Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » S.E.E. Directory - Final Report » 5 Policy Framework for an All-of-Government

5 Policy Framework for an All-of-Government

5.1 Basic principles

5.1.1 The policy framework for S.E.E. Directory is based on three principles. These principles have been tested over the course of the Directory project in a wide process of consultation (see Appendix 2), which achieved broad consensus among all consulted parties. They are described in this section, together with the reasoning behind their adoption.

5.1.2 The three basic principles are:

  1. A Single Directory

  2. A Single Point of Governance

  3. Multiple Points of Administration

5.1.3 Under these principles, the S.E.E. Directory will comprise one single electronic Directory which is controlled by a single governing body, but whose contents will be made up from data contributed by its subscribing agencies [ In the first instance, these will be S.E.E. member agencies.] . This depicted in the following diagram. A diagram depicting how the S.E.E. Directory will comprise one single electronic Directory which is controlled by a single governing body, but whose contents will be made up from data contributed by its subscribing agencies.

5.1.4 In the diagram, the jigsaw pieces inside the circle indicate that the Directory is made up of information from multiple sources, integrated to appear as a single logical whole. The right-hand side of the diagram shows the multiple points of administration within the individual subscribing agencies.

5.2 A Single Directory

A Single Authoritative Source

5.2.1 There will be a single authoritative Directory for S.E.E. member agencies (the S.E.E. Directory), which presents a logical whole, consolidating the contributions of all subscribing agencies.

5.2.2 In order to assure the authority of, and trust in, the integrity and value of the S.E.E. Directory, it has been generally agreed between the project team and all stakeholders who have been consulted that there should be only one Directory (although this will in fact be a composite of the contributions of all subscribing agencies).

5.2.3 At an implementation level decisions will need to be made as to the number of physical copies of the S.E.E. Directory that should exist. This number will be set to take into account issues of data integrity, continuity of operation, recovery from failure, access control, availability, leveraging maximum value from the contents of the Directory and so on. It may also vary from time to time, depending on operational experience and reliability. However, these are technical matters related to the physical implementation of the S.E.E. Directory, which are outside the scope of this document.

5.2.4 The pivotal place of the S.E.E. Directory in the e-government programme means that particular attention must be paid to its security, in the broadest sense. The security level of the S.E.E. Directory must be at least as high as that of the most secure system that accesses it.

Common Reference Schema

5.2.5 The single logical Directory will be implemented according to a reference schema that defines common data for all S.E.E. member agencies.

5.2.6 The reference schema is an abstract description of the data elements to be held in the Directory. It may be considered as describing the 'place-holders' under which data is stored in the Directory, and prescribes a minimum structure to facilitate storage and retrieval of data.

5.2.7 It will include provision for information about a variety of 'objects'. To satisfy the objectives of this document, the schema will be limited in the first instance to information about the following:

  • Persons

  • Roles

  • Organisations

  • Communities of interest (e.g. a S.E.E. Shared Workspace)

  • Locations

5.2.8 An important benefit of using a common schema, which describes data elements in the abstract, is that it provides a standard 'language' about the data in the Directory, which in itself facilitates information sharing across agencies.

5.2.9 The proposed structure is very simple and will be easy to extend as required in future. More details of the proposed schema and associated data items can be found in section 7.

5.3 A Single Point of Governance

5.3.1 The S.E.E. Steering Group will oversee the management of all matters relating to the Directory (and is referred to hereinafter as the governing body of the S.E.E. Directory).

5.3.2 The governing body will:

  • Set policy

  • Oversee the design and implementation of the Directory

  • Ensure impartiality of the implementation and operation of the Directory

  • Strike contractual arrangements with S.E.E. member agencies and other involved parties such as suppliers and operators of the Directory

  • Carry out regular audits to ensure that the integrity and security of the S.E.E. Directory are maintained.

