Agra?? From: HAYES Declan Sent: 09 March 2018 12:36 To: Moyagh Murdock Cc: MCGURK Lorraine; TIMONEY Oisin; Ray; Declan Naughton; Liam Keane Subject: RE: PSC licence requirement Importance: High Sensitivity: Confidential Moyagh We have just met with the Minister?s Adviser and a decision has been made not to restrict applications for a driving licence/learner permit to PSC only identification. The plan now is to make it of the acceptable forms of identification as the Minister is not prepared to make it mandatory at this time. Obviously this will have implications not only for your planned online services, but also for the current requirements re Theory Test applications. We are now drafting a letter to go from the Minister to his colleagues in Social Protection and PER, following which we will prepare a reSponse to issue from him to Liz. I have also been advised (verbally) by the AGO (OPC) that you should give consideration to ?pulling? your recently launched advertisement campaign re the use of the card and that delivery of the required legislation to permit online applications by 30?h April is now seriously in doubt. Oisin and Lorraine will continue to work with Liam Keane on drafting appropriate Regulations to reflect the above decision. Regards Declan From: Moyagh Murdock Sent: Friday 9 March 2018 12:02 To: HAYES Declan; MCGURK Lorraine; Ray Cc: Declan Naughton; Simon Shevlin; Denise Barry; RSA - KEANE Liam Subject: PSC licence requirement Dear Declan/Ray Liam Keane has sent an email with information requested on the back ot the meeting Tuesday with OPC. I just wish to reiterate that the RSA is at a point of no return in relation to both the requirement to present a Public Services Card (PSC) for a licence application and to put in place an online application accessible via Any issues in relation to the Of?ce of the Attorney General previous advice to DEASP on agencies requiring the PSC, need early resolution. I trust that the OPC and the OAG will be consulting internally to come to an aligned View on these issues. I am out of the of?ce but will be available on Monday for any queries. In my absence please contact Declan Kind Regards Moyagh @6019} 2 PSC Possible Changes Issues Dump Meeting 9/3/18 Attn; Decian Naughton; Deirdre Horkan; Kim Calhoun; Enda Gilvarry; Michael Rowland; Gerry McGuire Brian Farrell; Simon Shevlin Area of Activity Implication Any immediate Action Needed Decision from DTTAS - Formal Response needed from DTTAS - Clarity on whether legality of MyGole, Data Sharing with DEASP, ability to require PSC in NDLS are all in doubt is this a shared Govt Decision? Administration Front Office: SOPS being reviewed and training being organised for post 9/4 changes. Change requests in train with Front Of?ce Contractual Change-Designation of Agent insert into Contract this may still be relevant Front Of?ce may not be able to be Closed down in Feb 2019 Back Office: - SOPS being reviewed and training being organised for post 9/4 changes 0 Change requests in train with Front Of?ce - Contractual Cha nge-Designation of Agent insert into Contract this may still be relevant Prometric Also] Communications a New Applications, distribution to be stopped and old version of forms to be resurrected I All Public Reps advised of change- update letter may need to issue I Any Media Queries- we will be directing these to the Department for response I They have been advised of upcoming changes, but its not likely that there will be a need to send them updated material - Communication to be entered into with Front Of?ce and Back of?ce around changes arising in PSC rules Digital Campaign to be paused Radio Campaign to be paused Website-All banners and popups to be pulled Driving for Work] Website NDLS Booking Changes to be pulled IVR changes in Abtran and CC to be adapted Monday 0 FAQs to be reviewed to re?ect new position ICT - There is a strong possibility that much of current technical build will continue to be valid for an online solution. ID Platform via PSC may need revaluation Finances 0 Additional cost may be incurred if we have to seek another platform to determine Identity for the NDLS project 0 Cost incurred on Comms that are now sunk 0 Cost may be incurred on an alternative message to the public one of many ID docs that will meet be accepted post 9 April I ICJ Project may incur additional costs . CRs may be needed with two Contractors I Some expenditure on current technical solution may be sunk 0 Future savings in NDLS may not be realizable if no online offering Legal 0 Depending on nature of change and this is to be clari?ed it may be that all that will need to be done is to add PSC to the list of acceptable documents. Other - Moyagh to alert RSA Board Chair 0? to advise ICJ Project is heavily dependent on single point of identity and this has implications across several projects in the organisation Simon Shevlin Pia/e? 3 From: Declan Naughton Sent: 10 March 2018 19:44 To: Grainne Hegarty; Aileen O'Mahoney; Annette Burke Cc: Simon Shevlin Subject: PSC Potential Change of Heart Grainne/Aileen/Annette A brief update on news from DTTAS around PSC. On Friday RSA was advised that (on basis of AG's advice) is not con?dent around the legal standing of the PSC being required on a mandatory basis for driving licence purposes- in effect PSC can become just one of many forms of identity that is allowable. This has implications for the NDLS Programme as we were relying on it PSC being mandatory for both 9/4 and 30/4 initiatives. We need to understand exactly what the DTTAS position is eg. whether for example data sharing is ok to proceed with or not. No matter what the extent of the roll back it has serious implications for not just NDLS Online but also for the Integrated Customer Journey (which relied on a single point of Identity veri?cation. As I say we will be back liaising with DTTAS Monday to understand what the decision is and what the consequent implications are. The reason its unclear is partly because we are acting on a Government decision and we need to understand is the DTTAS position unilateral or is it the government position. Will keep you posted. Oh and Happy Mother Day? Le gach dea ghui Director Driver Testing and Licensing Road Safety Authority .. .f sis-?Sm Blank Page ?rm 4? Vivienne Moran From: HAYES Declan Sent: 13 March 2018 15:22 To: Moyagh Murdock Subject: RE: Driving Licence Moyagh Thanks for that clarification. I do believe that we should meet up as soon as possible to ?explore? our options and agree what we will now be legislating for. Do you want to give me a call to discuss availability? Kind regards Dedan From: Movagh Murdock? Sent: Tuesday 13 March 2018 14:10 To: HAYES Declan Cc: Ray; MCGURK Lorraine; TIMONEY Oisin Subject: RE: - Driving Licence Dear Declan I apologise for the discussion that took place between Declan and unfortunately I haven?t had an opportunity to sit down with the team to discuss what is now in progress and the next steps as I have been out of the office in Dublin since Friday when your email came through. In fairness to the RSA team and Declan, they are contact daily with their counterparts in DPER and OGCIO as part of the planning for this project and it was in this context the discussion took place as we are/were nearing the deadline of April. I believe the real issue here is this unexpected development on a project which we have been progressing vigorously since March 2017 when the RSA was instructed by the Secretary General to drive forward the integration of our systems with the Public Services Card as a matter of priority. The indication I believe is that we may be formally told we will not be proceeding on this path. As the clear direction came from the Sec. Gen and was further clarified in October, I will be corresponding in more detail regarding the implications of this change to him. I would reiterate that the purpose of the letter from the Chairperson Liz O?Donnell to Minister Ross was to seek his support from his colleagues in Cabinet to ensure all parties are fully resourced to handle the expected increase in demand at the various support centres and that no surprises or deterioration in service occur. Finally, I understand the Speed Limit Review Meeting has just be deferred but I am happy to travel to Dublin on Friday to meet on the issue in the same time slot if that is agreeable to you. Regards, Moyagh From: HAYES Declan Sent: 13 March 2018 11:59 T0: Movash Murdock Cc: Ray MCGURK Lorraine TIMONEY Oisin Subject: Fw: - Driving Licence importance: High Moyagh wish to bring the email below to your attention. We are signi?cantly surprised and disappointed that a direct approach has been made to DPER in this matter by the RSA, without any discussion regarding such intentions with this Department beforehand. This is especially concerning in light of the conversation that I had with you on Monday whereby informed you that our Minister had given us a policy direction to follow in respect of whether or not to make the PSC mandatory in applying for a driving licence/learner permit and that we were drafting a letter for the Minister to send to Ministers Donohue and Doherty setting out his reasons for the policy change. i also informed you that we would be drafting a response for the Minister to respond to the letter from the RSA of 7tr March 2018 (which, as I suggested to you, played a part in influencing the Minister?s decision) to issue to the Chair of the Board of the RSA as soon as possible. Finally, I believe that we had provisionally agreed to meet on the fringes of the Speed Limit Review meeting on Friday to discuss this matter further. Therefore, the message below has, as you will appreciate, caused concern, not only in DPER but in DTTAS too I wait to hear from you at your convenience. Regards Declan From: Ray Sent: Tuesday 13 March 2018 11:43 To: Owen Harrison Cc: Barry Lowry; HAYES Declan; MCGURK Lorraine; TIMONEY Oisin Subject: RE: - Driving Licence Owen lam just going to a meeting now but Declan will be in touch to update you. Regards Ray From: Owen Harrison Sent: 13 March 2018 10:05 To: Ray Cc: Barry Lowry Subject: - Driving Licence Hi Ray, Declan Naughton from the RSA has been in touch and has expressed a significant and immediate concern regarding a potential change in policy messaging coming from in regards underpinning the Driving Licence 2 authentication process with the PSC and MyGole. There may be miscommunication afoot, though the RSA needs clari?cation asap considering they are mid-flight implementing their comms campaign and associated process switch for the above. You might revert to us on this please with any relevant information. I?m out of the of?ce for a lot of the day, and have cc?ed Barry - if you could include him in your reply that would be great. Thanks, Owen Principal Of?cer Of?ce of the Government Chief Information Officer Department of Public Expenditure and Reform 3A Mayor Street Upper Spencer Dock Dublin 1 001 WP44 The information contained in this email (and in any attachments) is confidentiat and is designated soieiy tor the attention and use at the intended recipient(s). it you are not an intended recipient of this email, you must not use, disctose, copy. distribute or retain this message or any part of it. if you have received this emait in error, ptease notify me immediatety and deiete ati copies of this email from your computer system{s). Ptease note that this emait and any repty thereto may be subject to a request for reiease pursuant to the Freedom of information Act. Ta an thaisn?is ata sa riomhphost seo (agus in aon cheangatta?in) taoi rtin agus tS don fhaighteoir/do na iaighteoiri beartaithe e? agus ?