CASE 8: Procurement of public key infrastructure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "CASE 8: Procurement of public key infrastructure"

Transcription

1 CASE 8: Procurement of public key infrastructure Uni. Athens / CERES Country / region Netherlands Short description This is the case of an integrated central e-government infrastructure for issuing and using Public Key Certificates (PKC). These certificates allow any type of electronic transaction between citizens and public services or among the services of the public sector validated by electronic signature. The procurement involved the development, installation and maintenance of a top level system aiming at servicing the entire public administration. The innovative aspect of the procurement was that an integrated infrastructure was set up, allowing each public employee and each citizen to be e-authenticated in order to access this infrastructure using public key certificates. Another innovative aspect is that the infrastructure was consistent with both the European (developed by EESSI) and international standards (mostly developed by IETF). This condition allows the generalised use of the service, while it assures full compatibility, meaning that any authorised certificate service provider (CSP) can join the system. The technology existed by the time of the procurement, but the standardisation process was still evolving and it was the first time that a system like that had to be developed to serve applications of such a large scale. The company selected to implement the project is the PinkRoccade. The budget allocated was Euro (excluding VAT) including: the initial investment for the creation of the PKI root infrastructure and operational costs for a 6 year period. Procuring agency and policy background The procurement was part of the actions of the Dutch government for the modernisation of the public sector. A task force, PKIoverheid, was set up in 1999 to develop the requirements (Programma van Eisen) for the public key infrastructure (PKI). The introduction of such an infrastructure was mandatory according to the Directive 1999/93/EU for the application of electronic signatures in the public sector. The standards were developed by the ICT Standards Board (ICTSB) in the context of the European Electronic Signature Standardisation Initiative (EESSI). The PKIoverheid was later incorporated into a broader organisation created in 2001 by the Dutch Ministry of the Interior named ICTU (Information and Communications 3

2 Technology Unit). The ICTU was entrusted with the structural development of e- government. Its main aim is to advise the public sector on ICT applications and to implement large scale ICT projects on behalf of the Dutch government. Each one of its programmes focuses in the interaction between government and citizens enabled by ICTs. In this context, ICTU is responsible for the organisation and implementation of ICT public procurement, complying with the European Directives and the national legal framework. The success and impact The project succeeded in technological terms and the diffusion of the system in the entire public sector is now taking place: The PKI is increasingly being used in securing websites of the municipalities, government agencies and other public sector sites. PKI government certificates are currently being used by the healthcare personnel (400,000 people) and all Defence Department personnel (100,000 people), while by 2006 PKI certificates will be included in the electronic citizen ID card and a rollout of several million people is expected. An additional indication of success (leading to higher utilisation) was the inclusion of the certificate of the Dutch government PKI in the most recent versions of the most popular web-browsers (MS Internet Explorer, Mozilla Firefox) as a trusted certificate.1 The management skills and the expertise of the ICTU have been well recognised and ICTU experts are frequently invited to speak in seminars and expert groups on PKI and e-authentication. Procurement cycle Identification of requirements The Taskforce PKIoverheid during conducted a demand analysis in the public sector. This information was utilised for the establishment of the technological requirements, along with the list of requirements set up by careful analysis of the European standards of EESSI (where members of the Taskforce participated actively). The final description of the technological requirements was prepared by the Taskforce PKIoverheid in cooperation with external experts. Market intelligence (market research etc.) Taskforce PKIoverheid during made the necessary market and product research. The Taskforce cooperated with the TTP.NL project, which constituted a 1 Not all public key certificates are supported by the web browsers, which means that they don t allow the encryption to take place in the corresponding computer. Including the Dutch certificate demonstrates both its potential and the determination of the Dutch government to make it as user friendly as possible.

3 voluntary accreditation scheme for electronic signature service providers in the Netherlands and also performed trial audits in several organisations. Through the TTP.NL project, the Taskforce PKIoverheid was kept informed on market developments. The authentication mechanisms of the new infrastructure constituted at that time an untested technology. Despite the technological risks associated with the early stage of the standards, ICTU supported the procurement based on the assessment that the full exploitation of the potential of the new technology would lead to the minimisation of bureaucratic processes and the effective transaction within and with the public sector. The establishment of a secure system allowing for the electronic exchange of official public documents and their verification with electronic signature was considered as an integral part of this effort. This assessment was based on a demand level analysis. A working group composed of legal and technical experts was set up in order to tackle all technical issues concerning the establishment of the infrastructure and to secure the feasibility of the project in terms of compliance with the legal and institutional framework (governing public sector operations and data protection etc). Tendering process The tendering process was implemented by Taskforce PKIoverheid in cooperation with the Ministry of Interior (BZK). The Taskforce first determined whether the installation, maintenance and operation of the PKI could be assigned to an existing government organisation, but eventually it was decided to proceed with a public tender. Potential suppliers were asked to provide a plan for implementing a secure PKI root infrastructure. In cooperation with internal and external experts employed in the project for nine months, the Taskforce organised the tendering material and process. The set of technical requirements was already prepared, so, more effort was placed upon the preparation of a model agreement that was describing all legal requirements, including security guarantees and liability qualities of the tenderer. The degree of compliance of this model agreement was part of the selection criteria (see below). An international call for tenders was published in the Journal of Official Publications of the European Union at the end of December Assessing/awarding For the assessment of the contract the Taskforce PKIoverheid in cooperation with the Ministry of Interior employed a number of internal and external evaluators. The set of the evaluation criteria was divided into three sections: 1. Accomplishment of the technical requirements: The tenderer should prove his experience and provide a coherent proposal on how he was going to fulfil the 5

