You are on page 1of 12

DGOBR

DIR

Contactpersoon
Henri Rauch

T +31 631759839

Datum
30 maart 2012

The Netherlands’ iStrategy

Creating a leaner, more efficient Central Government through Information and


Communications Technology (ICT) and Information Management (IM)

1. Introduction

This document summarises the Dutch Government’s ‘iStrategy’ – its plans for using
Information and Communications Technology (ICT) and Information Management
(IM) to streamline the operations of Central Government (i.e., the Civil Service)
and the services it provides to the public. This strategy will be implemented
between 2012 and 2015. The strategy was presented to the Dutch parliament by
the Minister of the Interior on 15 November 2011.

The iStrategy is based on principles set out earlier in the government’s overall
programme for downsizing Central Government and making it more efficient –
Compact Central Government. The iStrategy fleshes out the role to be played by
ICT and IM in that programme. This includes unifying the current fragmented ICT
infrastructure, reducing the number of data centres, establishing a single Central
Government ICT security authority, developing proposals to harmonise the design
and use of software, and digitalising services provided by Central Government to
the public. The intended outcome of these measures is increased efficiency and
reduced costs.

2. Background

2.1 Early days


The present ICT infrastructure and IM system of Central Government has been
developed over several decades. Initially, a centralised approach was taken, and
the establishment of a Central Government Computer Centre was a significant
milestone. Subsequently, in the 1980s and 1990s, new technologies led to a
reversal of that trend, and ministries no longer had to use centrally developed
facilities but were free to choose their own service providers. As a result, a
patchwork of different ICT facilities and suppliers/providers gradually emerged to
run Central Government operations and support its primary processes.
Pagina 1 van 12
Datum
2.2 Simplification and streamlining 30 maart 2012

However, a need to simplify and streamline Central Government in general soon


became apparent, and various coordinated reforms were introduced. In the fields of
ICT and IM, this led to the development of ‘generic’ facilities and other measures
that would enable ministries to work together more easily. These measures
included the following:
• A uniform Central Government ‘Digital Work Environment’
• A single platform for collaboration throughout Central Government
• An overarching Central Government website
• The alignment of individual ministry websites
• The appointment of a Chief Information Officer (CIO) within each ministry
• The appointment of a Central Government CIO.
These measures are now embedded in a more general programme to make Central
Government more compact and more efficient.

2.3 Constant change is here to stay


It would be unfair to conclude that Central Government policymakers were
inconsistent or indecisive in their approach to ICT and IM. The way in which Central
Government is organised is inevitably affected by the technology available at any
given time. Today, constraints once imposed by location and time have been largely
reduced or eliminated, and services no longer need to be physically provided on the
spot. As a result, the way Central Government is organised is constantly changing,
as it adapts to the needs of its environment and evolves in response to emerging
technologies.

3. The scope of the iStrategy

3.1 Specific activities


The government’s iStrategy will involve the following three main activities:
• Specifying and implementing the ICT and IM aspects of the programme for
making Central Government leaner
• Aligning and further developing aspects of existing policy
• Developing any additional policies required.

3.1.1 The i-Infrastructure


The primary objective of the iStrategy is to develop a government-wide information
infrastructure (the ‘i-infrastructure’) that will eliminate unnecessary variation and
improve control of ICT and IM matters. This i-infrastructure will consist of:
• A single ICT infrastructure throughout Central Government
• A single IM system and related control mechanisms.

3.1.2 Previous experience


In implementing these activities, lessons will be learned from the earlier
introduction of the Central Government Digital Work Environment (see above, 2.2).
Although the aim of that project was to standardise computer workstations
throughout Central Government, there are still today major differences across
ministries with respect, for example, to ICT security and data access, software
purchasing, digitisation of hard copies, identity management, and the set-up and
use of data centres.

Pagina 2 van 12
3.2 Standardisation Datum
To maximise standardisation and use, the strategy will make generic frameworks, 30 maart 2012

services and products available to all Central Government organisations. Examples


of such generic frameworks or services include:
• Software and hardware installed at each workstation
• Security rules and facilities
• Network access
• A message box function
• A digital archiving function.