/iad sin amhain. Mura tusa an taighteoir beartaithe, nior cheart duit an teachtarreacht seo na aon chuid di a Usaid, a nochtadh, a chdipeait, a dhaiteadh ha a choinneaii Sa ch?s gur tn earraid a fuair tu an rromhphost sec, tabharr fogra dom taithreach faoi sin agus scrios gach cdip den riomhphost seo (5 do riomhchora(i)s Tabhair tact deara go hhi?adtaidh an riomhphost seo agus aon threagra air bheith faor rerr iarrardh at a eisiurnt de bhun an Achta um Shaorari Farsnerse Ta eolas sa teachtaireacht leictreonach seo a d'fh?adfadh bheith priobhaideach no faoi run agus b'fh?idir go mbeadh ?bhar r?nda no pribhl?ideach ann. Is le h?aghaidh an duine/na ndaoine no le h-aghaidh an aonain atzi ainmnithe thuas agus le haghaidh an duine/na ndaoine sin amhain ata an t-eolas. Ta cosc ar rochtain don teachtaireacht leictreonach seo do aon duine eile. Murab ionann tusa agus an t? a bhfuil an teachtaireacht ceaptha do biodh a fhios agat nach gceadaitear nochtadh, coipeail, scaipeadh no tisaid an eolais agus/n? an chomhaid seo agus b'fh?idir d'fh?adfadh bheith midhleathach. The information in this email is con?dential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. The information contained in this email and in any attachments is con?dential and is designated solely for the attention and use of the intended information may be subject to legal and professional privilege. lfyou are not an intended recipient ofthis email, you must not use, disclose, copy, distribute or retain this message or any part of it. if you have received this email in error, please notify the sender immediately and delete all copies of this email from your computer system(s]. Road Safety Authoritv Ta eolas sa teachtaireacht leictreonach seo a d'fhe?adfadh bheith priobhaideach n6 faoi r?n agus b'fh?idir go mbeadh abhar runda no pribhl?ideach ann. Is le h-aghaidh an duine/na ndaoine no le h?aghaidh an aonain ata ainmnithe thuas agus le haghaidh an duine/na ndaoine sin amhain ata an t-eolas. Ta cosc ar rochtain don teachtaireacht leictreonach seo do aon duine eile. Murab ionann tusa agus an te? a bhfuil an teachtaireacht ceaptha d6 biodh a ?'lios agat nach gceadaitear nochtadh, c?ipeail, scaipeadh n6 ?sziid an eolais agus/nc?) an chomhaid seo agus b'fh?idir d'fh?adfadh bheith midhleathach. The information in this email is con?dential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be UHlanUl. memento,? peter/Cb From: Laura Byrne Sent: 14 March 2018 15:33 To: 'grahamdoyle-' Cc: 'RayOLeary_'; Declan'; Moyagh Murdock Declan Naughton Subject: Letter from RSA regarding PSC Attachments: to Graham Doyle re PSC.v2.pdf Dear Secretary General, Please see attached letter from Ms. Moyagh Murdock, CEO of the Road Safety Authority. Kind Regards Laura Byrnel Secretariat Road Safety Authority Moy Valley Business Park, Primrose Hill, Ballina, Co. Mayo Post Code: F26 Tel (096) 25010 Fax 096-25024l Follow us on: ll mm Road Safety authority 03356;} Blank Page Working To Save Lives 14 March, 2018 Graham Doyle, Secretary General, Department of Transport, Tourism and Sport, Leeson Lane, Dublin 2 Dear Graham, I was advised by the Declan Hayes by telephone this morning that the Minister has made the decision to change the policy requiring the Public Services Card (PSC) for driving licence applications and that to proceed on the original implementation deadline of 9?11 April, 2018 would be in direct contravention of this decision. This follows on from the initial indications via email on Friday the March from Declan and subsequent discussions that such a decision was being contemplated. 0n the 3" March, 2017 you wrote to the Chairperson of the RSA expressing your disappointment that the BSA was not proceeding at an appropriate rate with the integration of the PSC and SAFE 2 into our Iicencing operations. In that letter you gave instructions for the RSA and its service providers to move on with Government policy and implement the SAFE 2 veri?cation requirements into the Iicencing process. Your letter of the October, 2017 subsequently gave full clarity to the Government policy and legal position. From receipt of the March letter, the Board and the Executive accelerated a transformation agenda. This included: a A new contract for the Driver Theory Test with new requirements included in the service delivery model including the requirement that Prometric (service provider) would provide for the PSC being a mandatory requirement. Incidentally we were advised that the necessary legal backing was in place for that by your Department. Over several months, further engagement with the Department of Employment and Social Protection (DEASP) resulted in them committing to issue applicants with a PSC in advance of them applying for Theory Test. This is now the standard documentation an applicant must bring with them when conducting the test. There has been no negative feedback from applicants regarding their having to comply with this requirement. We are currently processing approximately 2000 applicants per week. I We have guarantees from DEASP that they could cope with the numbers and slot availability would not be a blocker/cause of delay for licence applicants this coming April. Since our awareness campaign started 2 weeks ago, we have ?gures in from DEASP to indicate successful MyGole registrations have gone from approximately 2,000 per week to 39,000 per week. Pair: Ghno Ghleann na Muaulhe. Cnoc an [Sabhaircim Bdthar Bhailc Alba Cliath, B?al an Atha, Co Mha-gh E6 May Valley Business Park, Primrose Hill. Dublin Road. Ballina, Co. Mayo Inca?: 1890 so So 80 tel: (096} 25 000 email: inio@rsa.ic website: wvn-a rsale Udaras Urn Sh?bhailteacht Ar Road Safety Authority Working To Save Lives We are introducing an online and postal option so that those already with a PSC card did not have to return to another Government Agency in order to receive a driving licence. This enabled us to commence the process of ending the Front Of?ce contract, which we have done. This contract with 565 was to cease from February 2019. This is now in doubt and may have to be retendered. We engaged internal and external IT support services to develop an online licence offering and the system is now ready for testing with an implementation date of the 30"1 April 2018. We contracted with our Communications provider to develop a messaging portfolio for TV, Radio and Press to make the public aware that a PSC is required in order to apply for a driving licence from April, 2018 onwards. This is running since the 26?? February, 2018. The RSA has been working with our external suppliers and all the necessary business decisions have been made to ground the PSC requirement. All of the above when fully implemented will mean: The PSC is the standard SAFE 2 veri?cation process as mandated by Government. The RSA will be fully compliant with Government Policy. The citizen will only have to present in person once in order to avail of government services. The RSA has online and postal options available for licence applications. The front of?ce contract will be concluded with signi?cant cost savings made accordingly. Signi?cant bene?ts for road safety through the reduction in fraud and keeping unlicensed drivers off our road. The Minister? 5 decision to change course now has signi?cant implications and include some of the following: Udan?is Um Shabhailteacht Ar Bholthre Road Safety Authority The RSA will not be compliant with overall Government Policy in relation to the use of PCS. . The front of?ce operation (36 of?ces in total) will have to continue beyond February 2019 and a retendering process will be necessary. There is insuf?cient time to do this and it will also have signi?cant cost implications, (The cost of this operation is approximately 6.7m per annum). We will have invested considerable funds (circa ?2m) in IT and communications some of which we will now have to write off. We will have to prepare a new communications campaign for the public reversing the advice already issued. The investment in training of Front Of?ce and Back Of?ce Agents which has already commenced will have to be suspended and a new set of guidelines will have to be developed once clarity on the way forward for an online service is identi?ed. The Comptroller and Auditor General will have to be notified of the expenditure involved and any losses incurred as a result of the decision. The reputation of and public con?dence in the RSA will be damaged. Pain: Ghno Ghleann na Mualdhc. Cnoc an tSabhacrcin. Bother Bhaule litha Ellath, an Alba. Co. Mliaigh E6 Mov Valley Business Park, Primrose Hill. Dublin Road, Bailina. Co Mayo local: last: so Bo 80 tel: {095] 25 one email: lnio@rsa.ie website: rsane COCOIOOCIOC Working To Save Lives On Friday morning, 9m March, 2018, I received an email from the Of?ce of the Minister for Finance which stated that the Government is fully committed to the previous Government decisions of 2005 and 2013 regarding the use of the PSC and the MyGole SAFE-based online Identity Authentication solution for all appropriate Government services. As you know, the PSC is already required for Revenue, Passoort and Theory Test services and that SUSI is about to launch an online service dependent on the PSC. In light of all of the above and in the context of the decision communicated this morning, I will be reporting to my Board on this matter and request urgent clari?cation on how we are to proceed with the online driving application process and the sharing of data with DEASP to facilitate the other application methods such as postal. Yours sincerely, $3;ng Mascot Moyagh Murdock CEO Pa rc Ghno Ghleann na Muaudhe, Cnoc an ISabharrcin, Bother Bhaile Atha Cliath, B?al an Alba, to Mhaigh Ed May Valley Business Park, Primrose il. Duhl Road, Ballina, Co Mayo locall' 1890 so So So Id: (036} 25 one email- Info@rsa.ie website: rsa.ne Udar?s Um Shabhailteacht Ar Road Safety Authority B??nk Page ?22496 From: Moyagh Murdock Sent: 14 March 2018 17:31 To: HAYES Declan Subject: 2015 C8LAG Report Into the PSC Attachments: ChapterlO CBLAG Report 2015.pdf Declan, Interesting extracts from the 2015 report on the Account of the public services 2015 Relevant extracts only. Use of PSC and future developments 10.42 Use of the card is being piloted or is to commence shortly in the following areas 0 as part of driver licence application by the Road Safety Authority, including theory test applications and driver licence renewals 10.47 The Secretary General stated that the focus subsequently was to progress the development of the PSC and develop protocols to maximise the use of high-quality data collected during the PSC registration process. DPER worked with DSP to develop a single customer view which takes data from various repositories across the public service and links them. The single customer view has become the next best solution to a single trusted repository of identity information. 10.48 He also stated that in line with the development of those protocols, his Department commenced work on issues around data sharing, governance and the security of data which will be key elements of legislation currently being developed. This legislation will provide for the regulation of data sharing between public bodies and for applicable safeguards and conditions. It will also provide for the completion of a privacy impact assessment by those involved in a proposed sharing of data. This will form part of information governance assuring that individuals? rights to privacy and con?dentiality are appropriately protected. 10.58 Progress has been made in developing a comprehensive identity management and privacy policy. In 2016, DSP launched an online system whereby other public bodies can authenticate their customers online. In addition, DPER has stated that it is working on the development of legislation for the regulation of data sharing between public bodies and for applicable safeguards and conditions. Moyagh Moyagh Murdock Chief Executive Officer Road Safety Authority May Valley Business Park, Primrose Hill, Dublin Road, Ballina, Co. Mayo 3096-25025 not. my lo Eur an: $1.343? Blank 939? 1 DPER was part of the Department of Finance when the project commenced. For simplicity. reference throughout the chapter is to DPER 2 A budget of around ?1 million was approved by Gavernment in 2005 for the initial phase of the project to develop the SAFE standard This was to cover the costs of the standard design. public consultation and communications and research and was to be funded from within the existing resources of DSP and DPER 10 10.1 10.2 10.3 10-41 10.5 10.6 10-? 10.5 10.9 Roll-out of the Public Services Card The project to develop a public services card (PSC) was identi?ed in 2004 as an important component for modernising public service delivery by standardising the framework through which public services are accessed and developing the PSC to replace some or all of the existing cards in use. The key advantage identi?ed for using a single card-based access to public services was that delivery of services becomes substantially more ef?cient when the means for identifying and authenticating the user are standardised across all government agencies. in addition. the use of a PSC would reduce the rates of fraud and errors caused through incorrect identi?cation and authentication of users of public services The Department of Social Protection (DSP) led the project to develop the PSC. The Department of Public Expenditure and Reform (DPER)provided support in terms of policy development. sanctioning of the required project resources and project oversight.1 This report examines the extent to which the project objectives have been achieved. the project costs. and the manner in which the project was managed. Project approval One of the initial signi?cant challenges for the project was to identify and develop a framework for establishing and authenticating the identity of (potential) service users which could be used as a basis for issuing a PSC The Government gave approval in June 2004 for the development of a framework and a steering group was established comprising a range of government departments to develop the standard. Following submission of a joint memorandum by the Ministers for the two Departments. In July 2005. the Government approved, inter-alia. the development of a detailed technical speci?cation required for the procurement of supporting primarily the establishment and authentication of identity for access to public services; and the development of proposals for a comprehensive identity management and privacy policy Development of the SAFE programme In 2005. the Standard Authentication Framework Environment (SAFE) programme was initiated to progress the development of a security standard for the PSC.2 The decision to develop a PSC envisaged that it could be used for all existing and future card-based public services over time using the SAFE standard (see Figure 10 1) Even where agencies might need to issue speci?c cards for their services for operational or legal reasons. the development of the SAFE standard would provide bene?ts through secure identi?cation and authentication of the user. 112 10.1!) 