Questions/Answers
Question 1
Please briefly describe the initiative, what issue or challenge it aims to address and specify its objectives. (300 words maximum)
The aim of this national initiative is to find a comprehensive solution for the management and governance of digital identities to provide a unified electronic access service at the national level and to provide the necessary mechanism and tools necessary to solve the problems faced by many public and private agencies.
The initiative addresses the problem by laying on obstructing the provision of many important services, which benefit citizens and residents, due to the low level of credibility and confidence in digital identity and the possibility of being stolen or hacked.
Question 2
Please explain how the initiative is linked to the selected category. (100 words maximum)
The initiative fosters innovation due to the fact that it delivers an inclusive service which required linking systems with the public and private sector in order to address the issue faced by these entities. The complications included difficulty to link multiple technical environments to the service providers across the 168 entities currently utilizing the portal. It adopted an innovative approach by finding an ample solution for governing digital identities through a unified electronic access service at the national level.
Question 3
a. Please specify which SDGs and target(s) the initiative supports and describe concretely how the initiative has contributed to their implementation. (200 words maximum)
It contributes to the fulfillment of SDG 8 by creating a National Digital Identity System in the goal to have a highly secured, trusted and reliable Identity Platform promoting online services for all citizens and residents across Saudi Arabia and GCC. The goal was to define a National Digital Identity Strategy governing the digital identities and reinforce it with robust implementation presented as a service which links to target 8.2 where it allows achievement of higher levels of productivity through technological upgrade and innovation. Through one platform, the citizens and residents have the ability to complete dozens of sensitive transactions such as financial, commercial, and social services remotely and securely. It also contributes to the fulfillment of SDG 9 by introducing and promoting a platform using technology which allowed for the efficient use of resources. It improved and created more structured, refined, and more efficient business processes of existing traditional public and private services and created new ones. The initiative addressed and unified electronic access for the identities of the citizens and residents on the platform. It is linked to target 9.1 by providing a platform that is inclusively accessible across the economy which makes it more resilient and reliable.
b. Please describe what makes the initiative sustainable in social, economic and environmental terms. (100 words maximum)
Socially and economically: It contributes to the aspects by governing digital identities, protecting from fraud and digital crime, and reinforcing it with robust implementation as a service. The service unifies a single sign-on where services are linked together allowing secure data transfer to prevent data duplication or overlapping.
Environmentally: It allows easier provision and is less time-consuming, thus contributing less to the ozone since people don’t have to physically attend to complete a service which contributes to the betterment of people’s lives. People’s work remains intact due to the service, less manpower is needed, since the service is unified.
Question 4
a. Please explain how the initiative has addressed a significant shortfall in governance, public administration or public service within the context of a given country or region. (200 words maximum)
It improved and created more structured, refined and more efficient business processes of existing traditional public and private services and created new ones. The initiative addressed and unified electronic access for the identities of the citizens and residents on the platform. The initiative’s service enabled 168 public and private sector entities to easily provide their services electronically through the platform by governing the digital identities and supporting citizens in completing an amalgam of sensitive transactions securely and swiftly without the risk of data breach and frauds. In 2020, 35 million transactions were swiftly completed with 14% growth in comparison to 2019.
b. Please describe how your initiative addresses gender inequality in the country context. (100 words maximum)
The initiative addresses equality by allowing women to issue their own national ID cards unlike in the past years. The system doesn’t differentiate between a man and a woman. The system provides the required data whatever the request is.
c. Please describe who the target group(s) were, and explain how the initiative improved outcomes for these target groups. (200 words maximum)
The initiative targets all groups and is all inclusive. For example, post on-boarding Ministry of Health the service was able to assist in scheduling medical appointments electronically to advocate the activation of health centers in neighborhoods by utilizing the national identities of people without having to physically book their appointments. In addition, before on-boarding Ministry of Education the range of complaints were between 1000 to 2000 in regards to the sign in process on the MOE platform, but after the service was integrated into MOE malicious complaints decreased to 100 due to the SSO.
To further ensure sustainability and reliability for the 168 entities, the initiative added 42 new services in 2020, with 22% growth since last year.