A service or facility will be designated as ‘generic’ on the grounds of how widely it


will be used and how much money it can save. When a Central Government
organisation requires a certain functionality, and that functionality is available
among the existing generic services or facilities, the organisation in question will
not be permitted to introduce its own ‘specific’ alternative but will be required to
use the generic service or facility.

Implementing a government-wide i-infrastructure in this way will result in:


• Greater uniformity
• More generic components
• Fewer specific components
• More widespread use of the same software
• Lower costs.

For example, in the context of making Central Government leaner, the central
agency for collecting fines is grouping its collection activities in ways that make it
possible to rationalise the underlying information systems.

3.3 Progression
The redesign of the i-infrastructure should start by addressing the needs of the core
policymaking units and their associated agencies. On the basis of a positive
business case, the government itself is now connecting its agencies to the Central
Government-wide operational infrastructure, and is currently investigating the
possibility of also allowing participation by autonomous administrative authorities
(public bodies appointed by government, but not subject to ministerial control). The
early involvement of government agencies is important as they are particularly
active in creating new building blocks for the i-Infrastructure. Examples of such
building blocks are ‘DigiD’ (a digital identity that enables people to access many
online services offered by government agencies) and a ‘Message Box’ (a personal
online mailbox for correspondence with government agencies).

3.4 Exceptions
It is acknowledged that the use of generic services and frameworks may not be
realistic in all cases. The two principal exceptions in this respect are:
• The Ministry of Defence and the intelligence services
• The primary process.

3.4.1 Ministry of Defence and the intelligence services


Due to their special position, separate arrangements need to be made for the
Ministry of Defence and the General Intelligence and Security Service. For example,
due to its vertical integration with the armed forces, the Ministry will not
concentrate its i-facilities in the Core Policymaking Units. Special agreements will
Pagina 3 van 12
also be made regarding its participation in matters such as data centre Datum
consolidation and the Central Government ICT security authority. 30 maart 2012

3.4.2 The primary process


As the name suggests, the primary process forms the core of Central Government’s
business. Although the main point of introducing an i-infrastructure is to increase
uniformity and promote the wider use of the same software, it may not always be
possible to insist on adherence to this goal where the primary process is concerned
as, for practical reasons, this may need a variety of systems. Certainly, however,
the decisions currently being made by the Dutch Government about the i-
infrastructure (in particular where generic components are concerned) will have
implications for ICT systems forming part of the primary process.

3.5 Role of existing policy


The iStrategy not only consists of the steps needed to set up a Central
Government-wide i-infrastructure and the associated organisational, control and
human resources aspects, but also focuses on elaborating existing policy
concerning such matters as system architecture and information management.
Where necessary, that policy will be adjusted or new components will be added to
it.

3.6 Security
The security of Central Government’s ICT systems and the level of public
confidence placed in them are important points of concern within the context of the
iStrategy. The vital importance of reliable digital communication was demonstrated
in 2011 by the problems surrounding a government-appointed digital certification
agency called ‘DigiNotar’, where a security breach resulted in the issue of
fraudulent certificates.

4. The aims of the iStrategy

4.1 General aim


The general aim of the iStrategy is to replace the fragmented i-infrastructure that
has emerged since the 1980s and 1990s, with its many different internal service
providers, with an infrastructure based on state-of-the-art, proven technologies.
The Dutch Government will work on raising the organisation, design and control of
the i-infrastructure to the required standard during its current term in office.

4.2 General criteria


In order to develop a government-wide i-infrastructure, we need a clear idea of
what Central Government will require in the years ahead. Clearly, in general terms,
Central Government needs an ICT and information management system that is:
• Uniform and reliable
• Supportive of its primary process
• Based on clear-cut agreements covering development, management and
control.