10.11 Report on the Accounts of the Public Services 2015 Figure 10.1 Summary of Standard Authentication Framework Environment (SAFE) Level 1 2 3 (SAFE1) (SAFEZ) (SAFES) Level of assurance as to identity Balance of Substantial Beyond probabilities assurance reasonable doubt Requirements Has a Personal Public Services I Number Photo ID e.g. passport. national ID card. driving licence etc. Signature Evidence of name. date of birth. sex. mother?s birth surname. place of birth and nationality Documentary evidence of r? address eg. utility bill Biometric data g. ?ngerprint. iris scan Associated card type No card Card with photo Card with photo. and signature signature and biometric data Source Office of the Comptroller and Auditor General Note All registrations by DSP are to SAFE level 2 i.e SAFE2 Project expenditure DSP commenced development of the PSC based on the SAFE standard and compatible with the to replace the existing social welfare card with a view to issuance commencing in 2007 The PSC was delivered through a combination of external providers and internal DSP resources with the cost currently expected to be around ?60 million. as set out in Figure 10 2. 10.12 10.13 Roll-out of the Public Services Card Figure 10.2 Expenditure to end 2015 and projected costs to end 2017 (incl. VAT) Cost Budget at Expenditure Commitments! Total to July 2012 to 2015 estimates and 2017 6m Gm 5m 5m Managed service contract Development costs 1 .8 1.8 - 1.8 Card production 20.3 13.2 9.1 22.3 Helpdesk' 1 2.5 - 2 5 Change requests Total payable to supplier 24.9 18.5 9.1 27.6 Department staff 27.5 16.8 12.0 28 8 Consultancy and other software 1.6 1.3 0.1 1.4 Hardware and maintenance 1.2 0.9 0.1 1.0 Software support and maintenance 0.1 0 4 0.4 Administration 0.4 0.1 0.5 Total 55.3 38.3 21.4 59.7 Source Department of Social Protection Note a Helpdesk figures include costs associated with calls from customers to request activation The estimate of staff costs is based on DSP's request for 200 additional staff for a four year penod Staff cost covers only those directly involved in the PSC project and does not include other DSP staff costs stall involved in the internal upgrade of the ICT systems Card production targets In December 2009. DSP entered into a contract with a supplier at a ?xed price of 519.7 million plus 21% VAT to produce 3 million cards by end 2013 - 2.095.000 standard cards and 905,000 free travel variant cards. Included in this price was 61 46 million for initial set-up costs. postal fees of ?2.64 million for issuing the card and a personal identi?cation number (PIN) and ?18 million for helpdesk query handling. The total number of P505 produced at end of June 2016 was 2.06 million comprising 1.37 million standard cards and 693,000 free travel variants This represents 65% and 77% of the respective total of cards to be produced for each category. 1 ie 114 Report on the Accounts of the Public Services 2015 Figure 10.3 Cumulative public services card production Cards issued millions 3 2013 Target 0 r?P I II 1 2012 2013 2014 2015 2016 Estimated Source: Office of the Comptroller and Auditor Genera' Note. The figure for 2016 is as estimated in the revised 2016 agreement. 10.14 outlined a number of measures put in place to support PSC production 160 registration stations are operating at 100 locations each with a capacity to handle 100 registrations per week. This gives suf?cient capacity nationwide to register 16,000 per week. and. based on a year of 50 working weeks. 800.000 annually. DSP has stated that this level of registration is rarely achievable due to a number of factors. including - clients failing to attend without prior notice - registrations not being straightforward. eg. where clients do not have a Personal Public Service Number (PPSN). do not possess a photo ID or may require additional time A mobile SAFE registration solution was in place. Each mobile unit comprises a laptop, high resolution scanner. camera and screen Use of the mobile units enables registrations to take place mostly in communitylcongregated settings and (in exceptional circumstances) at the registrants place of residence. There are currently 19 units in operation with 1,082 individuals registered for the PSC in twelve locations by end August 2016. DSP developed a website for accessing public services?. As of August 2016. services available from the website relate only to DSP. such as appointment services for PPSN and PSC registration. applications for Paternity Bene?t, access to the Jobslreland website and jobseekers senrices. DSP has stated the discussions are ongoing with other public bodies providing services online. with a view to providing a secure customer veri?cation process for such bodies. It is expected that the ?rst services from Revenue will come on stream before the end of 2016 10.15 10.16 10.17 Roll-out of the Public Services Card Following issuance of the card to the address veri?ed during the SAFE registration process. holders were requested to activate the card by making a phone call to the helpdesk DSP explained that, in order to satisfy a requirement from the Of?ce of the Data Protection Commissioner. 3 process was introduced which required the card recipient to activate the card on receipt by telephoning the helpdesk and answering security questions While the card activation process con?rmed receipt of the card by the correct individual. it does not initiate any functionality of or on the card. 0f the 2 06 million cards produced at the end of June 2016, only 1.2 million had been activated. DSP has stated that as PSCs are utilised by more service providers, the opportunities for con?rmation that cards have been received by the correct person by manual inspection or online) have increased. Accordingly. DSP has now removed the requirement for customers to activate the cards Project management Project planning and financial oversight A key element in project planning is the devetopment of a business case setting out the objectives to be achieved and explaining the basis for the decision to proceed There is no single business case document for the PSC, setting out at a high level all of the information needed to get the project started (scope. justi?cation. funding. roles and responsibilities). and which communicated this key information to the project's stakeholders The examination reviewed key project documents supplied by DSP and DPER and assessed the content against a standard business case model the results of which are set out in Figure 10.4. 110 Report on the Accounts of the Public Services 2015 Figure 10.4 Assessment of project plan against good practice business case Good practice contents of business case Issues covered in at least one document Project speci?cation Problem de?nition Project objectivesiscope Key stakeholders Assessment of organisation capacity to undertake project 1.: Dependencies Procurement Consequences of not proceeding with projectlaftematives Information securitytdata protection Timeline and work plan Risks Costs and resources Staff resources required to support project Projected costs Bene?ts Qualitative and quantitative bene?ts to the Department Qualitative and quantitative bene?ts to the customer Project governance and management Project structure Project roles Project initiation document Bene?ts realisation plan 0 Conclusions and recommendations Source Analysis by the Office of the Comptroller and Auditor General of the consultant study 2003 Memorandum to Government 2004 SAFE Business Requirements - 2005 Memorandum to Government 2005 DSP papers and correspondence to DPER in 2009 seek ng sanction to proceed with the preject and paper on deployment oi PSC 2011 Notes. - included 0 - not included - partially covered 10.18 Elements of a good practice business case were included in several documents examined. However, there were a number of omissions or partially addressed matters . A comprehensive estimate of the total projected project costs including the allocation of existing DSP staff was not prepared. The initial estimate of the increased by 62 mime? to project cost was developed in September 2009 alter the procurement process for million in 2012totake account or a managed service provider had commenced. This covered the expected cost of :szrc?lr??mdm?s *3 managed service provider of ?24 million1 and the development of new technical enhancemen; ca systems estimated at between 61.5 million to ?2 million The ?rst estimate of other project costs such as DSP staff and internal ICT systems upgrades was 2 DPER approved lso clerical outlined in a sanction request to DPER in December 2011 following the posts for the project up to the completion of the pilot to test technical facilities and card registration 2 end at 2013 A subsequent request was made by DSP in - There was no initial assessment of DSP's capacity to deliver the project or a February 2014 to seek further staff resourcing and DPER approved an additional as temporary staff (is. a total of 218 stat!) until the end of June 2015 fonnai assessment of the project risks. It is noted that an assessment of risks and capacity was made in the context of a request for staff resources prior to the deployment of the P50 in late 2011. 11.7 Roll-out of the Public Services Card Key dependencies were only partially assessed with the capacity of the existing IT infrastructure to deliver the project not evaluated. There was no plan setting out how and when the project?s bene?ts would be measured. and who was responsiblelaccountable for their delivery. A single project initiation document (PID) was not prepared at the outset of the project. Views of the Accounting Officer DSP 1 0.1 E: The Accounting Of?cer has stated in relation to project planning and ?nancial oversight It was generally accepted at the time that. given the relatively innovative nature of the project (mass registration of the population to a speci?c standard and the production and issuance of a sophisticated multi-purpose smart card) and the lack of comparable references (in that no other public or private body had undertaken anything even close to similar). it was not possible to properly estimate any cost until market testing via the procurement process had taken place. Prior to 2004 and 2005 Government decisions. DSP had identi?ed the need to replace its Social Security Card and Free Travel Pass and had initiated an internal process to achieve same. The extension of the PSC project to this initiative was mandated by the Government in the decisions mentioned above. A formal project management structure was put in place and associated processes implemented. As required, internal resources were redeployed and requests for additional resources were submitted to DPER DPER accepted that additional staff would be required at various times to deliver the project and sanctioned these. The bene?ts associated with the project were identi?ed and set out at a high level in the 2004 and 2005 Memoranda for Government and associated papers (including the Accourt Study into the P80 and the SAFE Business Requirements etc). The bene?ts of the P30 and associated services will eventually be accrued across the public service rather then solely by DSP. It was always the case that other public bodies would only start usinglrequiring the PSC once a signi?cant number of their customers were in possession of one. Therefore. the full identi?cation and realisation of the bene?ts of the project can only be assessed once other publ:c bodies identify their uses for the P80 and implement these in practice. Accordingly. it was not possible in the early years of the project to produce a plan detailing fuil bene?ts potential and means for measuring the achievement of these While a single document PID was not produced in the early 