will enable it to realise its objectives, creating an i-infrastructure that will: Respond flexibly to new trends and developments Reduce costs Enable ministries to work more efficiently together. It regards the istrategy as forming an important foundation of its Compact Central Government Programme and as a means of making a long-term investment in the professionalism, effectiveness and efficiency of Central Government. Pagina 12 van 12
Cyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationNATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -
NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders
More informationBrussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER
COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38
More informationPromoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda
2016 PARTNERSHIP FORUM Promoting accountability and transparency of multistakeholder partnerships for the implementation of the 2030 Agenda 31 March 2016 Dialogue Two (3:00 p.m. 5:45 p.m.) ECOSOC CHAMBER,
More informationProtecting information across government
Report by the Comptroller and Auditor General Cabinet Office Protecting information across government HC 625 SESSION 2016-17 14 SEPTEMBER 2016 4 Key facts Protecting information across government Key facts
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationGREEN DEFENCE FRAMEWORK
GREEN DEFENCE FRAMEWORK Approved by the North Atlantic Council in February 2014 GREEN DEFENCE FRAMEWORK OVERVIEW 1. Green Defence could, at this stage, be defined as a multifaceted endeavour cutting across
More informationICB Industry Consultation Body
ICB Industry Consultation Body Evolution of network management 17/11/2016 Issue Position Paper Long-term evolution of Network Management This position paper is intended to form the basis of advice to the
More informationehealth Ministerial Conference 2013 Dublin May 2013 Irish Presidency Declaration
ehealth Ministerial Conference 2013 Dublin 13 15 May 2013 Irish Presidency Declaration Irish Presidency Declaration Ministers of Health of the Member States of the European Union and delegates met on 13
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationBetween 1981 and 1983, I worked as a research assistant and for the following two years, I ran a Software Development Department.
Application for the post of the Executive Director of the European Network and Information Security Agency (ENISA) Udo Helmbrecht Presentation to the ENISA Management Board in Brussels on April 3 rd 2009
More informationRSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief
RSA Solution Brief Managing Risk Within Advanced Security Operations RSA Solution Brief How do you advance your security operations function? Increasingly sophisticated security threats and the growing
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationCommonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017
Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017 Title: Facilitating Investment in Cybersecurity as a means of achieving the Sustainable Development Goals Description: Information
More informationthe steps that IS Services should take to ensure that this document is aligned with the SNH s KIMS and SNH s Change Requirement;
Shaping the Future of IS and ICT in SNH: 2014-2019 SNH s IS/ICT Vision We will develop the ICT infrastructure to support the business needs of our customers. Our ICT infrastructure and IS/GIS solutions
More informationThe challenges of the NIS directive from the viewpoint of the Vienna Hospital Association
The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1 Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the
More informationPOWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS
POWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS Prepared by: Approved by: Chief Procurement Officer John Baskerville Chief Executive File number: D2015/65737 June 2015 MANAGEMENT
More information13967/16 MK/mj 1 DG D 2B
Council of the European Union Brussels, 4 November 2016 (OR. en) 13967/16 'I/A' ITEM NOTE From: To: General Secretariat of the Council No. prev. doc.: 11911/3/16 REV 3 No. Cion doc.: 11013/16 Subject:
More informationResearch Infrastructures and Horizon 2020
Research Infrastructures and Horizon 2020 Christos VASILAKOS DG Research & 1 st CoPoRI Workshop on EoE 11-12 June 2012 Hamburg, DE The EU Framework Programme for Research and 2014-2020 Research and Europe
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationNew Zealand Government IBM Infrastructure as a Service
New Zealand Government IBM Infrastructure as a Service A world class agile cloud infrastructure designed to provide quick access to a security-rich, enterprise-class virtual server environment. 2 New Zealand
More informationTHE CYBER SECURITY ENVIRONMENT IN LITHUANIA
Executive summary of the public audit report THE CYBER SECURITY ENVIRONMENT IN LITHUANIA 9 December 2015, No. VA-P-90-4-16 Full audit report in Lithuanian is available on the website of the National Audit
More informationM a d. Take control of your digital security. Advisory & Audit Security Testing Certification Services Training & Awareness
M a d Take control of your digital security Advisory & Audit Security Testing Certification Services Training & Awareness Safeguarding digital security is a profession The digitalisation of our society
More informationSecuring Europe's Information Society
Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1 Agenda ENISA overview Challenges EU
More informationRESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016
RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016 HunterNet Co-Operative Limited T: 02 4908 7380 1 P a g e RESPONSE TO 2016 DEFENCE WHITE PAPER APRIL 2016 Project Manager Marq Saunders, HunterNet Defence
More informationEISAS Enhanced Roadmap 2012
[Deliverable November 2012] I About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private
More informationMid-Kent ICT Services Technology Strategy. Author: Tony Bullock Date: September 2013 Version: 019
Mid-Kent ICT Services Technology Strategy Author: Tony Bullock Date: September 2013 Version: 019 Contents Background and purpose... 2 Key deliverables... 3 Benefits... 3 Principles... 3 Work anywhere,
More informationNew Zealand Government IbM Infrastructure as a service
New Zealand Government IbM Infrastructure as a service Global leverage / local experts World-class Scalable Agile Flexible Fast Secure What are we offering? IBM New Zealand Government Infrastructure as
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationPREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.