4 technical and operational requirements of the project. 2. Financial issues: For the financial evaluation two separate cost drivers were considered: (a) costs related to the initial provision and overall technical support on PKI and (b) variable costs depending on to the amount of certificates issued. 3. Compliance with the model agreement: The tenderer should prove how he could accomplish the requirements of the articles of the agreement, especially as far as liability and security guarantees are concerned. The security guarantees by the service provider (rather than cost effectiveness) was the most significant criterion for the selection of the supplier. Contracting and management of the contract From the received tenders the company of PinkRoccade Infrastructure services was selected to host the root infrastructure, due to their proven track record of secure and reliable e-government services and PKI technology. The contract (in the form of a Service Level Agreement) was signed in August 2002 between the PinkRoccade and the Ministry of Interior. PinkRoccade had to supply the root certificate (a kind of electronic authentication seal attached to each new key certificate produced) and the central infrastructure. The duration of the contract was 6 years. A few months later, in December 2002, the root certificate for the Dutch government PKI was generated at PinkRoccade and used to sign the domain certificates of the Government, Business and Citizen domains. The monitoring mechanism includes the following: The submission to the PKIoverheid of monthly reports by PinkRoccade in which the company provides detailed evidence on its compliance with the Service Level Agreement. There are periodic meetings (about 2-3 times per year) between PKIoverheid and PinkRoccade representatives to discuss the status of the infrastructure. During these meetings PKIoverheid also checks the log files (track record of log-ins and certificates issued) kept by PinkRoccade. Independent auditors conduct annual WebTrust audits of the root infrastructure. Since the PKIoverheid infrastructure is also used for confidential electronic communication within the government, the Dutch Intelligence Service (AIVD) periodically audits the root infrastructure to ensure its security. Major reason for success 1. The system conformed to the requirements set by the 'Programma van Eisen' aiming at wide scale applications. This had not been done before elsewhere since most other national PKI's were based on a single, government owned monolithic certificate service provider, issuing certificates to the public.

5 2. The root certificate of the Dutch government PKI was recognisable and operational over web browsers such as Microsoft Internet Explorer and Mozilla, allowing for the wide diffusion of the technology among users. It is the first time that a national government root has been granted this feature. This is proved to be a very user-friendly characteristic in order to make the Dutch government PKI a widely used and trusted infrastructure. 3. The fact that the Ministry was prepared to finance the maintenance of the PKI for several years until the technology matures and a market emerges. Major impediments overcome For the procurement, the ICTU and the PKIoverheid had to work with standards and specifications which were still under development and not yet finalised by the European standardization institutes. The internal assessment helped overcome this impediment. It took time for the PKI to become a technology that was actually considered useful and necessary. At earlier stages PKIoverheid taskforce accepted significant negative publicity; it was not until very recently that the policy authorities and the wider public endorsed this innovative public spending. Major lessons to be learned 1. When implementing a large project involving the procurement of a nascent or unproven technology, government sponsoring and political support is of great importance. In this case the Ministry of Interior was prepared to finance and promote the project long enough, until the technology matured. A crucial question is how patient the procurer should be. Although there is no general optimum level of time-to-performance for a technology involving public spending, some guidelines are needed as to how patient clients could and should be. This is a major trade off that innovative procurement is required to look at. 2. When implementing an e-government tool for (in this case) e-authentication, it is very important for the success of the project that there are also practical business-cases in which the tool can be used. If there are no previous applications of the tool before its roll out, there is a very large likelihood of failure. PKIoverheid faced this problem until in recent years a stronger focus on user authentication and security has created viable business cases. 3. In the case of projects aiming at the development of tools or standards for digital security, it is very important that government bodies at a higher level stimulate the use of these tools / standards or (preferably) that their use is mandated in laws or regulations as a means to create a market. Otherwise government organisations will be very slow to adopt new security measures for which they see little usefulness and which they consider as expensive and restrictive. 7

6

MAXIMISING BROADBAND CONNECTIVITY ACROSS THE EU USING EUROPEAN FUNDING FOR SATELLITE BROADBAND ACCESS

MAXIMISING BROADBAND CONNECTIVITY ACROSS THE EU USING EUROPEAN FUNDING FOR SATELLITE BROADBAND ACCESS SUMMARY: MAXIMISING BROADBAND CONNECTIVITY ACROSS THE EU USING EUROPEAN FUNDING FOR SATELLITE BROADBAND ACCESS - IMPLEMENTING A VOUCHER SCHEME - DECEMBER 2013 1. The European Commission wishes to maximise

More information

17-11-05 ANNEX IV. Scientific programmes and initiatives

17-11-05 ANNEX IV. Scientific programmes and initiatives 17-11-05 ANNEX IV Scientific programmes and initiatives DG TAXUD Pre-feasibility study for an observation system of the External Border of the European Union In this study, the external border will be