20005. the constituent elements the 2004 and 2005 Memoranda for Government. the Government decisions that resulted from these. and various associated papers (including the Accourt Study into the P50 and the SAFE Business Requirements) From July 2005 to July 2007 DSP concentrated on the development of the detailed functional speci?cation required for the PSC. It also developed a project proposal for the development and deployment of the P80. and associated infrastructure. This work was concentrated in and managed by the Client Identity Services division of the Department. This led to a submission on 23 July 2007 to the DSP Management Board which gave its approval to proceed with a project proposal, structure and membership, and with the preparation of a request for tender for an outsourced card management service 1 This responsibility has since transferred to the National Transport Authority 10.20 10.21 10.22 10.23 10.24 10.25 10.26 Report on the Accounts of the Public Services 2015 Project delays DSP developed and advertised a competition for the procurement of a managed service provider for PSC production in 2007 and a preferred supplier was selected in June 2008. However. as the public ?nances deteriorated. the competition was suspended pending completion of the annual estimates process for 2009 Subsequently DSP proceeded with the procurement and signed a contract with a managed service provider in December 2009. Under the contract. it was envisaged that production of the cards would commence by autumn 2010 but no later than April 2011. However. pilot production of cards commenced in October 2011 and around 4.000 cards were produced by the year end. DSP stated that at that time. it incurred an unprecedented and rapid increase in customer numbers and consequent demand for services It was also required to undertake the integration of two other organisations and introduce signi?cant new processes. All of this led to a signi?cant increase in staf?ng requirement In this context. DSP concluded that its central technical infrastructure required Signi?cant upgrade and expansion. and had to have priority over all other technical projects As a consequence, the Department devoted the ?rst half of 2011 to building up the underlying technical infrastructure this was mainly central server related (throughput. fault tolerance and management capability). This meant that the new PSC functionality could not go live until the autumn 2011. Initial plans for the PSC included a free travel variant requiring integration with the integrated ticketing system for the public transport network which was simultaneously being developed. The variant was delayed pending the availability of a suitable speci?cation from the Railway Procurement Agency1 for the integration of the PSC on the ticketing system Project costs and variations The sanction conveyed by DPER in October 2009 included a recommendation that the contract with the supplier should allow for a contract review on an annual basis. and for tenninationlsuspension without penalty in certain circumstances. such as substandard production quality. non-adherence to agreed standards or the availability of the requisite funding. Under the terms of the contract with the service provider. DSP reserved the right to laminate the contract at any stage on payment of reasonable costs accrued to the date of termination. In mid-2012, the contractor requested a revision of the contract to address commercial implications which it asserted had arisen due to the delays in the development of the PSC by DSP. DSP agreed to amend the price terms of the contract due to the lower than anticipated card production volumes During 2015. it was apparent the completion of the contracted 3 million cards by end 2016 was not going to be achieved. In December 2015. DSP received the approval of DPER to negotiate the contract with the managed service provider Figure 10.5 summarises the changes in contract terms 1 A kinegram is a drfiractrve security device embossed into a substrate It is intended both as a security feature and for visual appeal and introduces increased security to the card to prevent duplication 113 10.27 10.20 10.29 Roll?out of the Public Services Card Figure 10.5 Summary of changes in managed service contract 2009 2012 2016 Comment Unit Cost per card Standard card 4.221 4.961 5.375 Rates in 2012 and 2016 are averaged to take account oi front-loading of payments due to delays and DSP requested changes. Free travel variant 5.520 5.901 6.363 Production costs ?m 6m Em Standard 8.8 10.4 11.3 Free travel 5.0 5.3 5.7 Total production 13.0 15.7 17.0 costs Other costs Technical setup 1.5 1.5 1.5 Initial setup costs Other ?xed charges - 1.3 0 7 Additional software development for tree travel variant due to' delays with and changes in speci?cation for compatibility with the integrated ticketing system: and phase 2 development and testing Postage 2.7 1.8 1.8 Postage cost reduced 50% due to not using PIN. Helpdesk 1.5 2.1 2.1 Additional costs due to provision of activation procedure through the helpdesk. Total other costs 6.0 5.7 5.1 Total 19.8 22.4 23.1 Source Office of the Comptroller and Auditor General The cost of the contract with the managed service provider has increased by ?33 million from the 2009 ?gure due to contract changes and revisions including - extension of contract to 2017 at an extra 60 737 per card ?1.28 million - a l-rinegram1 was added after the 2009 contract was signed at a cost per card of ?0.38 ?1.14 million delays and amendments in relation to free travel card ?0.72 million The 2016 contract provides for an advance payment by DSP in January 2017 of 50% of the cost of the outstanding balance of 3 million cards. The cost of cards produced in 2017 is to be deducted in full from the advance. Also. should the target of 3 million cards not be reached by the end of 2017. the cost of cards not produced will become payable in full. In the event that in excess of 3 million cards are produced by 31 December 2017. a discount of 5% will be applied resulting in a cost per card as follows . standard PSC ?438.04 - free travel ?5.6154 10.30 10.31 10.32 10.33 10.34 10.35 Report on the Accounts of the Public Services 2015 Views of the Accounting Officer DSP DSP has stated that it is satis?ed that the revised deadline for the delivery of 3 million cards will be achieved and that payments for the non-delivery of cards will not arise It also stated that the contract the managed service provider will come to an end in December 2017 and that it plans to seek tenders for production of PSCs from 1 January 2018. The Accounting Of?cer stated that the PSC project is a major piece of public service infrastructure that will in time be leveraged by all public bodies. She stated that the main bene?t of PSCs and the SAFE programme relates to the saving in the time spent re-verifying an individual?s identity each time a member of the public tries to access a public service small savings for each interaction with multiple cardholders will represent a considerable overall saving. Views of the Secretary General DPER In relation to the extent of the business case. the Secretary General stated that it was important to note, that the issuing of the sanction in October 2009 was the culmination of a ?ve-year process. involving detailed consideration by Government. beginning in June 2004 when the Government approved the development of a standards-based framework for the PSC and the establishment of a Steering Group to oversee the task. A further Government decision issued in July 2005. which included the noting of progress made in developing the SAFE programme. the approval of the development of a technical speci?cation required for procurement of cards and the approval of the development of proposals for a comprehensive national identity management and privacy protection policy. He stated that the sanction which issued in October 2009 was for the development of the card in line with the aforementioned Government decisions and following the development of the SAFE programme. the tendering process and the selection of the preferred bidder. He stated that DPER accepted that additional staff would be required to deliver the project and that this allocation was sanctioned by DPER in February 2012. The allocation of existing DSP staff to the project was to be met from existing DSP resources. DPER has also stated that while staf?ng costs have been estimated to end 2017. sanction is currently only in place to retain the temporary clerical of?cers until the end of 2016. DSP will be required to engage DPER in relation to the number of temporary staff needed for 2017. Depending on the outcome of that process. sanction may. for example. be conveyed for a lower number of staff than assumed, with a consequent impact on future costs Project benefits Savings achieved DSP stated that the main bene?t of the PSC is in the saving of time previously spent re-verifying identity when a member of the public accesses a public service. DSP considers the reduction in the number of people who fraudulently claim to be someone else and a reduction in the potential for forgery as ancillary bene?ts. DSP did not set a savings target in this area given the dif?culties in assessing how many people have been or are engaged in identity fraud 11H 10.35 1113?? 10.39 Rolleout of the Public Services Card DSP calculates savings from controls implemented by combining the amount of actual overpayments raised and future payments which it will not be making. Savings are recorded in respect of persons in receipt of a welfare payment where a person Invited to make a SAFE registration does not complete the process. and the payment ceased or was suspended. Savings are not recorded in cases where a new claim made for assistance is abandoned or withdrawn because of failure or inability to complete SAFE registration DSP control processes estimate savings by scheme heading and it has estimated that up to end July 2016. savings of 62.5 million were achieved due to the introduction of the PSC. Figure 10.6 Recorded SAFE registration savings as at and July 2016 Scheme Fraud and No of Savings Proportion of error cases with 000 scheme survey savings recipients registered Jobseelters Assistance 3.1 204 1.217 90% Jobseekers Bene?t 1.6% 37 428 84% Supplementary Welfare Allowance 5 1 1 - One-parent Family Payment 2.7% 16 334 89% State Pension Non-Contributory nia 2 50 72% Child Bene?t 0.5% 1 5 65% Household Bene?t and Free - 1.540 447 Travel Total 1,855 2,502 56% Source Department of Soc at Protection Note a 69': . of Household Benefit recipients are registered while 63 of Free Travel recipients are registered Included in the above saving of ?25 million are 131 cases (51 .7 million) of suspected fraud. detected via the facial image matching software that have been referred to DSP's spacial investigation unit andior An Gerda Slochana Figure 10.7 gives the status of these 131 cases Figure 10.7 Cases of suspected fraud as at July 2016 Status Number Concluded - no issue arising in relation to identity fraud 11 Finalised in court. custodial sentence 9 Finalised in court. non-custodial sentence 4 Legal proceedings initiated 22 Investigation underway 70 Not proceeded (mainly due to person leaving the jurisdiction) 15 Total Source Department of Social Protection Note a in one case an international arrest warrant has been sought 1 2 The Civil Service Management Board is made up of all Secretaries General and Heads of major of?ces and is chaired by the Secretary General to the Gavernment. Its role includes the management and accountability of cross-cutting projects that involve multiple departments and agencies. lb 10.40 10.41 10.4? 