4.3 Specific criteria


More particularly, the system needs to meet the following additional criteria:
The infrastructure should link together policymaking, implementation, monitoring
and enforcement, with the aim of facilitating the primary process while improving
Pagina 4 van 12
quality and reducing costs. It should be designed and implemented by a Datum
coordinated team of specialist ICT service providers. 30 maart 2012

The system should operate regardless of time, location or device, and make secure,
easy inter-ministerial cooperation possible. Specifically, it should be based on the
concept of ‘cloud computing’ (i.e., buying services, such as the intangible use of
software, rather than purchasing products, such as a physical software package). In
this way, subject to the necessary data security and data ownership requirements,
the government will be able to benefit from the potential of cloud computing. The
system should enable close cooperation with the private sector while nonetheless
leaving control in the hands of Central Government. Finally, it should enable civil
servants in Central Government to have their own digital work environment,
providing anytime, anywhere access to whatever they are entitled to access (e.g.,
the network, generic and specific applications, social media or collaborative
platforms), on the device of their choice.

The system should ensure that major, high-risk ICT projects are failsafe. Central
Government’s portfolio of projects with an ICT component (in particular, large-scale
and high-risk projects) will be managed so that they will be completed on time and
within the allotted budget and produce the intended results. The CIO system will
make a visible and effective contribution to ICT project management.

5. Implementing the iStrategy in practice

5.1 New and old measures


The criteria outlined in the previous section constitute a further development of the
policy the Dutch Government has been pursuing in recent years to streamline
Central Government. As a further development in the same direction, it is now also
implementing measures to improve control and standardise the ICT infrastructure.

Some of these measures are completely new; others extend and improve existing
policy to bring them into line with the target situation. These various measures can
be grouped as follows:
• Structuring supply (5.2)
• Sourcing (5.3)
• Control and accountability (5.4)
• The individual civil servant (5.5)
• Personnel and quality (5.6)
• Trust and data security (5.7)
• Working with the private sector (5.8).

5.2. Structuring supply


The main issue addressed by the iStrategy and its specification is how Central
Government decides to use shared facilities and the basic organisational principles
on which facilities are made available.

5.2.1. Workstations
First, the system of ICT service providers will be restructured. Already, internal ICT
service providers are being regrouped to serve the core policymaking units and
their associated agencies. This will involve reforming and extending the current ICT
Shared Services Unit to make it responsible for managing the workstations for the
core policymaking units in The Hague.

Pagina 5 van 12
5.2.2 Clustering comparable services Datum
It should also be possible to group together services that involve the same or very 30 maart 2012

similar processes. Such grouped services can then be outsourced to the service
provider that offers the best terms with respect to available knowledge, spread of
risk, and acquired expertise. This may necessitate selecting multiple service
providers.

Examples of such groupings that could be served by a single provider include:


• Services that need to satisfy specific security requirements
• Services that involve the collection of fines from the public
• Services provided by funding organisations within Central Government.

It may even be possible to group together activities that involve conducting


inspections, and provide them with a shared provider, since an appropriate unit
(with specialist knowledge and expertise) exists within the Ministry of Economic
Affairs, Agriculture and Innovation. The possibility of appointing this unit to become
a provider of ICT services more generally within Central Government is under
consideration.

Finally, the document services required by many operations in Central Government


are currently provided by a specialist provider. Given that implementing digital
document management in all core policy units within five years is a government
priority, the possibility of inviting the existing supplier to extend its scope of service
to digital document management is also under consideration.

5.2.3 Results
As a result of such rationalisations, the number of internal ICT service providers for
generic ICT services will be reduced from approximately 40 to fewer than 10 in the
next few years. These 40 providers currently supply specific applications. These
specific applications will be replaced by some 20 generic components.

5.3 Sourcing
Work can be undertaken in-house, carried out in cooperation with other parties, or
fully outsourced to a party in either the public or private sector. Whether or not
work should be outsourced will be decided on a case-by-case basis, depending on
questions of feasibility and return on investment.