More information

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures,

TTP.NL Scheme. for management system certification. of Trust Service Providers issuing. Qualified Certificates for Electronic Signatures, TTP.NL Scheme for management system certification of Trust Service Providers issuing Qualified Certificates for Electronic Signatures, Public Key Certificates, Website Certificates and / or Time-stamp

More information

ENGLAND EUROPEAN SOCIAL FUND OPERATIONAL PROGRAMME

ENGLAND EUROPEAN SOCIAL FUND OPERATIONAL PROGRAMME ENGLAND EUROPEAN SOCIAL FUND OPERATIONAL PROGRAMME 2014-20 GUIDANCE ON DOCUMENT RETENTION, INCLUDING ELECTRONIC DATA EXCHANGE, FOR 2014-20 ESF PROJECTS April 2016 ESF Document Retention Guidance Version

More information

Info sheet : Considering labour standards in the procurement process

Info sheet : Considering labour standards in the procurement process Info sheet : Considering labour standards in the procurement process In line with the EU procurement rules and the Government s value for money principle, contracting authorities can take steps to consider

More information

COMMISSION OF THE EUROPEAN COMMUNITIES

COMMISSION OF THE EUROPEAN COMMUNITIES EN EN EN COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 28.11.2008 COM(2008) 798 final COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

More information

Standard operating procedure

Standard operating procedure Standard operating procedure Title: Steps involved in outsourcing of services Status: PUBLIC Document no.: SOP/EMA/0083 Lead author Approver Effective date: 18-12-2014 Name: Caroline Maignen Name: Stefano

More information

QuoVadis Group. EUGridPMA Update September 2014

QuoVadis Group. EUGridPMA Update September 2014 QuoVadis Group EUGridPMA Update September 2014 Overview Founded in 1999 in Bermuda, with particular focus providing PKI managed services to multinational organisations More than 3,500 customers Operations

More information

Procurement Strategy The City Council s Procurement Strategy for the period

Procurement Strategy The City Council s Procurement Strategy for the period Procurement Strategy The City Council s Procurement Strategy for the period 2014-2016 1 Name Content Creator Darren Pearce, Strategic Manager Corporate Procurement, Stoke-on-Trent City Council darren.pearce@stoke.gov.uk

More information

To join Achilles UVDB, visit www.achilles.com/uvdb, call +44 (0)1235 861118 or email enquiries@achilles.com

To join Achilles UVDB, visit www.achilles.com/uvdb, call +44 (0)1235 861118 or email enquiries@achilles.com UVDB Achilles UVDB FAQ s About Achilles UVDB What is the Achilles UVDB Supplier Information Management Service? Achilles UVDB is the community for the UK utilities industry. It enables the utilities sector

More information

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015

Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities

More information

Brent Council Corporate Procurement Strategy 2005

Brent Council Corporate Procurement Strategy 2005 Brent Council Corporate Procurement Strategy 2005 The Corporate Management Team endorsed a Corporate Procurement Strategy in September 2003. A number of interim reports to the Corporate Management Team

More information

Table 1: FIDIC Quality Management COMPLIANCE Checklist

Table 1: FIDIC Quality Management COMPLIANCE Checklist Table 1: FIDIC Quality Management COMPLIANCE Checklist Aspects related to Risk Management have been inserted and highlighted in light blue The aspects that are required by CESA to be complied with by Single

More information

Commissioning and Procurement Strategy

Commissioning and Procurement Strategy Cardiff Council Commissioning and Procurement Strategy 2011-2015 Delivering Quality and Value Proud to Deliver Contents Foreword Part 1 - Introduction 1.1 Purpose of the Strategy 1.2 Why Commissioning

More information

Regulation on the implementation of the European Economic Area (EEA) Financial Mechanism 2009-2014

Regulation on the implementation of the European Economic Area (EEA) Financial Mechanism 2009-2014 the European Economic Area (EEA) Financial Mechanism 2009-2014 adopted by the EEA Financial Mechanism Committee pursuant to Article 8.8 of Protocol 38b to the EEA Agreement on 13 January 2011 and confirmed

More information

Call for tender: Workshop & Role play Design and Facilitation

Call for tender: Workshop & Role play Design and Facilitation Call for tender: Workshop & Role play Design and Facilitation 16/02/2016 Contents 1. Purpose of the tender... 3 2. EPF - General Information... 3 3. Description of the Seminar... 3 1.1. Objectives of the

More information

Regulation on the implementation of the Norwegian Financial Mechanism 2009-2014

Regulation on the implementation of the Norwegian Financial Mechanism 2009-2014 Regulation on the implementation of the Norwegian Financial Mechanism 2009-2014 adopted by the Norwegian Ministry of Foreign Affairs pursuant to Article 8.8 of the Agreement between the Kingdom of Norway

More information

THE NATIONAL CREDIT REGULATOR APRIL 2016 TERMS OF REFERENCE FOR A SERVICE PROVIDER TO AUDIT THE NCR PDA INTEREST ACCOUNT RFQ NUMBER: NCR356/04/16

THE NATIONAL CREDIT REGULATOR APRIL 2016 TERMS OF REFERENCE FOR A SERVICE PROVIDER TO AUDIT THE NCR PDA INTEREST ACCOUNT RFQ NUMBER: NCR356/04/16 THE NATIONAL CREDIT REGULATOR APRIL 2016 TERMS OF REFERENCE FOR A SERVICE PROVIDER TO AUDIT THE NCR PDA INTEREST ACCOUNT RFQ NUMBER: NCR356/04/16 DUE DATE: 29 APRIL 2016 1 GENERAL TERMS OF CONDITIONS 1.

