Questions/Answers

The aim of this national initiative is to find a comprehensive solution for the management and governance of digital identities to provide a unified electronic access service at the national level and to provide the necessary mechanism and tools necessary to solve the problems faced by many public and private agencies. The initiative addresses the problem by laying on obstructing the provision of many important services, which benefit citizens and residents, due to the low level of credibility and confidence in digital identity and the possibility of being stolen or hacked.

The initiative fosters innovation due to the fact that it delivers an inclusive service which required linking systems with the public and private sector in order to address the issue faced by these entities. The complications included difficulty to link multiple technical environments to the service providers across the 168 entities currently utilizing the portal. It adopted an innovative approach by finding an ample solution for governing digital identities through a unified electronic access service at the national level.

It contributes to the fulfillment of SDG 8 by creating a National Digital Identity System in the goal to have a highly secured, trusted and reliable Identity Platform promoting online services for all citizens and residents across Saudi Arabia and GCC. The goal was to define a National Digital Identity Strategy governing the digital identities and reinforce it with robust implementation presented as a service which links to target 8.2 where it allows achievement of higher levels of productivity through technological upgrade and innovation. Through one platform, the citizens and residents have the ability to complete dozens of sensitive transactions such as financial, commercial, and social services remotely and securely. It also contributes to the fulfillment of SDG 9 by introducing and promoting a platform using technology which allowed for the efficient use of resources. It improved and created more structured, refined, and more efficient business processes of existing traditional public and private services and created new ones. The initiative addressed and unified electronic access for the identities of the citizens and residents on the platform. It is linked to target 9.1 by providing a platform that is inclusively accessible across the economy which makes it more resilient and reliable.

Socially and economically: It contributes to the aspects by governing digital identities, protecting from fraud and digital crime, and reinforcing it with robust implementation as a service. The service unifies a single sign-on where services are linked together allowing secure data transfer to prevent data duplication or overlapping. Environmentally: It allows easier provision and is less time-consuming, thus contributing less to the ozone since people don’t have to physically attend to complete a service which contributes to the betterment of people’s lives. People’s work remains intact due to the service, less manpower is needed, since the service is unified.

It improved and created more structured, refined and more efficient business processes of existing traditional public and private services and created new ones. The initiative addressed and unified electronic access for the identities of the citizens and residents on the platform. The initiative’s service enabled 168 public and private sector entities to easily provide their services electronically through the platform by governing the digital identities and supporting citizens in completing an amalgam of sensitive transactions securely and swiftly without the risk of data breach and frauds. In 2020, 35 million transactions were swiftly completed with 14% growth in comparison to 2019.

The initiative addresses equality by allowing women to issue their own national ID cards unlike in the past years. The system doesn’t differentiate between a man and a woman. The system provides the required data whatever the request is.

The initiative targets all groups and is all inclusive. For example, post on-boarding Ministry of Health the service was able to assist in scheduling medical appointments electronically to advocate the activation of health centers in neighborhoods by utilizing the national identities of people without having to physically book their appointments. In addition, before on-boarding Ministry of Education the range of complaints were between 1000 to 2000 in regards to the sign in process on the MOE platform, but after the service was integrated into MOE malicious complaints decreased to 100 due to the SSO. To further ensure sustainability and reliability for the 168 entities, the initiative added 42 new services in 2020, with 22% growth since last year.

Developed policies and procedures Designed and implemented infrastructure Built systems and applications for the initiative Developed online portal Prepared technical manuals for integrating with the respective E-service providers for the public and private entities Tested system security and technical capabilities Launched the service and linked it with the entities On-boarded 168 entities onto the production environment

Conflict: Connecting public and private entities Solution: Awareness workshops on the importance of the initiative as a service Conflict: Difficulty to link multiple technical environments to the service providers Solution: Standards protocols Conflict: Lacking of system support of the service providers with the associated required protocols Solution: APIs to support the protocols

The initiative is innovative by using the available information from the national databases to build a unified digital identity through multiple log in access methods for the platform either through national ID card, resident’s fingerprint, username information, or PIN. Further methods are currently being developed, for example facial recognition.

During the benchmark studies for a single sign-on, it was observed that Singapore has an efficient single sign-on system implemented known as “SingPass” which utilizes multiple access modalities providing similar services.

Not applicable

No, the initiative has not been transferred and/or adapted.

Potential of transferability is there depending on the availability of the base components (National ID data, Infrastructure) required for an effective and productive operation of the system with substantial return on investments.

1- It was government funded. 2- 28 technical staff were recruited across several departments including IT, administrative and operational. 3- Technical environment- hardware/ software

The operating model for this initiative was built upon a capital investment by the government at the beginning to be recovered through the services' returns within a period of 5-7 years. The initiative is meant to be sustainable and self-funded where its revenue and bold governance will drive its lasting development and sustainability. It charges service providers with a fee for each log in transaction, and continuously develop the service and usage of the latest global technologies and protocols.

是

The initiative’s security and operational capabilities was evaluated by the internal IT teams to ensure security, durability, and sustainability. It was evaluated by the following entities: 1. National Cyber Security Center 2. Elm Company alongside EY 3. TechArch 4. Cybersecurity team at National Information Center

1. ISECOM’s 2. Open Source Security Testing Methodology Manual (OSSTMM) 3. Penetration Testing Execution Standard (PTES) 4. Open Web Application Security Project (OWASP). 5. Stress Testing

The security assessment results showcase: 1- High security on the initiative’s platform 2- Performance appraisal results 3- System's performance as designed and expected

In regards to governance, the collaboration and engagement is completed when signing a service agreement between the National Information Center and the respective entity that wants to utilize the service. The entities involved are divided into two categories: a. Governments or public sector entities whose services are free of charge get linked with the portal post signing the service agreement. b. Public and private sector entities whose services are commercial or for a financial fee get linked with the portal after the linking procedures are transferred to government companies licensed by the National Information Center to provide services related to finalizing the linkage with the portal commercially in order to ensure sustainability of the service.

There were collaborations with government agencies, and partnerships with private entities. Government agencies were involved in the design and implementation as the connectivity between different entities needed to be built into and tested before the final production. The complete system was evaluated and tested by multiple security and a host entity for durability, versatility, and security.

1- To provide awareness sessions during the design and development stages and continuously engage stakeholders throughout the whole cycle till production and encouraging them to be partners from start to finish. 2- The streamlining of public services and availability of multiple entities’ services through a single point of entry contributing to more efficient services outcomes as well as reduction of fraud and data breaches, in addition to ease of services as well as gender equality. Hence to build further future services on the same concept and/ or the platform. 3- The initiative aspires to have by 2025: 450 actively integrated and registered entities, 20M transactions annually, and provide 500 services across the platform.