Challenges and Role of Standards in Building Interoperable e-governance Solutions

Transcription

1 24 Compendium of e-governance Initiatives CHAPTER in India 3 Challenges and Role of Standards in Building Interoperable e-governance Solutions Renu Budhiraja Director e-governance Group, Department of Information Technology Ministry of Communications and Information Technology Government of India renu@mit.gov.in ABSTRACT Standards lay the foundation for a sound e-governance architecture, which should be open and technology neutral bringing vendor independence. Standards based implementations can be customized easily thereby enabling faster deployment. Standards facilitate interoperability and enable joined up services. Today with e-enabling of the various government documents and data, long term archival formats which are vendor independent is critical. The author has tried to being out the areas of immediate concern in standardization in India, the methodology being adopted and the processes put in place. Further, while standards are critical in ensuring interoperable solutions, there is a need for government to go one step ahead by creating standards based core middleware infrastructure which can act as a catalyst in ensuring standards based architectures for any e-governance implementation. Next, important step for government is to have a mechanism in place to ensure compliance to the laid standards and standards based infrastructure. This would also help the users gain confidence that the e-governance solutions are secure, usable and meet regulations. The paper talks about various areas of compliance to be considered and the Government of India initiative in this direction. 1. Introduction Most often e-government initiatives suffer delays and encounter failures as the implementation agencies lack guidance in the above areas. The investments in e-governance tend to produce sub-optimal results in the absence of standards. It is therefore critical to lay down suitable policies, guidelines and specifications in the above areas to facilitate faster proliferation of e-governance applications. Further, with multiple players and agencies increasingly becoming involved in the e-governance initiatives, standards for e-governance in

2 Challenges and Role of Standards in Building Interoperable 25 India have become an urgent imperative. In the absence of such standards and suitable e-governance architecture, difficulties will be encountered when ICT systems from different organizations have to interoperate. 2. Challenges in the e-governance Solution Implementations Today Complex e-governance Projects An e-governance application is very resource intensive. It normally spread across multiple locations and supports multiple delivery channels. It is hence important to have solutions that are technology neutral, cost effective, easily replicable and scalable. Public Private Partnership (PPP) Considering the fact that government has limited internal technical skills and the cost of any e-governance solution is very high, PPP is the way to go. However, there are concerns w.r.t vendor lock-in and exit management (after the contact period or even before in case there are issues with the vendor) that need to be addressed. Sharing of data across various e-governance implementations (e.g., Unique ID, Passport, Land records, Police, etc.) One of the key benefits that a citizen is looking at from the e-governance initiatives is a single window access to various government services no matter which department is giving the service behind. To achieve this, there is a need to be able to seamlessly share data across the applications. Standards like XML, SOAP, Web services are required. Data accessibility and Preservation formats This is the most important concern of the government today to be able to preserve the government data in the format which does not tie you with one vendor software to retrieve the achieved data. Clear definition of Open Standards and the suitable format for e-governance is the direction which government is taking. Identifying commonalities across states/depts. to devise re-usable Services, processes, forms. Etc. Process standardization is also very important, more so with multiple players trying to implement the same solution, there is a need to provide the requisite standards and also lay the necessary compliance mechanism.

3 26 Compendium of e-governance Initiatives in India Localization/multi-language support (Unique ID integrating vernacular language databases) The e-governance has an impact only when the services to the citizens are made available in their respective language. However, this is a challenge that needs to be addressed by laying clear standards and guidelines w.r.t the fonts, storage, input etc Security Issues While there are clear standards like ISO and ISO for IT security management and IT service management which are presently being used by various e-governance applications however it has been seen that the concerns of the respective departments which regard to the Data and Application security and control are still not adequately addressed. Reasons include lack of adequate knowledge and understanding on the various management controls on these standards by the departments, policies like Access control and Security not made very comprehensive, the Controls in the International Standards need to be made more prescriptive as per our requirements, and also the RFP should highlight the concerns of the government department with respect to the requisite strategic controls clearly. 3. Government of India Initiatives with Respect to Standardization 1. Formulation of standards 2. Standards based middleware infrastructure National e-governance Service Delivery Gateway (NSDG) 3. Compliance and Certification framework and infrastructure We would now take the above in more detail 3.1. Formulation of Standards Department of Information Technology (DIT), Ministry of Communications and Information Technology, Government of India (GoI) is driving the National e-governance Plan (NeGP) which seeks to create the right governance and institutional mechanisms and implement a number of Mission Mode Projects at the Centre & State government. Standards in egovernance are a high priority activity, which will ensure sharing of information and seamless interoperability of data and egovernance applications under NeGP. DIT had constituted a Core group on Standards to arrive at an Institutional Mechanism and Processes to be put in place and recommend key areas for standardization. The Core group had examined various aspects of the Standards-setting exercise and made suitable recommendations.