5.3.1 Criteria for outsourcing


Specifically, work will only be outsourced if:
• The commissioning body has its own house in order (e.g., relevant
operations have been suitably harmonised)
• The commissioning body is competent in applying effective commissioning
practices
• There is a convincing business case for outsourcing the work.

5.3.2 Uniform assessment


More generally, to minimise costs, concentrate operations and provide an
unambiguous and transparent decision-making process, all ministries will use the
same generic ICT impact assessment framework. This will ensure that:
• Wherever possible, existing and proven technologies are used (or re-used)
• Infrastructures are aligned with and linked in to the government-wide i-
infrastructure
Pagina 6 van 12
• Decisions are based on a sound business case Datum
• Internal service providers are used where appropriate. 30 maart 2012

5.4 Control and accountability


It is important that the information infrastructure provides instruments for the
efficient and transparent control of operations and provision of clear lines of
accountability. The iStrategy proposes to achieve this in three ways:
• Introducing an enterprise architecture
• Setting up a system of Chief Information Officers (CIOs)
• Extending reporting obligations.

5.4.1 Introducing an enterprise architecture


A Central Government-wide enterprise architecture will be set up, based on the
current Central Government model architecture. This will provide a coherent
framework in which the generic, interconnected components of the Central
Government-wide i-infrastructure can all be linked up.

5.4.2 Setting up a system of Chief Information Officers (CIOs)


A system of Chief Information Officers (CIOs) has recently been introduced (see
above, 2.2). The government is unwilling to change it for the time being, pending
the results of an evaluation of the most recent supplementary measures, especially
the Central Government-wide introduction of project portfolio management. The
impact of the CIO system will be monitored over the next few years, in consultation
with the Central Audit Directorate. The practice of conducting Gateway Reviews will
be continued.

5.4.3 Extending reporting obligations


Accountability for large-scale and high-risk ICT projects carried out by ministries
and their autonomous administrative authorities is given in Central Government’s
Annual Report on Operations. Consideration is being given to whether additional
information should be included in the underlying reporting model.

5.5 The individual civil servant


The new i-infrastructure will have implications for individual civil servants. The
Central Government Digital Work Environment (see above, 2.2) will be developed in
line with the government’s cloud strategy (see above, 4.3), user wishes (specifically
concerning the primary process), and technological and social changes.

5.5.1 Apps and mobile devices


Civil servants using the Digital Work Environment will be able to choose from a
wide range of work-related apps and download them from an online store. They will
also be able to ‘bring (or choose) their own device’, so that they are not tied to a
particular device or tool.

5.5.2 Access controls


Setting up processes (primary and secondary) that transcend departmental
boundaries necessitates Central Government-wide identity management and access
rights control (e.g., by means of a special smartcard). Previously, this was achieved
by creating a central framework and then leaving implementation to the ministries
(and their departments and units). However, such loose links are no longer
adequate, and need to be replaced by genuine integration.

Pagina 7 van 12
5.5.2 Digital document management Datum
The government wishes to improve the efficiency of inter-ministerial cooperation by 30 maart 2012

implementing effective digital document management. Information management


within Central Government will therefore be designed so that ministries can provide
government-wide access to as many documents as possible. This will require the
introduction of various IM standards. The document management systems will also
be interlinked to permit document-sharing across ministry boundaries.

5.5.3 Digital archiving and data centres


A single, Central Government-wide generic facility will be introduced for digital
archiving, and the current data centres of ministries will be merged into shared
centres, enabling the number of centres to be drastically reduced from 64 to a
mere 4 or 5. This change was already announced in the Compact Central
Government Programme (see above, 1.).

5.6 Personnel and quality


Although much ICT and IM work seems to revolve around hardware and software
considerations, in fact people play a crucial role. Unless the people developing and
operating the system have the right expertise and skills, it will never perform well.
For that reason, part of the iStrategy is about ensuring the optimum quality of
staff, as described below.