More information

ISA Work Programme SECTION I

ISA Work Programme SECTION I ISA Work Programme SECTION I TABLE OF CONTENTS INTRODUCTION...4 1. THE CONTEXT...4 1.1. The need for the ISA programme...4 1.2. The political context...4 2. THE ISA PROGRAMME...5 3. THE EUROPEAN INTEROPERABILITY

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 114 thereof, 28.8.2014 Official Journal of the European Union L 257/73 REGULATION (EU) No 910/2014 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 23 July 2014 on electronic identification and trust services for electronic

More information

Annex 2: Rules and Procedures for the Swiss-Polish Cooperation Programme

Annex 2: Rules and Procedures for the Swiss-Polish Cooperation Programme Annex 2: Rules and Procedures for the Swiss-Polish Cooperation Programme Annex 2 is an integral part of the Framework Agreement between the Swiss Federal Council and the Government of the Republic of Poland

More information

ENGLAND EUROPEAN REGIONAL DEVELOPMENT FUND OPERATIONAL PROGRAMME

ENGLAND EUROPEAN REGIONAL DEVELOPMENT FUND OPERATIONAL PROGRAMME ENGLAND EUROPEAN REGIONAL DEVELOPMENT FUND OPERATIONAL PROGRAMME 2014-20 GUIDANCE ON DOCUMENT RETENTION, INCLUDING ELECTRONIC DATA EXCHANGE, FOR 2014-20 ERDF PROJECTS February 2016 DOCUMENT RETENTION,

More information

ABERDEEN CITY COUNCIL. Name of Committee : Resources Management Committee

ABERDEEN CITY COUNCIL. Name of Committee : Resources Management Committee ABERDEEN CITY COUNCIL Name of Committee : Resources Management Committee Date of Meeting : 29 March 2007 Title of Report : CRM System Procurement Lead Officer : Jacek Nowak, Head of Customer Relations

More information

Digital Britain One: Shared infrastructure and services for government online

Digital Britain One: Shared infrastructure and services for government online REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 1589 SESSION 2010 2012 9 DECEMBER 2011 Cross government Digital Britain One: Shared infrastructure and services for government online 4 Key facts Digital

More information

Efficiency and reform in government corporate functions through shared service centres

Efficiency and reform in government corporate functions through shared service centres REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 1790 SESSION 2010 2012 7 MARCH 2012 Cross government Efficiency and reform in government corporate functions through shared service centres 4 Key facts

More information

26.3.2014 A7-0365/133

26.3.2014 A7-0365/133 26.3.2014 A7-0365/133 Amendment 133 Amalia Sartori on behalf of the Committee on Industry, Research and Energy Report A7-0365/2013 Marita Ulvskog Electronic identification and trust services for electronic

More information

Network Rail Infrastructure Projects Joint Relationship Management Plan

Network Rail Infrastructure Projects Joint Relationship Management Plan Network Rail Infrastructure Projects Joint Relationship Management Plan Project Title Project Number [ ] [ ] Revision: Date: Description: Author [ ] Approved on behalf of Network Rail Approved on behalf

More information

Internal Audit Service LOCH LOMOND & THE TROSSACHS NATIONAL PARK AUTHORITY INTERNAL AUDIT PLAN

Internal Audit Service LOCH LOMOND & THE TROSSACHS NATIONAL PARK AUTHORITY INTERNAL AUDIT PLAN Internal Audit Service LOCH LOMOND & THE TROSSACHS NATIONAL PARK AUTHORITY INTERNAL AUDIT PLAN 2016-19 INDEX OF CONTENTS Page 1 Introduction 2 2 The Audit Planning Process 3 3 Monitoring the Plan 4 4 Annual

More information

Board of Member States ERN implementation strategies

Board of Member States ERN implementation strategies Board of Member States ERN implementation strategies January 2016 As a result of discussions at the Board of Member States (BoMS) meeting in Lisbon on 7 October 2015, the BoMS set up a Strategy Working

More information

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION

ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION ELECTRONIC SIGNATURES AND ASSOCIATED LEGISLATION This can be a complex subject and the following text offers a brief introduction to Electronic Signatures, followed by more background on the Register of

More information

RISQS FAQs. About RISQS. services provided by

RISQS FAQs. About RISQS. services provided by services provided by RISQS FAQs About RISQS RISQS, formerly known as Achilles Link-up, supports the GB Rail industry in the management of supply chain risk. The scheme has been developed to provide a service

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

FAQs Electronic residence permit

FAQs Electronic residence permit FAQs Electronic residence permit General 1) When was the electronic residence permit introduced? Since 1 September 2011, foreigners in Germany have been issued with the new electronic residence permit