4 Challenges and Role of Standards in Building Interoperable 27 Some of the key priority areas of immediate concern that have been identified for standardization are: 1. National Policy on Open Standards for e-governance 2. Interoperability Framework for Data Access, Presentation including Data Preservation, Publication, Archival, e-forms, etc. 3. Enterprise Architecture framework for NeGP 4. Indian Languages related issues with respect to storage, browser, fonts, keyboard, data dictionary, etc. 5. Network and Information Security Standards 6. Metadata and Data Standards for e-governance Applications 7. Digital Signature interoperability 8. Finger Prints Institutional Mechanism and Processes Setup As regards the institutional mechanism and processes are concerned, an apex body has been constituted under the chairmanship of Secretary, DIT, with senior representatives from Government, NASSCOM, Bureau of Indian Standards (BIS), etc., with a mandate to approve, notify and enforce the standards formulated by various Working Groups and to oversee that they are in accordance with international practices in this regard. National Informatics Centre (NIC) is the DIT arm with a presence in all the States and Districts in the country. It has a large pool of technical officers. NIC provides a range of services to all the government departments at the Centre, States and Districts. National Informatics Centre (NIC) has been entrusted with the task of steering the Standardization activity. A separate e-governance Standards Division has been created by NIC for this. It has been found that there is a need for core domain experts in the above areas to generate the drafts which can be deliberated in the WGs with members from industry, academia etc. Hence, an Open Technology Centre (OTC) setup in Chennai by NIC is setting up these expert groups. Once the standards are deliberated in the WGs and published for public comments, they would be submitted to the Apex Body. Once the Apex Body approves the standards developed by Working Groups, STQC will be responsible for release of these approved Standards on the web and make them available to all the stakeholders for free download. STQC will further ensure conformance & certification (where required) of these standards. A separate e-governance Division has been created by STQC for this purpose. Subsequent to the issuing of these initial standards, STQC will be responsible for enhancement of these standards and liaise with the national & international standardization bodies for harmonization and acceptance of these standards. (STQC Standardisation, Testing and Quality Certification, is the Directorate of DIT with offices across the country. It provides Services in Quality & Information Security with specialization in Testing, assessment and evaluations using International Standards to Indian industry and users)

5 28 Compendium of e-governance Initiatives in India The e-governance Division of NIC and STQC function in close coordination with e-governance PMU of DIT, which is responsible for overseeing their working. Fig. 1 Policy on Open Standards for e-governance GOI has decided to use Open Standards in e-governance implementations. Though largely the Principles of Open Standards are the same across various international organizations and countries, some of the critical issues w.r.t licensing, support for multiple standards, etc., differ based on the National interest and requirement. Hence, a clear Policy on Open Standards for e- Governance in India covering the mandatory and desirable Characteristics of an Open Standard is required. In the above context, GOI constituted a Specialist Committee comprising of members from the government and academia to arrive at the necessary and desirable characteristics of an Open Standard. Based on the recommendations of the Specialist Committee, a draft Policy has been prepared. After wider consultation on the draft, government will announce the National Policy on Open Standards. The key objective of this Policy is: To ensure interoperability and facilitate data interchange. To enable Government Data and Documents to be stored in open file format To reduce over-reliance on proprietary technologies/products A website on Standards has been constituted which apart from publishing the various activities being carried out by the NIC, Working Groups and other players also facilitates closed collaboration and interaction with the various stakeholders. The Website address is

6 Some Drafts on Standards Challenges and Role of Standards in Building Interoperable 29 Technical Standards Interoperability Framework for e-governance applications nearing completion (Publishing, e-forms, archival, authoring, presentation, data integration etc.) Enterprise Architecture Framework for NeGP at an initial stage Metadata and Data Standards Generic Data elements including their formats, applicable horizontally to various e-governance applications under finalisation Conformity Assessment Framework for audit, compliance and certification of e-governance application by a 3rd party prepared Network and Information Security e-governance Information Security Standard - Based on IS/ISO/IEC plus drafted suited to the e-governance applications Localization and Language Technology Standards Draft recommendations on the OS support, content creation, resources and tools, Search Engine supporting local language, localized application 3.2. National e-governance Service Delivery Gateway (NSDG) Middleware for Interoperability The National e-governance Plan (NeGP) of the Govt. of India aims to make all Government services accessible to the common man in his locality, through common service delivery outlets and ensure efficiency, transparency and reliability of such services at affordable costs to realise the basic needs of the common man. One of the goals of the Government to meet this vision is the need to cooperate, collaborate and integrate information across different departments in the Centre, States and Local Government. Government systems characterised by islands of legacy systems using heterogenous platforms and technologies and spread across diverse geographical locations, in varying state of automation, make this task very challenging. The National egovernance Service Delivery Gateway (NSDG), a MMP under the NeGP, can simplify this task by acting as a standards based messaging switch and providing seemless interoperability and exchange of data across. Vision of NSDG The emergence of many e-governance applications for different departments to provide online services to citizens, businesses and government would require increasing interactions amongst departments and with external agencies at various levels in Government.