5.6.1 ICT professionals with commissioning expertise


A pool of ICT professionals drawn from across Central Government has been set up
with the purpose of building and maintaining crucial expertise in-house and
reducing the number of external professionals who need to be engaged. Being able
to access such expertise easily is especially important in complex tendering
procedures, as these also require considerable familiarity with the technical side of
ICT products and services.

5.6.2 HR quality
In an effort to improve internal and external labour market policy and personnel
planning in ICT and IM, a quality framework was developed in 2010, based on the
EU’s e-Skills Programme. This framework specifies the required levels of knowledge
and competence for all job categories and levels, from ICT service providers and
tactical and strategic managers to project and programme managers responsible
for projects with a major ICT component. This quality framework will be introduced
for all matching and training operations starting in 2012. In 2013, a full range of
training courses will become available for commissioners and senior staff. They will
include courses in how to deal with tendering procedures in the context of European
law – a topic that is increasingly in demand, and is the subject of attention in many
ministries.

5.7 Trust and information security


It is important that citizens feel they can trust Central Government to store and use
any data relating to them with the greatest of care, making sure that it is accurate
and used in accordance with the law. This means we need to continue to invest in:
• Making the Central Government system resilient to deliberate or inadvertent
breaches of security
• Enabling it to recover rapidly from security breaches
• Developing processes for dealing with privacy-sensitive data.

Pagina 8 van 12
Some of the ways this may be achieved are given below. Datum
30 maart 2012

5.7.1 Robust information security concepts


Investments need to be made in securing data above and beyond the device and
network level. This will make it possible to work regardless of a particular device
(within a ‘bring or choose your own device’ policy). Where classified information
is subject to special security requirements, the knowledge and expertise of the
intelligence services will be enlisted.

5.7.2 Fewer internet connections


Network security will be improved by cutting back on the number of internet
connections maintained by Central Government. Instead, a single Central
Government internet connection will be created, thereby streamlining management,
improving quality, cutting costs and reducing risk.

5.7.3 From unconscious risk aversion to conscious and responsible risk


management
Staff must be willing and able to deal securely with information. Now that they are
able to choose their own tools and have many more communication options at their
disposal (e.g., social media), today’s civil servants must be more aware than ever
of the risks inherent in using digital tools, and must therefore know how to use
them properly. Central Government will assist staff by providing them with
satisfactory tools and clear rules and advice.

5.7.4 Security agreements


Efforts must also be made to enter into agreements with internal and external
parties on information security (e.g., by harmonising the relevant process, and by
monitoring compliance with those agreements).

5.7.5 Reporting requirement


The Minister of Security and Justice intends to require organisations that play a
crucial role in society to report ICT incidents. This type of transparency should
increase the public’s confidence in Central Government’s security.

5.7.6 Instruments
It is vital that Central Government can recover quickly from any breaches of the
ICT infrastructure. To this end, relevant supplementary instruments (both
operational and legal) are currently being developed that will allow government to
take decisive action in such situations.

5.7.7 Research and expertise


It is also important that appropriate research capability and expertise is available
with Central Government (as specified in the government’s National Cyber Security
Strategy). Steps are being taken to ensure that this is the case.

5.7.8 Single IT Security Unit


The Ministry of Justice and Security is currently developing a single authority for
government-wide operational ICT security. This authority will serve as a repository
for rare knowledge and expertise.

Pagina 9 van 12
5.7.9 Privacy protection requirements for large-scale projects Datum
Privacy protection requirements are being added to the existing requirements 30 maart 2012

applicable to the management of large-scale ICT projects. Extending the


requirements for ICT project management in this way will encourage the cautious
use of privacy-sensitive information, increase the involvement of the relevant
ministry's CIO, and guarantee that the House of Representatives is kept well
informed. The additional measures are described below.

• Risk profile
Project plans for large-scale ICT projects must state whether the project
involves privacy-sensitive data and connections with or enhancements of
that data. It must also state (with grounds) whether or not the plan should
be subject to a Privacy Impact Assessment or similar instrument. The
commissioner and the relevant ministry’s CIO will take this information into
account when drafting the project risk profile. If the risk profile indicates
that the project is high-risk, reports on the project must be submitted to
the House of Representatives in the Annual Report on Operations and
Central Government’s ICT Dashboard.