More information

Merseyside Fire & Rescue Authority

Merseyside Fire & Rescue Authority Merseyside Fire & Rescue Authority PROCUREMENT STRATEGY 2015-2018 1 Version 1 June 2015 2 Document Version Control Issue No Date Issued by 1 9 th June 2015 Sharon Matthews CONTENTS 1. INTRODUCTION... 4

More information

House of Commons Corporate Governance Framework

House of Commons Corporate Governance Framework House of Commons Corporate Governance Framework What is Corporate Governance? 1. Good corporate governance is fundamental to any effective organisation and is the hallmark of any well-managed corporate

More information

R&D Administration Manager. Research and Development. Research and Development

R&D Administration Manager. Research and Development. Research and Development Document Title: Document Number: Patient Recruitment SOP031 Staff involved in development: Job titles only Document author/owner: Directorate: Department: For use by: RM&G Manager, R&D Administration Manager,

More information

eid/authentication/digital signatures in Denmark

eid/authentication/digital signatures in Denmark eid/authentication/digital signatures in Denmark 8. July 2008 Nikolas Triantafyllidis / Charlotte Jacoby Special Advisors Centre for Digital Signatures National IT- and Telecom Agency Authentication and

More information

PROCUREMENT STRATEGY

PROCUREMENT STRATEGY PROCUREMENT STRATEGY 2010 2014-1 - Contents SECTION Page 1. INTRODUCTION 3 2. THE STRATEGY RATIONALE 3 3. STRATEGIC OUTCOMES 5 4. SUPPORTING CORE BUSINESS DELIVERY 11 5. ENSURING EFFECTIVE PROCUREMENT

More information

Project Initiation Document

Project Initiation Document Project Sponsor: Richard Ellis Version: 1.0 Date: 2 nd July 2009 Document Control Project Sponsor Richard Ellis Project Initiation Document Project Call Recording and Workforce Management Document PID

More information

HIGHLANDS AND ISLANDS PATHFINDER BROADBAND PROCUREMENT: APPOINTMENT OF PREFERRED SUPPLIER

HIGHLANDS AND ISLANDS PATHFINDER BROADBAND PROCUREMENT: APPOINTMENT OF PREFERRED SUPPLIER ARGYLL AND BUTE COUNCIL STRATEGIC POLICY COMMITTEE CHIEF EXECUTIVE 20 JULY 2006 HIGHLANDS AND ISLANDS PATHFINDER BROADBAND PROCUREMENT: APPOINTMENT OF PREFERRED SUPPLIER 1 SUMMARY This report updates the

More information

22 JANUARY 2009 NOT EXEMPT CUSTOMER RELATIONSHIP MANAGEMENT (CRM) - SYSTEM PROCUREMENT

22 JANUARY 2009 NOT EXEMPT CUSTOMER RELATIONSHIP MANAGEMENT (CRM) - SYSTEM PROCUREMENT STIRLING COUNCIL THIS REPORT RELATES TO ITEM 10 ON THE AGENDA EXECUTIVE CORPORATE 22 JANUARY 2009 NOT EXEMPT CUSTOMER RELATIONSHIP MANAGEMENT (CRM) - SYSTEM PROCUREMENT 1. SUMMARY 1.1 The Council s Strategic

More information

Website Authentication, Electronic Signatures and Electronic Seals

Website Authentication, Electronic Signatures and Electronic Seals Website Authentication, Electronic Signatures and Electronic Seals Fulfilling the eidas requirements for providers of qualified certificates with BSI Technical Guidelines 6. May 2016 Federal Office for

More information

INTERNAL AUDIT SERVICES CHARTER

INTERNAL AUDIT SERVICES CHARTER INTERNAL AUDIT SERVICES CHARTER www.afrimat.co.za F2016 MISSION AND SCOPE OF WORK The mission of the Internal Audit Service ( IAS ) is to provide independent, risk based internal auditing and consulting

More information

Procurement Strategy. STAR Procurement is the shared procurement service for Stockport, Trafford and Rochdale Councils

Procurement Strategy. STAR Procurement is the shared procurement service for Stockport, Trafford and Rochdale Councils Procurement Strategy STAR Procurement is the shared procurement service for Stockport, Trafford and Rochdale Councils Foreword 1 This STAR Procurement Strategy sets out the strategic direction and priorities

More information

Malta Resources Authority Millennia, Aldo Moro Road, Marsa MRS 9065 Malta Telephone: (356) 21220619 Fax: (356) 22955200. Call for Quotations

Malta Resources Authority Millennia, Aldo Moro Road, Marsa MRS 9065 Malta Telephone: (356) 21220619 Fax: (356) 22955200. Call for Quotations Malta Resources Authority Millennia, Aldo Moro Road, Marsa MRS 9065 Malta Telephone: (356) 21220619 Fax: (356) 22955200 Call for Quotations Closing Date: 7 th October 2014 at 10:00 am Date Published: 16

More information

SSLPost Electronic Document Signing

SSLPost Electronic Document Signing SSLPost Electronic Document Signing Overview What is a Qualifying Advanced Electronic Signature (QAES)? A Qualifying Advanced Electronic Signature, is a specific type of digital electronic signature, that

More information

Ingredients of a European business model for certification of EHR systems

Ingredients of a European business model for certification of EHR systems Ingredients of a European business model for certification of EHR systems The demographics Health funding impacted by global financial crisis Population expansion volume impact The aging non-working sector