PREPARE FOR TAKE OFF Accelerate your organisation s journey to the Cloud. cloud. Contents Introduction Program & Governance BJSS Cloud Readiness Assessment: Intro Platforms & Development BJSS Cloud Readiness
More informationStrategy for information security in Sweden
Strategy for information security in Sweden 2010 2015 STRATEGY FOR SOCIETAL INFORMATION SECURITY 2010 2015 1 Foreword In today s information society, we process, store, communicate and duplicate information
More informationIT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive
IT Governance ISO/IEC 27001:2013 ISMS Implementation Service description Protect Comply Thrive 100% guaranteed ISO 27001 certification with the global experts With the IT Governance ISO 27001 Implementation
More informationPSICTSA (MAMPU) DGCCR (JPA) Public Sector ICT Strategic Plan (PSICTSA) outlines the strategic ICT development direction for Public Sector
1 PSICTSA (MAMPU) DGCCR (JPA) (JPA) Public Sector ICT Strategic Plan (PSICTSA) outlines the strategic ICT development direction for Public Sector Digital Government Competency and Capability Readiness
More informationCONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE
CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 18-19 APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 At the Trieste Western Balkans Summit, we stressed the importance of the
More informationIT Governance Framework at KIT
[unofficial English version; authoritative is the German version] IT Governance Framework at KIT 1. Recent situation and principle objectives Digitalization increasingly influences our everyday life at
More informationNEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES
NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES Kristina Doda & Aleksandar Vanchoski Budapest, CEPOL conference 2017 New technologies - new social interactions and economic development - need
More information79th OREGON LEGISLATIVE ASSEMBLY Regular Session. Senate Bill 90
th OREGON LEGISLATIVE ASSEMBLY-- Regular Session Senate Bill 0 Printed pursuant to Senate Interim Rule. by order of the President of the Senate in conformance with presession filing rules, indicating neither
More informationNIS Directive : Call for Proposals
National Cyber Security Centre, in Collaboration with the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS) Summary NIS Directive : Call for Proposals Closing date: Friday
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More informationIN THE FRAME. Computacenter Public Sector Frameworks FRAMEWORK
IN THE FRAME Computacenter Public Sector Frameworks FRAMEWORK SOLUTION PUBLIC SECTOR FRAMEWORK ACCELERATE TRANSFORMATION Put digitalisation in the fast lane with cost-effective, compliant and centralised
More informationSecurity Director - VisionFund International
Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone
More informationCommercial transformation, procurement and R&D
Commercial transformation, procurement and R&D Purpose For discussion and direction. Summary As part of the fire reform agenda the Home Office is keen for the fire and rescue sector to deliver greater
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationAccelerate Your Enterprise Private Cloud Initiative
Cisco Cloud Comprehensive, enterprise cloud enablement services help you realize a secure, agile, and highly automated infrastructure-as-a-service (IaaS) environment for cost-effective, rapid IT service
More informationAMERICAN CHAMBER OF COMMERCE IN THAILAND DIGITAL ECONOMY POSITION PAPER
AMCHAM Background AMCHAM Thailand was formed in 1956 with a membership of 8 American companies and 60 American nationals. Today, AMCHAM has over 650 members, comprising 2,000 executives and professionals.
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationCyber Security Beyond 2020
Paulo Empadinhas Steve Purser NLO meeting ENISA Athens 26/04/2017 European Union Agency for Network and Information Security Main findings ENISA s current tasks and product portfolio shall be retained.