10.43 10.44 10.45 Report on the Accounts of the Public Services 2015 View of the Accounting Officer DSP The Accounting Of?cer pointed out that the savings recorded relate to the cases where DSP actually caught the person using a false identity. The Department cannot assess the actual savings that have been made in cases where a person signed off or claimed they no longer needed social assistancefbene?t instead of going through the SAFE registration process. Use of PSC and future developments In addition to the use by DSP. the PSC and SAFE2 process is being used as follows - the free travel variant is operational on the public transport network including participating private bus operators - ?rst time adult passport applicants must in future possess the PSC . the PSC has been added to the list of acceptable forms of ID for external candidates sitting State examinations. electoral purposes. receipt of housing assistance payments. and prison viSIts. Use of the card is being piloted or is to commence shortly in the following areas - as part of driver licence application by the Road Safety Authority. including theory test applications and driver licence renewals - a trial issue of PSC to transition year students was completed in May 2016 and an initiative has commenced to roll-out to all transition year students in the 2016/2017 school year. It was envisaged in a June 2004 Memorandum for the Government. that a central group would examine - the need for primary legislation on identity management - use of the PPSN and PSC in the justice and private health sectors and in the private sector generally - the need to create an organisational structure to manage central identity management services nationally. One of the challenges in extending the use of the public service card infrastructure to other agencies is the need to implement identity access management (IAM) measures DSP launched the IAM system in February 2016 which is available to other public bodies to authenticate their customers online. based on the PSC and the SAFE2 registration process In June 2016, the Civil Service Management Board2 (CSMB) approved a project to support a broader identity management initiative which would enable other public bodies to utilise the PSC and SAFE process. The project will bejointly led by DSP and DPER through the Of?ce of the Government Chief Information Of?cer (OGCIO) 10.46 10.48 10.49 Roll-out of the Public Services Card - Public service bodies will be encouraged to use the PSC for identity management and to ensure the identity management programme. encompassing the SAFEZ programme, and the IAM system is fully rolled out and is implemented in a sustainable way. In this regard. it will be mandatory for all new processes being delivered online or digitally to use SAFEZ and the IAM system and a plan should be developed to migrate existing servicesiprocesses over time. . Personal identi?cation processes in the public service will be mapped. with a view to migrating to the broad identi?cation management system - Public bodies will be encouraged to require their clients to register to SAFE2 level and use the PSC. - A public communications programme will be developed and implemented to raise awareness of the bene?ts of using the IAM system and PSC Views of the Secretary General DPER DPER undertook an in-depth research and consultation exercise on the development of a comprehensive national identity management and privacy protection policy following the Government decision in 2005 which involved a number of discussion papers and consultation with a range of departments and agencies. This led to the development of a draft proposal in 2009 which recommended the centralisation of the management of identity for the public service. Industrial relations concerns were raised regarding the transfer of functions. Further consideration in 2011 noted that it may not be suitable to centralise the function in one line department and that the correct 'home' for identity management was not likely to be clear for some time The Secretary General stated that the focus subsequently was to progress the development of the P80 and develop protocols to maximise the use of high-quality data collected during the PSC registration process. DPER worked with DSP to develop a single customer view which takes data from various repositories across the public service and links them. The single customer view has become the next best solution to a single trusted repository of identity information. He also stated that in line with the development of those protocols, his Department commenced work on issues around data sharing. governance and the security of data which will be key elements of legislation currently being developed. This legislation will provide for the regulation of data sharing between public bodies and for applicable safeguards and conditions. It will also provide for the completion of a privacy impact assessment by those involved in a proposed sharing of data. This will form part of information governance assuring that individuals' rights to privacy and con?dentiality are appropriately protected. Finally. he noted in relation to the 2004 Government decision regarding an identity access management policy that while a general policy might prove beneficial he did not believe that the adoption of the PSC was restricted by the absence of such a policy. 124 10.50 10.51 10.52 10.53 10.54 10.55 10.56 10.57 Report on the Accounts of the Public Services 2015 Conclusions it was originally intended that 3 million public service cards would be produced by the end of 2013. At the end of June 2016. over 2 million cards have been produced. A number of factors including the need to update IT infrastructure have led to the delay. DSP expects that the target of 3 million cards will be delivered by the end of 2017 under revised arrangements with the managed service provider. DSP expects to incur costs of up to ?60 million on developing and issuing P305 to the end of 2017. The cost of the managed service provider contract increased by over ?3 million due to contract changes and revisions arising from delays in the project and additional security features. DSP has spent ?22 million on card activation by June 2016 Just under 60% of cards issued have been activated at the end of June 2016 Activation did not enable or add any functions on the card, it only con?rmed receipt of the card by the individual. Government made a number of decisions in 2004 and 2005 which formed the basis of the PSC project. A business case or project plan was not developed at that time. Business cases should quantify and compare the total costs of a project against the bene?ts expected in order to inform the decision-making process. In addition. the business case for a project facilitates ongoing review to ensure that continued expenditure represents best value and is affordable. and that the project is capab'e of being delivered successfully. in relation to the absence of a business case at the inception of the project or during the implementation phase the Accounting Of?cer stated that at the time of its inception in the early 20005. the SAFEIPSC project was a brand new. innovative approach to smart-card usage and identity management which had not been used anywhere else in Government. Similar initiatives in the private sector were in their infancy Accordingly. it was not possible to build a single detailed business case of the sort envisaged in advance. The Accounting Of?cer also stated that while a business case had not been developed, the project has been coherently planned and implemented in conjunction with DPER and with the support of relevant decision makers and stakeholders. Speci?c costings were only developed in 2009 after the procurement process for the managed service provider commenced and. In 2011. in relation to required staf?ng component. It was not evident that a comprehensive risk evaluation and assessment of key dependencies such as reliance on IT systems and organisation capacity was conducted. DSP did not set a target in relation to savings that were expected to accrue from the introduction of the card as a result of administrative or customer savings in the time spent re-verifying an individual's identity. It also did not set a target for savings that could be expected from the reduction in identity fraud that would be expected to accrue on the introduction of the card. At July 2016 DSP estimates savings in payments of ?25 million since the introduction of the PSC. based on the suspension of welfare payments in instances where an individual invited to make a SAFE registration did not do so 192': Roll-out of the Public Services Card 10.58 Progress has been made in developing a comprehensive identity management and privacy policy. In 2016. DSP launched an online system whereby other public bodies can authenticate their customers online In addition. DPER has stated that it is working on the development of legislation for the regulation of data sharing between public bodies and for applicable safeguards and conditions. 125 Report on the Accounts of the Public Services 2015 Blank Page 3019.3 71 Vivienne Moran From: Moyagh Murdock Sent: 14 March 2018 17:51 To: HAYES Declan Cc: TIMONEY Oisin Lorrainemcgurk Subject: Paper on the National Driver Licence Service support of the SAFE2 process Copy Attachments: Paper on the National Driver Licence Service support of the SAFE2 process - Copy.docx Hi Declan, I am forwarding on the minutes ofa meeting on 22"d April 2016 here in Ballina, you may recall it yourself as you and Nicola dialled in that day. Ray O?Leary attended as well as Ger Maguire. Clear instruction was given by Ray that the PSC was the only show in town. Also, on page 12 of the eGovernment Strategy 2017-2020, it is quite clear that the Driver licence applications will require applicants to be SAFE 2 registered and Online renewal of drivers licences to be introduced and use MyGole by March 2018. We have missed the deadline The Theory Test Applicants bylune 2017. The only way to be SAFE 2?s is via the PSC. In contrast, the Department ofJustice make a distinction that it would be optional, Introduce the optional use of the PSC as an Age Cord for use as a Proof of Age service. Also worth noting is that the called the SAFE2 out as a ?nding in our 2014 audit and directed that ownership must be resolved at 3 Departmental level, ideally the DSP. We agreed in our management response. I have attached both the RSA 2014 report and also the DSP 2015 report which Graham referenced in his letter of March 2017. I have sent that on separately. Moyagh .. Blank Page eGovernment Strategy 2017?2020 June 2017 Ireland eGovernment Strategy 2017.202!) a 1 Foreword The Department of Public Expenditure and Reform?s previous eGovernment strategy set out a vision of what needed to be done to continue the good progress that had already been made in improving citizens? and businesses? access to and interaction with Government Services. The Public Service ICT Strategy, published in 2015, then placed the eGovernment Agenda within a bigger picture of change, i.e. of a government using data and digital to drive a better customer experience and using sharing, enhanced governance and improved capability to maximise the effectiveness of all aspects of government ICT and associated services. The appointment of a dedicated Minister of State for eGovernment in May last year demonstrated the Government?s commitment to better serve its people using modern, secure and robust technology. This document therefore highlights the aspects of the ICT Strategy and subsequent delivery programme that will really enhance the vibrancy and user centricity of eGovernment in Ireland. I look forward to seeing the positive outcomes that its implementation will de?ven Patrick O?Donovan, TD Minister of State for Public Procurement, Open Government and eGovernment Departments of Finance, and Public Expenditure and Reform Ireland eGovernment Strategy 2017-2020 an: PE R.GOV.IE a I 2 1. Executive Summary Ireland is well placed to be an exemplar in eGovernment The eGovernment 2012 2015 Strategy1 set out a step change approach that would see Ireland make ever greater use of Digital and ICT to improve the experience of citizens and businesses transacting with Government. The 2015 Public Service ICT Strategy2 then set out how Ireland would further develop its use of innovation and technology to meet the growing needs and expectations of its people. When delivered, this Strategy will create a new model for ICT delivery across the Public Service; delivering more efficiency and effectiveness in service delivery through a more integrated, shared and inclusive digital environment. The Public Service ICT Strategy is fully aligned to the Government direction in this area, most recently articulated in November 2016 with the publication of the Draft Open Government Partnership National Action Plan 2016?2018.} This commits Government inter alia to increased citizen engagement, increased transparency and open data. The EU eGovernment Action Plan 2016-2020? highlights the importance of the digital transformation of government to the success of the European Digital Single Market, by helping to remove existing digital barriers and preventing further fragmentation arising in the context of the modernisation of public administrations. It sets out 20 principles that Member States are recommended to observe in order to deliver the significant benefits that eGovernment can bring to businesses, citizens and public administrations. This document demonstrates how the development of its Public Service ICT Strategy not only allows Ireland to align closely with the EU eGovernment Action Plan but will ensure that Ireland is well placed to be an exemplar in eGovernment. 