More information

Health ID Management in the Netherlands

Health ID Management in the Netherlands Health ID Management in the Netherlands Schiphol Expert Meeting March 20th 2006 Drs Ellen Maat MPA Head of Program Unit Health ICT Ministery of Health, Welfare and Sport Ministerie van Volksgezondheid,

More information

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures

UNCITRAL United Nations Commission on International Trade Law Introduction to the law of electronic signatures Introduction to the law of electronic signatures Luca Castellani Head, Regional Centre for Asia and the Pacific UNCITRAL Secretariat Incheon, Republic of Korea Outline 1. Methods and technologies for electronic

More information

Specification. Edexcel NVQ qualification. Edexcel Level 3 NVQ Certificate in Management (QCF)

Specification. Edexcel NVQ qualification. Edexcel Level 3 NVQ Certificate in Management (QCF) Specification Edexcel NVQ qualification Edexcel Level 3 NVQ Certificate in Management (QCF) For first registration August 2010 Edexcel, a Pearson company, is the UK s largest awarding organisation offering

More information

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority

Internal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:

More information

Annex 2: Rules and Procedures for the Swiss- Estonian Cooperation Programme

Annex 2: Rules and Procedures for the Swiss- Estonian Cooperation Programme nicht amtliche Publikation Annex 2: Rules and Procedures for the Swiss- Estonian Cooperation Programme Annex 2 is an integral part of the Framework Agreement between the Swiss Federal Council and the Government

More information

Request for Quotation. Procurement Services and Support

Request for Quotation. Procurement Services and Support Request for Quotation Procurement Services and Support 1 1.0 INTRODUCTION 1.1 Overview About Arch Arch has been established by Northumberland County Council as a private sector armslength development company

More information

The South African Council for the Project and Construction. Management Professions (SACPCMP)

The South African Council for the Project and Construction. Management Professions (SACPCMP) The South African Council for the Project and Construction Management Professions (SACPCMP) Registration Rules for Construction Health and Safety Managers in Terms of Section 18 (1) (c) of the Project

More information

Indicative Requirements for Cloud Service Providers. connect communicate collaborate

Indicative Requirements for Cloud Service Providers. connect communicate collaborate Requirements Document Cloud Services connect communicate collaborate www.geant.net This document has been produced with the financial assistance of the European Union. The contents of this document are

More information

CEMR RESPONSE. Green Paper on e-procurement. Brussels, January 2011

CEMR RESPONSE. Green Paper on e-procurement. Brussels, January 2011 COUNCIL OF EUROPEAN MUNICIPALITIES AND REGIONS CONSEIL DES COMMUNES ET REGIONS D EUROPE Registered in the Register of Interest Representatives Registration number : 81142561702-61 CEMR RESPONSE Green Paper

More information

Quality Manual. This manual is proprietary and no part thereof shall be copied without written authorisation from the company. Ref: Quality Manual.

Quality Manual. This manual is proprietary and no part thereof shall be copied without written authorisation from the company. Ref: Quality Manual. This manual is proprietary and no part thereof shall be copied without written authorisation from the company Ref: Quality Manual.ind Issue: June 2009 INDEX 1 Amendment Status 2 Controlled Distribution

More information

GMFRS Strategy. Procurement Finance and Technical Services. Greater Manchester Fire and Rescue Service. Policy Template (Draft)

GMFRS Strategy. Procurement Finance and Technical Services. Greater Manchester Fire and Rescue Service. Policy Template (Draft) GMFRS-45-38 Strategy Procurement 2015-2018 Finance and Technical Services Greater Manchester Fire and Rescue Service Policy Template (Draft) July 2012 Contents Contents... 2 Document Details... 3 Document

More information

Contract Standing Orders

Contract Standing Orders Internal Audit Report Chapter 26 Contract Standing Orders 1 Internal Audit Report Section Item INDEX 1 Introduction 2 Definitions 3 Responsibilities 4 Authorities 5 Exceptions 6 Procurement Rules 6.1 EC

More information

Government Procurement Card: Pan-Government Policy

Government Procurement Card: Pan-Government Policy Government Procurement Card: Pan-Government Policy 1. Introduction 1.1 Purpose This document sets out the minimum policy for central Government departments and their Arm s Length Bodies (ALBs) governing

More information

SILVER_05 Questions and Answers update 14 th May 2013

SILVER_05 Questions and Answers update 14 th May 2013 SILVER_05 Questions and Answers update 14 th May 2013 The Q&A will be regularly updated 1 week before the tender deadline. Tenderers should therefore visit www.silverpcp.eu for the most recently updated

More information

Tendering to Public Sector Organisations

Tendering to Public Sector Organisations Tendering to Public Sector Organisations Introduction Authorities have to meet contract regulations and must ensure they provide equal opportunity and achieve the best value for money. Other factors include

More information

Requirements set for account holders and representatives of emissions trading accounts

Requirements set for account holders and representatives of emissions trading accounts Record no. 954/302/2010 13 February 2015 Requirements set for account holders and representatives of emissions trading accounts These requirements are based on the Commission s Registry Regulation 1. The