7 30 Compendium of e-governance Initiatives in India Fig. 1 Departments would need to develop connectors/adaptors for point to point connections between departments creating a mesh as shown in figure and also tight coupling between applications. This would lead to applications difficult to maintain and upgrade in case of version change and change in government policies and business rules. The National e- Governance Service Delivery Gateway (NSDG) is an attempt to reduce such point to point connections between departments and provide a standardized interfacing, messaging and routing switch through which various players such as departments, front-end service access providers and back-end service providers can make their applications and data inter-operable. The National e-governance Service Delivery Gateway (NSDG) aims to achieve a high order of interoperability among autonomous and heterogeneous entities of the Government (in the Centre, States or Local bodies), based on a framework of e-governance Standards. It is envisaged to have constellation of Gateways across the country with a National Services Directory to resolve and the addresses of the Gateways and the government services they serve. Gateway Standards The gateway achieves integration amongst diverse set of applications built on varying platforms through compliance with a set of e-governance Specifications- Interoperability Interface Protocol and Interoperability Interface Specifications (IIP/IIS) that are based on open standards such as the W3C XML and SOAP specifications. The entire set of Gateway specifications developed for the Gateway messaging and support/common services are Interoperability Interface Specification (IIS) Interoperability Interface Protocol (IIP) Inter Gateway Interconnect Specification (IGIS)

8 Challenges and Role of Standards in Building Interoperable 31 Gateway Common Services Specification (GCSS) 3.3 Compliance and Certification Framework and Infrastructure One of the important aspect for a successful g-governance solution is to gain confidence of the users that the solutions are secure, usable and meets regulations. This assurance can be provided by assessing quality and security conformance to the users requirements (RFP), best practices, international standards etc. To achieve this it is important that systems are evaluated by Third Party (Vendor independent) which is impartial, technically competent and transparent in their operations. Compliance audits give assurance that the project meets the: Requirements, standards and specification Software, IT Infrastructure Non IT Infrastructure Service Level Agreements (SLA) Avoid large scale post-testing modifications Key areas of Compliance to be covered in an e-governance Solution before and after Go-live. 1. The quality of software to a Quality Model addressing requirements of functionality, interoperability, security, reliability, usability, performance scalability, maintainability etc. 2. Solution development and deployment process 3. Security of e-governance information system addressing technological, management and operation control by means of ISMS assessment, penetration testing, vulnerability assessment etc. 4. The effectiveness of the management of IT Services for compliance with the service level agreements and other associated processes. 5. Compliance of IT and non-it infrastructure with the user requirements. 6. Compliance with applicable standards and best practices 7. Policies and procedures with respect to data centre, back-up, storage, DR 8. Compliance with applicable regulations (IT Act, RTI Act, DOPT Rules and domains specific (Ministries) Act and Rules) To ensure compliance in the above areas, the RFP must be documented very well ensuring the scope of work with respect to the third party compliance audit is covered adequately. In terms of modality of execution, this could be got done either by the user department or the solution provider. However, it would be best if done by the user department as this would eliminate any bias in the selection of the third party auditor. Many a times various e-governance applications do not include the cost of such compliance audits as a part of the project cost which normally is less than 10% of the total project cost. It would also be a good idea to ask the auditor to provide various certifications like 9126, ISO 27001, ISO etc. to the e-governance solution. This will help in generating further confidence. The compliance audits should be done on regular basis.

9 32 Compendium of e-governance Initiatives in India Under the NeGP, various Mission Mode Projects are going ahead independently for end to end compliance audits of their e-governance solutions. Some of them are getting it done by a single agency while others are getting it from multiple agencies. Considering the fact that this is critical for the successful implementation of any e-governance solution, GOI is in the process of initiating Conformity Assessment Centres across the country. The objective of the project is to develop techniques, methodologies and framework for assessing conformity of e-governance solution to the user requirements, best practices and the applicable regulations. It is also intended to provide conformity assessment services through a network of competence centres spread over nationwide. STQC which is a Directorate of DIT with offices across the country is already is being strengthened to provide these services. 4. Conclusion While Standards are key to the successful implementation of e-governance projects ensuring interoperability and integrated services, Compliance audits will ensure the requisite confidence in these e-services. References 1. STQC Project proposal on Conformity Assessment Centre 2. DIT s approach paper on Standards.