2. Business Context lreland has made significant strides in terms of political leadership, administrative alignment and technological advancements. Public Service Reform was a central element of the response to the crisis of recent years and remains an essential part of building for the future. Since the first Public Service Reform Plan was published in November 2011, a comprehensive programme of reform has been implemented. This has enabled the Public Service to continue to provide essential services, while demand for those services increased and while resources were very constrained. A second Public Service Reform Plan 2014-2016 was published on 14"1 January, 2014. This renewed wave of reforms was developed, building on the progress made to date and re?focussing the Government's ambition for reform. This phase of reform reflected the need to maintain a focus on reducing costs and increasing efficiency. This Plan had an ambitious overarching objective of delivering better outcomes for all stakeholders and a strong emphasis on service improvement. The 1See 2See 3See ?See Ireland eGovernment Strategy 2017-2020 - PE R.GOV.IE a 3 Plan was delivered through a focus on service users, on efficiency and on openness, underpinned by a strong emphasis on leadership, capability and delivery. The Civil Service Renewal Plan5 (CSRP) was launched by the Minister for Public Expenditure and Reform and the Taoiseach in October 2014 and set out a fundamental new vision and direction for the Civil Service. The Renewal Plan focused on driving practical change through 25 specific actions in four key areas: 1. Unified Managing the Civil Service as a single unified organisation; 2. Professional Maximising the performance and potential ofall civil service employees and organisations 3. Responsive Changing our culture, structure and processes so that we become more agile, flexible and responsive 4. Open and Accountable Continuously learning and improving by being open to external ideas, challenge and debate. A number of the 25 actions relate to the opportunity to use digital and ICT to drive improved service and transformation, including: I CSRP Action 5: Improve the delivery of shared whole-of-Government projects; - CSRP Action 6: Expand the model of sharing services and expertise across organisations; 0 CSRP Action 19: Expand the ICT capacity of Departments and increase efficiencies by creating common systems and infrastructure; - CSRP Action 24: Improve how data is collected, managed and shared. Another facet of the Government's commitment to modernisation is its support for the Open Government Partnership (OGP) initiatives, which challenges governments to be more transparent, accountable and responsive to citizens. In December 2016, the Minister for Public Expenditure and Reform published a National Action Plan 2016-2018 following a consultation process. The commitments set out in the National Action Plan 2016-2018 move forward on many of the key themes that civil society highlighted in the context of Ireland's first National Action Plan 2014-2016. The themes addressed in the National Action Plan 2016-2018 are: Increased Citizen Engagement, to improve policies and services; Increased Transparency, to better understand government activities and decisions; Open Data, for tran5parency and innovation; and Anti-Corruption and Strengthened Governance and Accountability, to ensure integrity in public life. Information and Communications Technology Contribution The Public Service ICT Strategy represented the ICT response to the challenges of the Public Service Reform and Civil Service Renewal agendas. The Strategy, which was published in 2015, set out an ambitious ICT-driven agenda under five "pillars", i.e. Build to Share; Digital First; Data as an Enabler; Improve Governance; and Increase Capability. See 6 OGP Is a multilateral initiative currently joined by some 70 countries in the developed and developing world see hn en 0v annershl .or Ireland eGovernment Strategy 2017-2020 . PE a 1 4 The ICT Strategy is aligned with the objectives of the Public Service Reform Plan of increasing efficiencies and the overarching objective of providing better outcomes for citizens, businesses and public servants though embracing the latest technological advances. When delivered, this Strategy will create a new model for ICT delivery across the Public Service; delivering more efficiency and effectiveness in service delivery through a more integrated, shared and digital environment. 1. Build to Shore Creating ICT shared services to support integration across the wider Public Service to drive efficiency, standardisation, consolidation, reduction in duplication and control cost. ll 2? D'g'w?LF'rSt Digitisation of key transactional services and the increased use of to deliver improved efficiency within Public Bodies and provide new digital services to citizens, businesses and public servants. 3- Data as an In line with statutory obligations and Data Protection guidelines, facilitate Enabler increased data sharing and innovative use of data across all Public Bodies to 1% enable the delivery of integrated services, improve decision making and improve openness and transparency between Government and the public. 4' improve Ensure that the ICT strategy is aligned, directed and monitored across Public Governance . Bodies to support the specific goals and objectives at a whole-of- government level and with an emphasis on shared commitment. 5. increase Capability Ensure the necessary ICT skills and resources are available to meet the current and future ICT needs of the Public Service. The 18 Step Action Plan (see Annex A) not only delivers against the Public Service ICT Strategy and Civil Service Renewal Plan, but it was also developed very much in the context of the drive towards a European Digital Single Market and the EU eGovernment Action Plan 2016-20. The Speci?c Focus of eGovernment and the European Dimension eGovernment is a specific facet of a Government ICT Strategy. It is intended to specifically support administrative processes, improve the quality and inclusiveness of the services, and increase internal public service efficiency. It is generally recognised across the public service that digital public services reduce administrative burden on businesses and citizens by making their interactions with public administrations faster and efficient, more convenient and transparent, and less costly. Moreover, as an active participant in the delivery ofthe EU eGovernment Action Plan, Ireland fully subscribes to the view that by using digital technologies as an integrated part of their own modernisation strategies, governments can help unlock further economic and social bene?ts for society as a whole?. Of course, it is notjust about the presentation of services, we must and will also ensure that we incorporate best practice security into our designs, ensuring appropriate cyber and privacy safeguards underpin all of 7 Recommendation of the Council on Digital Government Strategies, OECD, 2014 Ireland eGovernment Strategy 2017-2020 -- PE a 5 our digital services, including best practice implementation of the EU's General Data Protection Regulation. While there is recognition that Ireland has done well in the delivery of digital government services to date, we recognise that the key to an even better customer experience is to provide access to all services via a gateway or portal. This will not only make access easier but, through the use ofvoluntary registration and identification, will enable us to adopt the "tell us once, we will use many times" principle that underpins all excellent digital services. Indeed, not only is this the key to better government services, it is essential to facilitating the participation of our people and businesses in the emerging European Digital Single Market. It was the desire to ensure a cross-European collaborative approach to the Digital Single Market that led to the European Commission launching a new eGovernment Action Plan for 2016-2020, which would speci?cally seek "to remove existing digital barriers to the Digital Single Market and to prevent further fragmentation arising in the context of the modernisation of public administrations". Consequently, the EU eGovernment Action Plan sets out a number of principles that Member States have been asked to observe in order to deliver the significant benefits that eGovernment can bring to businesses, citizens and public administrations themselves. 3. Vision and underlying principles This eGoverment Strategy is underpinned by the Government?s commitment to be open, flexible and collaborative with our citizens and businesses, using digitisation and technology to increase efficiency and effectiveness and constantly improve public services. The Government recognises that the lives of our citizens have become increasingly digital, leading to higher expectations of public administration performance?. Citizens and businesses expect greater transparency and it is the Government?s intention to ensure the trust of its people by opening up to and engaging with stakeholders in decision-making?, and ensuring more accountability. In addition, the Government recognises that opening public sector data and services to third parties, in full compliance with the legal framework for the protection of personal data and for privacy, has the potential to contribute to growth and com petitiveness. This eGovernment Strategy also recognises Ireland's growing influence and role as a European state and, to that end, this Strategy will ensure our alignment to the EU eGovernment Action Plan, which is guided by the following vision: By 2020, public administrations and public institutions in the European Union should be open, ef?cient and inclusive, providing borderless, personalised, user-friendly, end-to-end digital public services to all citizens and businesses in the EU. Innovative approaches are used to design and deliver better services in line with the needs and demands of citizens and businesses. Public administrations use the opportunities offered by the new digital environment to facilitate their interactions with stakeholders and with each other. Consequently, the publication of this eGovernment Strategy confirms the Government of lrela nd?s support for the underlying principles of the EU eGovernment Action Plan, which are as follows: 8 EU eGovernment Benchmark Report 2014 9 Recommendation of the Council on Digital Government Strategies. OECD. 2014 Ireland eGovernment Strategy 2017-2020 PE a 6 Digital by Default: we will deliver services digitally as the preferred option through a single contact point or a one-stop-shop and via different channels. We will still keep other channels open for those who are disconnected by choice or necessity and we will explore ?assisted digital? for those who feel they would benefit from such a service. Once only principle: we will strive to ensure that citizens and businesses only need to supply the same information to us once. We will then internally re-use this data, in due respect of data protection rules, so that no additional burden falls on citizens and businesses. lnclusiveness and accessibility: we will design digital public services that are inclusive by default for the widest possible audience (universal design) and cater for a broad range of needs and abilities, including older people and people with disabilities10 11. Openness transparency: we plan to enable citizens and businesses to access, control and correct their own data; we will also enable users to monitor administrative processes that involve them; we will engage and consult with key stakeholders (such as citizens, businesses, researchers and non-profit organisations) in the design and delivery of services. Cross-border by default: we will develop the capability to make relevant digital public services available across borders (where permitted to do so) to facilitate mobility within the Single Market. Interoperability by default: we will design and review public services taking into account the wider desire that these should where possible work seamlessly across the European Digital Single Market and across organisational silos. Trustworthiness Security: our aspiration is to go beyond compliance with the legal framework on personal data protection and privacy, and best practice in IT security, by integrating those elements in the design phase of new public service projects. We recognise that these are important pre-conditions for increasing trust in and take-up of digital services. Digital Health Services Healthcare in Ireland is changing radically as a result of various demographic, organisational and resourcing factors, the increasing proliferation of technology and in particular the internet. These factors mean that future healthca re systems will need to be radically different in orderto respond efficiently and equitably to forecasted demand. Demographic changes resulting mainly from an ageing population have been projected to add 1% per annum to our health care costs for the foreseeable future. Significant other costs will arise from expected rises in chronic disease rates as well as increasing demand and complexity of healthcare services. The eHealth strategy published by the Government in 2013 demonstrates how the individual citizen, the Irish healthcare delivery systems - both public and private - and the economy as a whole will benefit from eHealth. It shows how the proper introduction and utilisation of eHealth will ensure: - The patient is placed at the centre of the healthcare delivery system and becomes an empowered participant in the provision and pursuit of their own health and wellbeing. 