Question 5
a. Please describe how the initiative was implemented including key developments and steps, monitoring and evaluation activities, and the chronology. (300 words)
Developed policies and procedures
Designed and implemented infrastructure
Built systems and applications for the initiative
Developed online portal
Prepared technical manuals for integrating with the respective E-service providers for the public and private entities
Tested system security and technical capabilities
Launched the service and linked it with the entities
On-boarded 168 entities onto the production environment
b. Please clearly explain the obstacles encountered and how they were overcome. (100 words)
Conflict: Connecting public and private entities
Solution: Awareness workshops on the importance of the initiative as a service
Conflict: Difficulty to link multiple technical environments to the service providers
Solution: Standards protocols
Conflict: Lacking of system support of the service providers with the associated required protocols
Solution: APIs to support the protocols
Question 6
a. Please explain in what ways the initiative is innovative in the context of your country or region. (100 words maximum)
The initiative is innovative by using the available information from the national databases to build a unified digital identity through multiple log in access methods for the platform either through national ID card, resident’s fingerprint, username information, or PIN. Further methods are currently being developed, for example facial recognition.
b. Please describe, if relevant, how the initiative drew inspiration from successful initiatives in other regions, countries and localities. (100 words maximum)
During the benchmark studies for a single sign-on, it was observed that Singapore has an efficient single sign-on system implemented known as “SingPass” which utilizes multiple access modalities providing similar services.
c. If emerging and frontier technologies were used, please state how these were integrated into the initiative and/or how the initiative embraced digital government. (100 words maximum)
Not applicable
Question 7
a. Has the initiative been transferred and/or adapted to other contexts (e.g. other cities, countries or regions) to your organization’s knowledge? If yes, please explain where and how. (200 words maximum)
No, the initiative has not been transferred and/or adapted.
b. If not yet transferred/adapted to other contexts, please describe the potential for transferability. (200 words maximum)
Potential of transferability is there depending on the availability of the base components (National ID data, Infrastructure) required for an effective and productive operation of the system with substantial return on investments.
Question 8
a. What specific resources (i.e. financial, human or others) were used to implement the initiative? (100 words maximum)
1- It was government funded.
2- 28 technical staff were recruited across several departments including IT, administrative and operational.
3- Technical environment- hardware/ software
b. Please explain what makes the initiative sustainable over time, in financial and institutional terms. (100 words maximum)
The operating model for this initiative was built upon a capital investment by the government at the beginning to be recovered through the services' returns within a period of 5-7 years. The initiative is meant to be sustainable and self-funded where its revenue and bold governance will drive its lasting development and sustainability. It charges service providers with a fee for each log in transaction, and continuously develop the service and usage of the latest global technologies and protocols.
Question 9
a. Was the initiative formally evaluated either internally or externally?
Yes
b. Please describe how it was evaluated and by whom? (100 words maximum)
The initiative’s security and operational capabilities was evaluated by the internal IT teams to ensure security, durability, and sustainability. It was evaluated by the following entities:
1. National Cyber Security Center
2. Elm Company alongside EY
3. TechArch
4. Cybersecurity team at National Information Center
c. Please describe the indicators and tools used. (100 words maximum)
1. ISECOM’s
2. Open Source Security Testing Methodology Manual (OSSTMM)
3. Penetration Testing Execution Standard (PTES)
4. Open Web Application Security Project (OWASP).
5. Stress Testing
d. What were the main findings of the evaluation (e.g. adequacy of resources mobilized for the initiative, quality of implementation and challenges faced, main outcomes, sustainability of the initiative, impacts) and how is this information being used to inform the initiative’s implementation? (200 words maximum)
The security assessment results showcase:
1- High security on the initiative’s platform
2- Performance appraisal results
3- System's performance as designed and expected
Question 10
Please describe how the initiative is inscribed in the relevant institutional landscape (for example, how is it situated with respect to relevant government agencies, and how have these institutional relationships been operating). (200 words maximum)
In regards to governance, the collaboration and engagement is completed when signing a service agreement between the National Information Center and the respective entity that wants to utilize the service.
The entities involved are divided into two categories:
a. Governments or public sector entities whose services are free of charge get linked with the portal post signing the service agreement.
b. Public and private sector entities whose services are commercial or for a financial fee get linked with the portal after the linking procedures are transferred to government companies licensed by the National Information Center to provide services related to finalizing the linkage with the portal commercially in order to ensure sustainability of the service.
Question 11
The 2030 Agenda for Sustainable Development puts emphasis on collaboration, engagement, partnerships, and inclusion. Please describe which stakeholders were engaged in designing, implementing and evaluating the initiative and how this engagement took place. (200 words maximum)
There were collaborations with government agencies, and partnerships with private entities. Government agencies were involved in the design and implementation as the connectivity between different entities needed to be built into and tested before the final production. The complete system was evaluated and tested by multiple security and a host entity for durability, versatility, and security.
Question 12
Please describe the key lessons learned, and how your organization plans to improve the initiative. (200 words maximum)
1- To provide awareness sessions during the design and development stages and continuously engage stakeholders throughout the whole cycle till production and encouraging them to be partners from start to finish.
2- The streamlining of public services and availability of multiple entities’ services through a single point of entry contributing to more efficient services outcomes as well as reduction of fraud and data breaches, in addition to ease of services as well as gender equality. Hence to build further future services on the same concept and/ or the platform.
3- The initiative aspires to have by 2025: 450 actively integrated and registered entities, 20M transactions annually, and provide 500 services across the platform.