| 4. In which ways is the initiative creative and innovative?
eGA has an established Procurement and Program Management Office that enables acquisition and rollout of national projects like the NPA.
eGA engaged a professional consulting firm to frame the requirements and identify the solution partner through a public tender. Key considerations for selecting the right platform solution were:
• Proven and mature solution with embedded best practices, preferably with previous successful implementations in the region,
• Good domain knowledge, and a sound delivery model governed by top-of-line quality and;
• Solution’s based on the latest technologies supporting industry leading platforms.
The NPA solution was based on leading edge integration centric BPM which supported all leading technology platforms.
The high functional fitment, scalability and ability of the proposed NPA solution enabled support of the entire payments ecosystem with a tracking system to handle very large volumes of data as well as diverse messages, formats, and platforms, together with the ability to handle online and offline connectivity. SEI CMMi Level 1.3 (highest level of quality certification) standards and a global delivery model gave us the needed comfort and support to deliver this key project.
The system came embedded with multi-level controls, encryption tools and supported industry standard authentication systems. Rigorous testing methodology for security, functionality, data integrity down to coding standards was deployed.
Application and services undergo a numerous number of security reviews and checks throughout the SDLC (Service Development Life Cycle). From the initial conceptualization of business requirements to the final product.
eGA’s Security team is deeply involved in managing information risks in accordance to best practices and standards, such as ISO27001, OSSTMM and OWASP.
Each application undergoes a Web Application Security Review and Security Code Review by an independent security specialist, which highlights and identifies risks and vulnerabilities against OWASP guidelines.
Applications are reviewed for potential vulnerabilities and compliance with best practices in information security, in accordance with platform and ecosystem guidelines.
Infrastructure components are subjected to continuous vulnerability scans and analysis by local and cloud based vulnerability scanners.
Web services are also subject to Penetration Tests simulating a full attack by an external entity.
The Penetration Test is conducted as a 'Black-box' followed by the 'Gray- box' exercise, implying that the testing team is not given any prior information about the target applications but is later provided with the login credentials for the Gray-Box activity. This is done to simulate as closely as possible the viewpoint of a completely external as well as internal attacker.
| 5. Who implemented the initiative and what is the size of the population affected by this initiative?
Key Stakeholders of this project initiative includes:
Key eGA (Internal) Stakeholders:
1 Project Management Office
2 Services Delivery and Channels Enhancement
3 HR and Finance Directorate
4 BPR Directorate
5 Legal (Policy & procedures)
Key External Stakeholders:
1 Ministries and Government Entities
2 Solution Vendors
3 Payment Service Providers (PSP)
| 6. How was the strategy implemented and what resources were mobilized?
The overall costs (financial, technical and human resources) are fully covered by a budget of $1.9 million from the eGovernment Authority (EGA), Kingdom of Bahrain, funded by MoF (Ministry of Finance).
The team comprised of payment domain specialists, integration experts, product specialists, platform support resources, business analysts and development and testing teams with high techno-functional orientation. Most of the senior resources were also accomplished trainers who carried out effective training sessions.
The Solution Vendor mobilized their resources to align completely to the project plan. Whilst some resources were fully dedicated and acted as anchors both onsite and offshore, some were only needed for specific interventions. During specific times when we needed some unplanned acceleration in the project progress additional resources were easily mobilized at short notice.
The average team size dedicated overall, covering both the eGovernment Authority and Solution Vendor Bahwan CyberTek (BCT), was 30+ resources of varying levels.
| 7. Who were the stakeholders involved in the design of the initiative and in its implementation?
• Key Success factors:
Subject matter expertise
Meetings & documented procedures
• Solution Vendors :
Product expertise, application flexibility/scalability
Team access to reach at all levels for mitigation of risks
Clear definition of Stakeholder and staff Roles and responsibilities
| 8. What were the most successful outputs and why was the initiative effective?
A team formed between the eGovernment Authority, key stakeholders and NPA Solution Vendor ensured proactive and meticulous planning of every project objective, broken down into logical delivery phases and measurable milestones. The teams were conscious that this project involved the coordination and support of multiple departments and external agencies and hence the overall NPA vision was translated into simple win-win factors for each of the participating agencies. Their levels of readiness were also considered and reviewed in order to architect an approach that encouraged easier adoption of NPA.
A shared vision delivered through multiple forms of communication and motivation sessions ensured enthusiastic support from all quarters to take on board the system. The following processes contributed largely in monitoring and managing the projects timely deliveries:
1) Base lined Project PLAN
2) Regular Project progress MEETING
3) Status update on clearly defined project MILESTONES
4) Project RISK Management
5) Project defined Issue ESCALLATION Process
6) CHANGE REQUEST Management
7) VENDOR Management reporting
8) Pre-Defined Communication protocol
9) Resource Management
10) Functional/Unit testing
11) Quality Assurance & Certification
12) RELEASE Management
13) Support Management
| 9. What were the main obstacles encountered and how were they overcome?
Being a National initiative responsible for delivering high level impact across the whole of government, was a humongous task to accomplish. But both eGA and Bahwan CyberTek being professionally skilled, planned a successful win-win plan to deliver a successful outcome.
The varying levels of readiness of each of the participating stakeholders/entities were a great challenge. By defining clear project management processes, including the identification of clear user needs at the start of the project, the NPA Team were able to adopt a successful on-boarding strategy through a “path of least resistance” i.e. aligning functions to end-user priorities, addressing their key concerns, minimizing change at their end and even exercising flexibility in timings based on their availability and business priorities. This transparent partnership based approach with stakeholders to work to a shared vision helped us overcome many of the ‘readiness’ challenges.
The stakeholder commitment from all quarters, starting from issuing the mandates to empowering the representative teams to the swift handling of any escalations or request for interventions, gave the necessary impetus to deliver and progress the project as per plan.