More informationEGM, 9-10 December A World that Counts: Mobilising the Data Revolution for Sustainable Development. 9 December 2014 BACKGROUND
A World that Counts: Mobilising the Data Revolution for Sustainable Development 9 December 2014 BACKGROUND 1 Creation of the group Establishment of an Independent Expert Advisory Group on the Data Revolution
More informationThe Defence Nuclear Enterprise: a landscape review
A picture of the National Audit Office logo Report by the Comptroller and Auditor General Ministry of Defence The Defence Nuclear Enterprise: a landscape review HC 1003 SESSION 2017 2019 22 MAY 2018 4
More informationNational Open Source Strategy
National Open Source Strategy Ministry of Communications & Information Technology - Egypt June 2014 Outline Background Vision & Mission Preliminary Targets Strategic Objectives Enablers Ministry of Communications
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion
More informationRegulation for the accreditation of product Certification Bodies
Title Reference Regulation for the accreditation of product Certification Bodies RG-01-03 Revision 00 Date 2014-04-14 Preparation Approval Authorization of issue Application date Director of the Dept.
More informationCloud First: Policy Not Aspiration. A techuk Paper April 2017
Cloud First: Policy Not Aspiration A techuk Paper April 2017 2 Cloud First: Policy Not Aspiration Introduction As more organisations begin to use cloud computing as part of the evolution of their business
More informationROLE DESCRIPTION IT SPECIALIST
ROLE DESCRIPTION IT SPECIALIST JOB IDENTIFICATION Job Title: Job Grade: Department: Location Reporting Line (This structure reports to?) Full-time/Part-time/Contract: IT Specialist D1 Finance INSETA Head
More informationVdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe
Author Date VdTÜV-WG Cybersecurity October, 3 rd 2015 VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe VdTÜV e.v. welcomes the Communication on a
More informationNext-generation Nødnett in commercial networks Approach for further work
Next-generation Nødnett in commercial networks Approach for further work Memorandum prepared jointly by the Norwegian Directorate for Civil Protection (DSB) and the Norwegian Communications Authority (Nkom)
More informationU.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan
U.S. Japan Internet Economy Industry Forum Joint Statement 2013 October 2013 Keidanren The American Chamber of Commerce in Japan In June 2013, the Abe Administration with the support of industry leaders
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationNATIONAL INFRASTRUCTURE COMMISSION CORPORATE PLAN TO
NATIONAL INFRASTRUCTURE COMMISSION CORPORATE PLAN 2017-18 TO 2019-20 CONTENTS Introduction 3 Review of period from October 2015 to end 2016 3 Corporate Governance 4 Objectives and Business Activity Plan
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationCHAPTER 13 ELECTRONIC COMMERCE
CHAPTER 13 ELECTRONIC COMMERCE Article 13.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationSwedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation
Think Cloud Compliance Case Study Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation Customer details : Collector Bank - Sweden 329 employees www.collector.se/en Banking
More information***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)
European Parliament 2014-2019 Committee on Industry, Research and Energy 2018/0328(COD) 7.12.2018 ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council establishing
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationTechnical Conference on Critical Infrastructure Protection Supply Chain Risk Management
Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management Remarks of Marcus Sachs, Senior Vice President and the Chief Security Officer North American Electric Reliability
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationUSA HEAD OFFICE 1818 N Street, NW Suite 200 Washington, DC 20036
US-China Business Council Comments on The Draft Measures for Security Review of Online Products and Services March 6, 2017 On behalf of the more than 200 members of the US-China Business Council (USCBC),
More informationCall for Expressions of Interest
Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...
More informationPrivacy Impact Assessment
Automatic Number Plate Recognition (ANPR) Deployments Review Of ANPR infrastructure February 2018 Contents 1. Overview.. 3 2. Identifying the need for a (PIA).. 3 3. Screening Questions.. 4 4. Provisions
More information2017 Company Profile
2017 Company Profile LITS Lead Technology Services 10/2/2017 INTRODUCTION Leading Innovative Technology Solutions (LITS) Lead Innovative Technology Services is an affirmative and black economic empowerment
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationEU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know
EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive
More informationSymantec Data Center Transformation
Symantec Data Center Transformation A holistic framework for IT evolution As enterprises become increasingly dependent on information technology, the complexity, cost, and performance of IT environments
More informationGlobal Infrastructure Connectivity Alliance Initiative