• Assessment
If a project plan includes privacy-sensitive data and connections with or
enhancements of that data, the ministry's CIO, when assessing the project,
will ask the advice of the ministry’s data protection officer, who is
responsible for enforcing and monitoring compliance with the Personal Data
Protection Act.

• Report of any change


Commissioners of ICT projects will be obliged to report to the relevant
ministry’s CIO any system change that involves the use of privacy-sensitive
data and connections to or enhancements of the same. The CIO will then
decide whether the changes call for a new assessment.

5.8 Working with the private sector


To ensure the success of our ICT projects and attain our objectives, we will need to
work even more closely with commercial providers and suppliers.

5.8.1 Covenant
To encourage and optimise such collaboration in the years ahead, and tailor it to
trends and developments within Central Government, we will therefore draw up a
covenant with representatives of the ICT sector and SMEs. This will cover a broad
set of concerns, including:
• On-going development and application of precompetitive market
consultation
• Trend-watching, to take advantage of opportunities to improve procurement
practices
• Knowledge-sharing
• Developing new forms of public-private partnership
• Nurturing and retaining talent in the sector.

Pagina 10 van 12
5.8.2 Additional means of consultation Datum
In addition, the Dutch Government will encourage consultation with the market by: 30 maart 2012

• Performing specially developed feasibility tests (especially on larger-scale


ICT projects)
• Sharing the outcomes of such tests with the CIOs and providers and
suppliers
• Using a looser form of market consultation (a tool called ‘ICT Market
Mirror’), where appropriate.

5.8.3 Strategic supplier structure


To improve its position with respect to suppliers and providers, Central Government
is also setting up a strategic supplier management structure, which will enable it to
take strategic, sustainable investment decisions for the Central Government as a
whole.

6. Financing

Most of the proposed expenditure on the iStrategy is provided for in the long-term
budget. Any new or additional activities will need to be paid from existing budgets
(e.g., for projects within the Compact Central Government Programme).

Each decision will need to be justified by business cases substantiating the potential
savings and specifying the expenditure required to realise those savings. In many
instances, NGOs will be able to use their credit facility, borrowing funds from the
Ministry of Finance, repaying them from its user charges.

Although a business case may be financially positive for Central Government as a


whole, it may turn out to be disadvantageous for an individual ministry. In such
cases, the individual ministry will be compensated in a way that will leave the
Central Government-wide savings intact.

7. Reporting

The minister will report to the House of Representatives on how implementation of


the iStrategy is proceeding in the Annual Report on Central Government
Operations. Information about large-scale and high-risk ICT projects being
conducted by the Central Government is available on a dedicated public-access
website (‘The Central Government’s ICT Dashboard’), at www.rijksictdashboard.nl
(in Dutch).

8. Final remarks

The Dutch Government is aware that the plans and developments outlined here
cannot all be implemented overnight.

8.1 Coping with constant change


The first major steps towards overhauling the i-infrastructure can be taken during
the government’s present term in office. But it is important to bear in mind that the

Pagina 11 van 12
i-infrastructure will change continuously, and that it must be able to accommodate Datum
such change. For example, it will need to take account of: 30 maart 2012

• The changing needs of the primary process


• The latest technologies and the opportunities they offer
• International trends and experience gained in other countries
• New bureaucratic and governance challenges in Central Government
• The changing needs and expectations of civil society.

8.2 Achieving government objectives


The Dutch Government believes that the iStrategy described here will enable it to
realise its objectives, creating an i-infrastructure that will:
• Respond flexibly to new trends and developments
• Reduce costs
• Enable ministries to work more efficiently together.

It regards the iStrategy as forming an important foundation of its Compact Central


Government Programme and as a means of making a long-term investment in the
professionalism, effectiveness and efficiency of Central Government.

Pagina 12 van 12