1? A directive on making the websites and mobile apps of public sector bodies more accessible was published on 2 December 2016 and entered into force on 22 December 2015, COM (20121721. 11 Disability Act 2005 (Code of Practice} {Declaration} Order 2006 is I. No. 163 of 2006) Ireland eGovernment Strategy 2017-2020 PE R.GOV.IE a 7 The successful delivery of health systems reform and the associate structural, financial and service changes planned. 0 The realisation of substantial health service efficiencies including optimum resource utilisation. - That Ireland's healthcare system can respond to the challenge defined by the EU task force report - Redesigning health in Europe for 2020 - to ensure that in the future all EU citizens have access to a high level of healthcare, anywhere in the Union, and at a reasonable cost to our healthcare systems. 0 That the potential of eHealth as a driver for economic growth and development can be realised. The delivery ofeHealth to Ireland means digital transformation. It means the agile transition to an underlying healthcare model that exploits digital infrastructure that is making Ireland the digital hub for Europe. This evolution will enable commonly shared capabilities and access to information throughout health and removes silos of information that exist today. It will ensure that excellence is shared - not piloted in obscurity, but enabled and encouraged to realise benefits to patients. eHealth is an important enabler to the sharing and protecting ofinformation and providing a range of services digitally for patients. The Department of Health and the Health Services Executive through eHealth Ireland are focused on delivering technology to securely support healthcare, grounded in the outcomes it delivers and not deploying technology for its own sake. Digital solutions enabled by the deployment of the individual health identifier will deliver a range of patient focussed services based technology to support electronic health records, ePrescriptions, digital radiology enabling connected health solutions. The strategy is being realised through the implementation of the HSE's Knowledge and Information Plan which aims to deliver an electronic health record for Ireland. It will no longer be acceptable for technology professionals to simply support the business; the delivery of digital health will be the business ofthe health services.Thus, the developments in eHealth are consistent with the national eGovernment Strategy; moreover, there is an excellent opportunity to use the national principles and plans to also help in the delivery of excellence in eHealth service provision. 4. Delivering our eGovernment Principles Our eGovernment priorities will be taken forward through the delivery of 10 key actions, which are set out below. We will keep our plans under review and add to or refine them over the 3 years that the Strategy is in place. 1. We will develop a Digital Service Gateway - we recognise the clear requirement from our citizens and businesses to have a similar user experience in dealing with Government as they would have in dealing with the best ofthe retail and banking sectors. We will therefore ensure all of our Digital Government services are high quality, secure, reliable and easy to use, can be provided on a cross-government basis and are designed around a positive user experience. Achieving this requires a simple front-end that can present the services of most interest/ relevance to citizens and businesses, can allow them to authenticate themselves through an identification process and then can use the information they have provided to Ireland eGovernment strategy 2017-2n2n PE R.GOV.IE a 8 save them the inconvenience of repeated re-keying in the future (this will not prevent them going directly to services that they are already familiar with). We will therefore develop a Digital Service Gateway, using appropriate consultation with the public and/or their representatives. 2. We will maintain an overall Digital Programme plan overseen by our eGovernment Minister - we will continue to build upon the excellent progress made since the publication of the ?rst eGovernment Strategy by increasing the scale of the service provision and developing a more cohesive, joined-up programme that clearly articulates our achievements, priorities and progress. We will identify common requirements in service provision, e.g. authentication and payments, build on existing initiatives, and ultimately seek to develop these on a write once use many basis. 3. We will develop our existing capability - as stated above, we recognise the value of e- le as a means to protecting our people and our businesses against fraud; improving the overall user experience, avoiding the requirement for the public to provide the same information to Government numerous times; and helping Public Service fully align with Data Protection principles and legislation. The and the Digital Services Gateway will be the means for single sign-on/authentication and veri?cation/update of general information simple address information), using the "tell us once? principle. We appreciate that on-Iine identity remains an area of concern due to fears of on-line personation or identity theft. We believe that we already have an excellent approach to addressing these concerns and facilitating safe and robust citizen identification, whether face to face, by telephone or on- line. We will therefore maintain our efforts to increase the uptake of MyGole and the Public Services Card through the SAFE ll authentication model and, to that end, we have developed a roadmap for underpinning access to key public services with SAFE ll authentication see Annex B. 4. We will develop similar plans to facilitate business and location identi?cation - becoming a data-driven government and providing better digital services whether nationally or across Europe is hugely dependent on holding reliable data on businesses and locations as well as peeple. We will therefore continue to encourage uptake of the Eircode and develop a model for Location and Business e-ldentification. As well as citizens, businesses will be enabled to interact with Government to via the Digital Service Gateway, using an e-identification process to use relevant information already provided and avoid repeated re-keying in the future (this will not prevent them going directly to services that they are already familiar with). 5. We will enhance our data-sharing capability - we are doing this by working with key stakeholders to develop the concept of a National Data Infrastructu re, Le. a set of principles, standards, codes, policies, systems and infrastructures overseen by an appropriate governance model designed to standardise the collection, processing, classification, storage, transmission of and access to key Government data assets. 6. We will introduce legislation to support our data-sharing ambitions - we intend to take a Data-Sharing and Governance Bill through legislation to provide for the regulation of Data- Sharing between Public Service Bodies and ensure applicable safeguards and conditions Ireland eGovernment Strategy 2017-2020 PE R-GOVJE a I El (including governance). 7. We will continue to develop our Open Data portal - we fully recognise the benefits of sharing our data with outside stakeholders where appropriate and were proud to note the formal recognition of our efforts earlier this year when Ireland was ranked in the top 3 in Europe for Open Data maturity?. We will continue to engage with key stakeholders on strategic direction and increase the quantity and quality of the material we make available. 8. We will transform our ?back of?ce? - we will simplify our processes and back-of?ce infrastructure to facilitate better, more cohesive and more cost effective delivery of Government services. 9. We will ensure appropriate governance is in place - this eGovernment Strategy will only achieve its ambitions if appropriate governance is in place to ensure that our data is managed securely, our services are joined-up appropriately and we do maximise the efficacy of our investments through sound stewardship of projects and avoidance of duplication. 10. We will ensure our people have the skills and capabilities to help us move fomrard - we recognise the need to have people with the con?dence to challenge how we currently do things and the capability to help facilitate appropriate interventions and transformations. We will do this by training the ICT staff who will deliver the technology and the business people who will be providing the digital-led services. 5. Conclusion This eGovernment Strategy has been developed with the aim of setting out the next phase of eGovernment in Ireland. It sets out the contextual changes that have occurred since the publication of the first eGovernment Strategy, particularly with regard to a more joined-up Civil Service. a more digitally focused European Union and significant changes in technology, use of technology and resulting public expectation. It recognises the progress that has continued to be made and the momentum that has been created by the Public Service ICT Strategy and its 18-step delivery plan. The Strategy therefore focuses on 10 key actions. These are designed to continue the momentum in Ireland?s drive for excellence in eGovernment, ensure alignment with the wider EU eGovernment agenda and ensure that the next strategic review is carried out against a background of success and achievement. 1? See Ireland eGovernment Strategy 2017-2020 . A PE R.GOV.IE a Annex A: Public Service Strate 18-Ste Deliver Plan I Digital Programme Office Digital Service Gateway Di ita I I Communications Plan Challenges I Gole Uptake I Culture and Structures I Risk Management/ Legacy . NDI Devel?pment I Resourcing! Funding Data as an ?p . Best Practice Mapping . Security "3 er I Prooi of Concept . Capability I BTS Infrastructure Build {incl Help Desk Support] Public Service . Data Centre, Strategy I Technical ?oadmap Build to Share Policy Implications I Best Practice 8. Governance I BTS Applications I Internal Portal Data Sharing I Information} Records Funding] Charging Policy Information I Records Management! Usage Policies Improve I Advisory Board Governance I CIO Forum increase I Icr HR Strategy Capability Ireland eGovernrnent 51mm 2011-2an Annex B: Adoption Plan for the Public Services Card and MyGole The availability of a secure and consistent citizen identity verification scheme is a requirement for the effective delivery of digital services, the reform of backend processes, the ability to effectively make policy decisions, the protection of personal data, and the interoperability with EU Member States in the context of citizen interaction. In line with the 2013 Government Decision, 5180/20/10/1789, the Public Services Card (PSC) infrastructure is the Government?s standard identity veri?cation scheme, which is to be used for access to all public services where appropriate. As such, the widespread adoption of the PSC infrastructure, including its online counterpart MyGole, to underpin access to public services by citizens is critical to the successful delivery of the eGovernment strategy. The following lists the commitments by Departments and Offices to adopt the PSC and MyGole infrastructure for speci?ed public services within the listed timeframes. Department/Of?ce Service Note Date Access to the online PAYE Office of the Revenue Online PAYE Anytime Anytime service will be possible Commissioners Service via Jun-17 Access to the Drivers Theory Test will require service users to Road Safety Authority Drivers Theory Test be SAFE 2 registered Jun-17 Submission of a school transport appeal will require submitter to be SAFE 2 registered; Dept. Education and School Transport Online submission of appeal will Skills Appeal be possible via MyGole Sep-17 Checking eligibility for treatment benefits Dept. Employment 81 (dental/optical/aural) via Social Protection Treatment Benefit MyWeIfare using MyGole Nov-17 All adult passport applications, new and renewals, for residents in Ireland will require applicants to be SAFE 2 registered; Dept. Foreign Affairs Online renewal of adult and Trade Passport Application