5.3.3 The reporting structures of the governing body are outside the scope of this paper, but they will need to be established as a matter of some priority in order to satisfy the requirement of other S.E.E. projects for an early implementation of the S.E.E. Directory

5.3.4 The governing body will exercise overall stewardship of the S.E.E. Directory

5.3.5 Stewardship will be exercised by setting policies in a number of areas as outlined in the next paragraph. These policies should be enforced by means of appropriate formal arrangements (contracts or memoranda of understanding) between the governing body and all involved parties. These parties will include, among others:

  • Subscribing agencies

  • Any other users of the S.E.E. Directory

  • Outsourcing contractors

  • Vendors

  • Consultants

5.3.6 The areas in which the governing body will exercise stewardship are as follows:

  • Evolution of the S.E.E. Directory: The processes whereby all policies for management and operation of the Directory (including issues of access rights and continuity of operation) and the management of the reference schema evolve as required

  • Content: Control Rules which define which elements of the S.E.E. Directory each agency is responsible for, in terms of both data content and integrity

  • Access Security: Enforceable rules defining and controlling legitimate access to the contents of the S.E.E. Directory by authorised agencies, systems, and individuals

  • Availability: Enforceable rules to ensure that the S.E.E. Directory is available to authorised agencies, systems and individuals at all times when needed

  • Data Integrity: Enforceable rules for ensuring the completeness, correctness and usefulness of the S.E.E. Directory's contents, together with establishing consistent standards where appropriate

  • Privacy: Enforceable rules to ensure that the privacy of information about individuals is respected in conformance both with legislation and with individual agencies' policies.

5.3.7 The governing body will set policy in the above areas, in consultation with affected parties. It will be responsible for overseeing the implementation of the policies, generally via suitable contractual arrangements. However, it is not envisaged that the governing body will have a 'hands-on' role in operation of the S.E.E. Directory, which should be managed by an outsourcing contractor or custodial agency, under contractual arrangements.

5.3.8 The governing body will need to engage in a considerable amount of liaison effort, as its work will affect potentially all core public service departments, which may be expected both to supply information to the S.E.E. Directory and to draw information relating to other agencies from it.

Compliance & Monitoring

5.3.9 The governing body will monitor usage of the S.E.E. Directory to ensure compliance with policy and operational rules.

5.3.10 The central position of the S.E.E. Directory in e-government means that, once implemented, it will form a crucial element in the national information infrastructure. As such it must be protected from a broad range of threats. Monitoring usage of the Directory is an essential element in the assurance process.

5.3.11 The governing body will need to be empowered both to assure the integrity of the Directory and to act swiftly to counter any threat that may arise.

5.4 Multiple Points of Administration

5.4.1 Responsibility for the content, accuracy and integrity of the information in the Directory will lie with the 'subscribing agencies', in line with the requirements specified by the Directory's governing body.

5.4.2 The subscribing agencies in the first instance will be the S.E.E. member agencies.

5.4.3 Each subscribing agency will be charged with maintaining its own subset of the overall Directory. At a minimum this will cover certain basic mandatory information about the agency itself and its personnel [ Personnel' in this context obviously covers all staff members of the subscribing agency. It may also, at the discretion of the agency, include external personnel such as contractors or consultants whom the agency wishes to include in e-government activities and for whose existence the agency is willing to vouch.] . This is expected to evolve over time to cover further key information about persons, services and the various organisational units and communities of interest represented by the agency.

5.4.4 It should be stressed that the content and integrity of the information supplied will at all times be under the control of the subscribing agency (as defined by a contract or memorandum of understanding between the agency and the governing body).

5.4.5 It will be essential to address agencies' concerns about the security, confidentiality and integrity of their information and to protect these via contractual mechanisms as discussed under 5.3 above. In particular, each agency must

  • Be able to know who has access to which elements of the information it contributes to the S.E.E. Directory

  • Be assured that the governing body enforces access rules.


[ Previous | Next ]