More information

Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance

Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance QIPP Digital Technology Electronic Palliative Care Co-Ordination Systems: Information Governance Guidance Author: Adam Hatherly Date: 26 th March 2013 Version: 1.1 Crown Copyright 2013 Page 1 of 19 Amendment

More information

The Scottish Wide Area Network Programme

The Scottish Wide Area Network Programme The Scottish Wide Area Network Release: Issued Version: 1.0 Date: 16/03/2015 Author: Andy Williamson Manager Owner: Anne Moises SRO Client: Board Version: Issued 1.0 Page 1 of 8 16/04/2015 Document Location

More information

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review

TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review TENDER NUMBER: ITT/SACU/015/2015/O Information and Communication Technology (ICT) Audit IT Effectiveness Review CLOSING DATE & TIME FRIDAY, 23 JANUARY 2015 17H00 (Namibian Time) POSTAL & PHYSICAL ADDRESS

More information

EARSC Views on the. Procurement of the Copernicus Services

EARSC Views on the. Procurement of the Copernicus Services EARSC Views on the Procurement of the Copernicus Services EARSC, the European Association of Remote Sensing Companies represents the Earth Observation geoinformation services sector in Europe. Today EARSC

More information

Tasmanian Government Identity and Access Management Toolkit

Tasmanian Government Identity and Access Management Toolkit Tasmanian Government Identity and Access Management Toolkit Summary January 2010 Department of Premier and Cabinet For further information on the Toolkit, contact the Office of egovernment: egovernment@dpac.tas.gov.au

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Space project management

Space project management ECSS-M-ST-80C Space project management Risk management ECSS Secretariat ESA-ESTEC Requirements & Standards Division Noordwijk, The Netherlands Foreword This Standard is one of the series of ECSS Standards

More information

Cloud Storage Policy (Draft for consultation)

Cloud Storage Policy (Draft for consultation) (Draft for consultation) Please note that this draft is under consultation with stakeholders in colleges and university services, before refinement and approval by the appropriate University Committee.

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 7 October 2003 (OR. en) 12858/03 RECH 152 OC 589

COUNCIL OF THE EUROPEAN UNION. Brussels, 7 October 2003 (OR. en) 12858/03 RECH 152 OC 589 COUNCIL OF THE EUROPEAN UNION Brussels, 7 October 2003 (OR. en) 12858/03 RECH 152 OC 589 LEGISLATIVE ACTS AND OTHER INSTRUMENTS Subject : Council Decision on the signing of the Framework Agreement between

More information

Lancashire Combined Fire Authority PROCUREMENT STRATEGY

Lancashire Combined Fire Authority PROCUREMENT STRATEGY Lancashire Combined Fire Authority PROCUREMENT STRATEGY 2015-2018 Version 1 March 2015 Page 1 Document Version Control Issue No Date Issued by 1 4 th March 2015 Kim Larter CONTENTS 1. INTRODUCTION... 3

More information

HKCAS Supplementary Criteria No. 8

HKCAS Supplementary Criteria No. 8 Page 1 of 12 HKCAS Supplementary Criteria No. 8 Accreditation Programme for Information Security Management System (ISMS) Certification 1 INTRODUCTION 1.1 HKAS accreditation for information security management

More information

7.11a: Quality in Project Management: PRINCE2 and ISO 9000

7.11a: Quality in Project Management: PRINCE2 and ISO 9000 7.11a: Quality in Project Management: PRINCE2 and ISO 9000 An overview of the PRINCE2 Method (PRINCE2 is a Trade Mark of the Office of Government Commerce) by Peter Whitelaw, Rational Management Pty Ltd,

More information

Implementing the Information Society in Ireland: An Action Plan

Implementing the Information Society in Ireland: An Action Plan Implementing the Information Society in Ireland: An Action Plan (PN 6727) January 1999 Contents Introduction. Telecommunications infrastructure. Development of electronic commerce and business opportunities.

More information

Introduction. Sources

Introduction. Sources The Essential Leadership Pre- requisites for Innovation and Best Practice: A Paper developed by the Leadership, Culture and Employee Engagement Workstream Introduction The Health and Wellbeing Best Practice

More information

1. Introduction to ISO 9000 : 2000

1. Introduction to ISO 9000 : 2000 1. Introduction to ISO 9000 : 2000 ISO 9000, the world s leading standards series for Quality Management Systems, has been revised, following extensive user consultation and overwhelming endorsement by

More information

A guide for government organisations Governance of Open Standards

A guide for government organisations Governance of Open Standards A guide for government organisations Governance of Open Standards The Standardisation Forum Standardisation Board and Forum The Standardisation Board and Forum were established to promote digital cooperation

More information

BUDGET HEADING 04.03.03.03 INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES OF UNDERTAKINGS CALL FOR PROPOSALS

BUDGET HEADING 04.03.03.03 INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES OF UNDERTAKINGS CALL FOR PROPOSALS EUROPEAN COMMISSION Employment, Social Affairs and Inclusion DG Employment and Social Legislation, Social Dialogue Labour Law BUDGET HEADING 04.03.03.03 INFORMATION, CONSULTATION AND PARTICIPATION OF REPRESENTATIVES