Global Infrastructure Connectivity Alliance Initiative 1. Background on Global Infrastructure Connectivity Global Infrastructure Connectivity refers to the linkages of communities, economies and nations
More informationCyber Security and Cyber Fraud
Cyber Security and Cyber Fraud Remarks by Andrew Ross Director, Payments and Cyber Security Canadian Bankers Association for Senate Standing Committee on Banking, Trade, and Commerce October 26, 2017 Ottawa
More informationService Improvement Review of Guarding:
Appendix 1 Service Improvement Review of Guarding: Management Summary August 2005 Not Protectively Marked Protective Marking Not Protectively Marked Publication Scheme Y/N Title N SIR - PO4/251b Version
More informationM&A Cyber Security Due Diligence
M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security
More informationReference Framework for the FERMA Certification Programme
Brussels, 23/07/2015 Dear Sir/Madam, Subject: Invitation to Tender Reference Framework for the FERMA Certification Programme Background The Federation of European Risk Management Associations (FERMA) brings
More informationAngela McKay Director, Government Security Policy and Strategy Microsoft
Angela McKay Director, Government Security Policy and Strategy Microsoft Demographic Trends: Internet Users in 2005.ru.ca.is.uk.nl.be.no.de.pl.ua.us.fr.es.ch.it.eg.il.sa.jo.tr.qa.ae.kz.cn.tw.kr.jp.mx.co.br.pk.th.ph.ng.in.sg.my.ar.id.au
More informationTurning partnership into success
Turning partnership into success Into the future with intelligent solutions IT infrastructure: Flexible. Standardised. A perfect fit. Why Rittal? As a global leader in the supply of IT infrastructure,
More informationCommonwealth Cyber Declaration
Commonwealth Cyber Declaration Recognising that the development of cyberspace has made a powerful contribution to the economic, social, cultural and political life of the Commonwealth; Underlining that
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationToday s cyber threat landscape is evolving at a rate that is extremely aggressive,
Preparing for a Bad Day The importance of public-private partnerships in keeping our institutions safe and secure Thomas J. Harrington Today s cyber threat landscape is evolving at a rate that is extremely
More informationData Protection System of Georgia. Nina Sarishvili Head of International Relations Department
Data Protection System of Georgia Nina Sarishvili Head of International Relations Department 14/12/2016 Legal Framework INTERNATIONAL INSTRUMENTS CoE 108 Convention AP on Supervisory Authorities and Trans-
More information13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)
AGENDA ADDENDU TE REGULAR EETING OF TE AUDIT COITTEE COITTEE PUBLIC SESSION Tuesday, June 6, 2017 6:30 P.. Pages 13. Staff Reports 13.f Toronto Catholic District School Board's IT Strategic Review - Draft
More informationBest practices in IT security co-management
Best practices in IT security co-management How to leverage a meaningful security partnership to advance business goals Whitepaper Make Security Possible Table of Contents The rise of co-management...3
More informationTurning Risk into Advantage
Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationICT FUNCTIONAL LEADERSHIP: PROGRESS REPORT OCTOBER 2016 TO MARCH 2017
Office of the Minister of Internal Affairs IN-CONFIDENCE Chair Cabinet Committee on State Sector Reform and Expenditure Control ICT FUNCTIONAL LEADERSHIP: PROGRESS REPORT OCTOBER 2016 TO MARCH 2017 Purpose
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationCONCLUSIONS AND RECOMMENDATIONS
Chapter 4 CONCLUSIONS AND RECOMMENDATIONS UNDP and the Special Unit have considerable experience in South-South cooperation and are well positioned to play a more active and effective role in supporting
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationEDA CE SPEECH CF SEDSS II WARSAW CONFERENCE. Allow me to join the Deputy Defence Minister in extending a warm welcome to all of you also from my side.
EDA CE SPEECH CF SEDSS II WARSAW CONFERENCE Date Time Place 16/10/2018 09:25 09:40 Radisson Blu Centrum Hotel Plenary room POLANIA 1 & 2 CHECK AGAINST DELIVERY Ladies and Gentlemen, Dear conference participants,
More informationAccelerating Cloud Adoption
Accelerating Cloud Adoption Ron Stuart July 2016 Disruption Disruption is the new normal Globally interconnected, convenient and more efficient than ever before NZ Government challenge is to use disruptive
More informationINTELLIGENCE DRIVEN GRC FOR SECURITY
INTELLIGENCE DRIVEN GRC FOR SECURITY OVERVIEW Organizations today strive to keep their business and technology infrastructure organized, controllable, and understandable, not only to have the ability to
More informationSecurity and resilience in Information Society: the European approach
Security and resilience in Information Society: the European approach Andrea Servida Deputy Head of Unit European Commission DG INFSO-A3 Andrea.servida@ec.europa.eu What s s ahead: mobile ubiquitous environments
More informationINCEPTION IMPACT ASSESSMENT. A. Context, Problem definition and Subsidiarity Check
TITLE OF THE INITIATIVE LEAD DG RESPONSIBLE UNIT AP NUMBER LIKELY TYPE OF INITIATIVE INDICATIVE PLANNING December 2017 ADDITIONAL INFORMATION - INCEPTION IMPACT ASSESSMENT Governmental Satellite Communications
More information