More information

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015

FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period. Updated May 2015 FMCF certification checklist 2014-15 (incorporating the detailed procedures) 2014-15 certification period Updated May 2015 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria

More information

Stage. service. Procure a solution. management. communication

Stage. service. Procure a solution. management. communication Stage 4 communication management service Procure a solution Confi rm a procurement approach and select suppliers that offer best overall value for money (including risk and reward trade-offs). Key better

More information

Introduction to ISO Identification of Medicinal Products, SPOR programme

Introduction to ISO Identification of Medicinal Products, SPOR programme 29 November 2016 EMA/732656/2015 Information Management Division Introduction to ISO Identification of Medicinal Products, SPOR programme 30 Churchill Place Canary Wharf London E14 5EU United Kingdom Telephone

More information

Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review

Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review Information Sharing Lessons Learned from Gateway Reviews: Gate 3 Investment Decision Review October 2013 The purpose of this document is to share lessons learned to support agencies to better identify

More information

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS Hong Kong Computer Society Room 1915, 19/F, China Merchants Tower, Shun Tak Centre, 168 Connaught Road Central, Hong Kong Tel: 2834 2228 Fax: 2834 3003 URL: http://www.hkcs.org.hk Email: hkcs@hkcs.org.hk

More information

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman Public Key Infrastructure PKI National Digital Certification Center Information Technology Authority Sultanate of Oman Agenda Objectives PKI Features etrust Components Government eservices Oman National

More information

Country Paper SAI Norway Performance audit on public e-procurement in Norway Contribution to the seminar on e-government in Moscow April 2004

Country Paper SAI Norway Performance audit on public e-procurement in Norway Contribution to the seminar on e-government in Moscow April 2004 Country Paper SAI Norway Performance audit on public e-procurement in Norway Contribution to the seminar on e-government in Moscow 20 21 April 2004 By Senior Audit Adviser Sigmund Nordhus 0. Summary In

More information

ONLINE PAYMENT PRIVACY POLICY

ONLINE PAYMENT PRIVACY POLICY ONLINE PAYMENT PRIVACY POLICY Updated: June, 2013 In order to operate the College online-payments system, Sanjari International College (SIC) may collect and store personal information student/customer

More information

PROCUREMENT PROCEDURES

PROCUREMENT PROCEDURES PROCUREMENT PROCEDURES CONTENTS 1.1 Financial Regulations 1.2 Procurement Section 1.3 Budget Holder Responsibilities 1.4 Authority to Purchase 1.5 Approved Suppliers 1.6 Requirement to Tender and Obtain

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 1.1 Date : 3 March 2000 Prepared by : Information Technology Services Center Hong Kong University of Science

More information

Investment decision. Gate

Investment decision. Gate Investment decision Gate 3 The State of Queensland (Queensland Treasury and Trade) 2013. First published by the Queensland Government, Department of Infrastructure and Planning, January 2010. The Queensland

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

FIH COACHING GUIDELINES

FIH COACHING GUIDELINES FIH COACHING GUIDELINES AIMS OF THE TECHNICAL GUIDELINES 1. To establish clear-cut guidelines for the two FIH Coaching Course levels in both High Performance and Development categories: FIH Coaching Course

More information

Contact us: If you have any queries about the APM Competence Framework, please contact us on or by to:

Contact us: If you have any queries about the APM Competence Framework, please contact us on or by  to: Contact us: If you have any queries about the APM Competence Framework, please contact us on 01844 271681 or by email to: info@apm.org.uk Contents Rating scale 4 1 Ethics, compliance and professionalism

More information

[PROJECT PROPOSAL EVALUATION MANUAL]

[PROJECT PROPOSAL EVALUATION MANUAL] CROATIAN SCIENCE FOUNDATION [PROJECT PROPOSAL EVALUATION MANUAL] The Board of the Croatian Science Foundation determined the content of the Project proposal evaluation manual at its 8th session held on

More information

Appendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit

Appendix C Accountant in Bankruptcy. Annual report on the 2013/14 audit Appendix C Accountant in Bankruptcy Annual report on the 2013/14 audit Prepared for Accountant in Bankruptcy and the Auditor General for Scotland 6 August 2014 Audit Scotland is a statutory body set up

More information

Tender Submission Documents Supporting Tender Information

Tender Submission Documents Supporting Tender Information Tender Submission Documents Supporting Tender Information Tender Submission Documents Supporting Tender Information Contents Contractual Tender Clarifications Contract Organisation Key Personnel and CVs

More information

The Information Security Management System According ISO 27.001 The Value for Services

The Information Security Management System According ISO 27.001 The Value for Services I T S e r v i c e M a n a g e m e n t W h i t e P a p e r The Information Security Management System According ISO 27.001 The Value for Services Author: Julio José Ballesteros Garcia Introduction Evolution

More information

Chair Cabinet Committee on State Sector Reform and Expenditure Control

Chair Cabinet Committee on State Sector Reform and Expenditure Control Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION

More information

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs

Delivering e-procurement Local e-gov National e-procurement Project Overarching Guide to e-procurement for LEAs 1. Introduction Background The National e-procurement Project (NePP) and Centre for Procurement Performance (CPP) are working to support and enable schools to meet their e- Government targets and to gain

More information