passports will use MyGole Q4-18 Driver licence applications will require applicants to be SAFE 2 registered; Online renewal of drivers Drivers Licence licences to be introduce and use Road Safety Authority Application Ma r-18 Dept. Justice and Equality; Introduce the optional use of Dept. Emp 8: Social the PSC as an Age Card for use Protection Proof of Age as a Proof of Age service (13-18 Student Universal Student Grant MyGole will be used as the Support Ireland (SUSI) Application authentication mechanism to Apr-18 Ireland eGovernment Strategy 2017-2020 a 12 5 PER.GOV.IE provide access to the student grant scheme for the 2018/19 academic year. Applicants will have to be SAFE 2 registered in order to make an application Dept. Education and Submission of a school grant appeal will require submitter to be SAFE 2 registered; Online submission of appeal will Skills School Grant Appeal be possible via MyGole Sep-18 MyGole will be used as the authentication mechanism to provide access to a new online Health portal being launch in 2018 - this portal is to provide access to a growing number of Health Service Executive Online Health Portal health related services online. Sap-18 Support for individual access to Dept. Agriculture, Food the Agfood.ie set of services via and the Marine Agfoodje MyGole Sep-lB Ireland eGovernment Strategy 2017-2020 R.GOV.IE a 1 13 Blank Page Paper on SAFE2 validation in the RSA A meeting was held in the RSA HQ on Friday 22 April 2016 to discuss the SAFE2 validation process. The attendees at the meeting were; RSA Moyagh Murdock (remotely) Declan Naughton, Simon Shevlin, Mick Hoban DTTAS Ray 0 Leary, Ger Maguire, Declan Hayes and Nicola Hayes (both remotely) DSP Tim Duggan, Michelle 0? Donnell 1. Background Ray O?Leary set out the State commitment to delivering services to the customerand the need to have SAFE as part of the mechanism to deliver these services. Moyagh Murdock outlined the RSA's commitment to SAFE2 through the NDLS and other services the RSA provides, this commitment has resulted in a cost to the RSA in operating the NDLS. She also said that in a situation where services are delivered externally making changes brings further cost and process change which will inevitably impact on customers. Tim Duggan recognised the RSA concerns and outlined a new Governance and Operational model which would assist in ful?lling the Government commitment to validate all citizens to the SAFE2 validation standard. The new Governance and Delivery model for SAFE2 will have to be signed off under the Path?nder mechanism which is managed by 3 Secretary Generals. 2. Future Approach to SAFE The key points from the new Governance and Operational model are; I The new Governance structure will reconstitute the SAFE Steering Committee set at Assistant Secretary level with working groups set up as required to assist the decision making of the Steering Committee. a The franchise model which was the driving force behind the operating of the SAFE2 validation model will be reviewed due to the success of DSP validating up to 2 million citizens. a The proposed new approach is to utilise the data already collected by other State Organisations such as the driving licence data held on the National Vehicle Driver File (NVDF) by DTTAS. Mandate that all new services provided by the State which require validation will be set at SAFE2 and that new services providing an online facility will use the Identity Authentication Mechanism developed by DSP. I All current services provided by the State will bring their validation process in line with SAFE2 within agreed timelines. a Development of publicity campaign around the SAFE validation process therefore no State organisation would have to develop their own communication or publicity campaign on SAFE2 or the PSC. If the key points above are rati?ed by the Path?nder process a number of areas should be considered for SAFE implementation. 3. Next Steps 3.1 Utilise data already captured by NDLS and stored on the NVDF The NDLS have issued over 1.3 million licences since 29 October 2013 through their current validation process. The information that was not captured was the mother?s maiden name, county of birth and the security questions. The data captured through the NDLS is stored and controlled by the who are the data controllers of the data. The NDLS will continue capturing information as is it currently and DSP and will draw up an agreement on sharing the current data and the data captured by the NDLS up to February 2018 which is the length of the current front of?ce contract for the NDLS. Action and DSP to agree a procedure to share the current information and future data. 3.2 RSA review all areas to ensure PSC is part of validation process Action As well as the NDLS the RSA require validation for applicants for services such National Car Test, NDLS, Approved Driving Instructors, Driver Certi?cate of Professional Competence. The RSA will review all areas of it operations where identity validation is required for services and look to ensure the PSC card will be accepted as a validation document in line with the driving licence and passport. 3.3 Driver Theory Test The Driver Theory Test (DTT) is currently contracted to Prometric Ireland up to May 2017. A Request for Tender will be issued in May 2016 for the service which will incorporate other requirements not in the current contract. There will be a new contract awarded by October 2016 with a 6 month implementation and roll out phase up to May 2016. The cohort ofcustomers who take this test are drivers in the pre-Iearner phase and are generally under 20 years of age. Current validation process for a DTT is similar in many ways to the NDLS save that a photograph and signature is not captured and this aspect isn?t provided for under the contract now in place. This contract has one year to run and requiring a SAFE process to be applied would mean a change to the existing contractual arrangement and the incumbent contractor will be bidding for the new contract which they will either win or lose. If they win they will enter into transitional arrangements and implementation mode for the new contract; if they lose they will commence phase out of their operations. Either circumstance do not lend itself to making a short term change to the contract. In the context of the new contract which will commence in May 2017 the current procurement requires the contractor to undertake customer validation as currently happens. It is felt that this contract should be up and running for a period of at least six months before making any fundamental changeconcerned a prerequisite for having customers SAFE pre-validated by DSP is that the public information campaign referenced above has been undertaken. This is because DTT customers will have to attend two separate locations (DSP Of?ce and DTT Of?ce) to complete their Driver Theory test and the rationale for this must be clear to them as this will result in extra cost and inconvenience to those customers. The RSA will review with Prometric the requirement ofall new learner applicants having to have a PSC before applying for their theory test. Action Under the new contract the RSA will request that all new applicants for the driver test will require to have a PSC before applying for the Driver Theory Test shortly after the new contract commences. The RSA will also review the current process and document the changes required if new applicants were required to have a PSC before they apply for a theory test. 3.4 Driving Test The RSA will review the validation process for applicants sitting the driving test. Currently applicants must have a learner permit as this is a prerequisite to sitting the test. The difference between the policy in the Passport Of?ce and the Driving Test Service is that the Passport Of?ce only requires the applicant to be SAFEZ and hold a PSC, the driving test already requires a validation process to receive a learner permit. The RSA currently do not see the bene?t in requesting applicants for the driving test to have a PSC as well as meeting the existing legal requirement to have a learner permit. If the RSA implements the requirement for SAFEZ validation in the Driver Theory Test the majority of applicants for the driving test will therefore be SAFE2 at a future date. Action The RSA will review the validation process for the Driving Test. 4 The Critical Path There are two key components that needs to be in place for the RSA before to enable it to request the PSC as part of identity validation for services or that applicants for their services have to be SAFEZ. a. The publicly campaign for SAFE2 must be in place before RSA would start requesting applicants for their services to be SAFEZ validated. The RSA do not want to be in a position to have to explain or defend the requirement for a PSC as this will have ?nancial and reputational damage for the RSA. b. The Governance Structure outlined above must be in place and the RSA should have a channel into the Steering Group to in?uence decisions and actions. There are also further areas that must be reviewed for moving services online and using SAFEZ data and the I. Currently DSP forward their SAFEZ records to DPER who update the Single Customer View (SCV). To ensure the SCV is updated with the most recent information there will be a requirement for an agreed approach which will satisfy all the key stakeholders who will be either updating the data or using it. The agreement of the updating and management of the SCV database must be a key discussion point for the reconstituted SAFE Steering Committee. II. There is currently no legal requirement for a citizen to update their address. With the development of the Master Licence Record (MLR) to assist driver? 5 access to their driving records the validation of the address would assist the administration of the penalty points and disquali?cations if there is a legal requirement for citizens to update their address when they move location. This issue should be raised at the SAFE Steering Blank Page @2700 8 Vivienne Moran From: KILLIAN Kay Sent: 22 March 2018 14:22 To: Laura Byrne Cc: Ray; HAYES Declan; Moyagh Murdock; Declan Naughton; DOYLE Graham; TIMONEY Oisin; MCGURK Lorraine Subject: RE: Letter from RSA regarding PSC Attachments: 2018_03_22 Murdock RSA re PSC.pdf Please ?nd attached correspondence from Doyle, Secretary General in relation to RSA CEO letter of 14 March. Regards and Thanks Kay Killian Private Secretary to Graham Doyle, Secretary General Leeson Lane, Dublin D02 TR60 . at tel: +353 1 604- a Mobile: . . . Sp?irt Dapatm of Transport. Team and Sport From: Laura Byrne Sent: 14 March 2018 15:34 To: DOYLE Graham Cc: Ray; HAYES Declan; Moyagh Murdock; Declan Naughton Subject: Letter from RSA regarding PSC Dear Secretary General, Please see attached letter from Ms. Moyagh Murdock, CEO of the Road Safety Authority. Kind Regards Laura Byrnel Secretariat Road Safety Authority May Valley Business Park, Primrose Hill, Ballina, Co. MaonPost Code: F26 vse4 Tel (095) 25010 Fax 096-25024l Follow us on: I1 You- Road Safety Authority The information contained in this email and in any attachments is con?dential and is designated solely for the attention and use of the intended information may be subject to legal and professional privilege. Ea? are not of this email, you must not use, disclose, copy, distribute or retain this age 1 . ave received this email in error, please notify the sender immediately and delete all capies of this email from your computer system[s). Road Safety Authority Ta eolas sa teachtaireacht leictreonach seo a d'fh?adfadh bheith priobhaideach no faoi run agus b'fh?idir go mbeadh abhar n?mda no pribhl?ideach ann. Is le h?aghaidh an duine/na ndaoine no le h-aghaidh an aonziin atzi ainmnithe thuas agus le haghaidh an duine/na ndaoine sin amhziin ata an t-eolas. Ta cosc ar rochtain don teachtaireacht leictreonach seo do aon duine eile. Murab ionann tusa agus an t? a bhfuil an teachtaireacht ceaptha do biodh a thios agat nach gceadaitear nochtadh, coipeziil, scaipeadh no ?said an eolais agus/n? an chomhaid seo agus b'fh?idir d'fh?adfadh bheith midhleathach. The information in this email is con?dential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. Priornh Oi?g AD lompair Lana Liosain, Baile Atha Cliath 2. Eire Head Of?ce Turasou'eacbta agus Leeson Lane. Dublin 2. lreland [35133th of Transport, EIRCODE: 002 TRSO Tourism and Sport Lo?Call area?om 5.01 J6 v.v.v..d'.tas.'e 8 eves-=9. Oi?g an Ard Runai . Of?ce of the Secretary General 22 March 2018 Ms Moyagh Murdock CED Road Safety Authority Moy Valley Business Park Primrose Hill Dublin Road Ballina Co. Mayo Dear Moyagh I refer to your letter of 14 March In relation to the integration of the Public Services Card (PSC) into the application process for driver licences/learner permits and in particular the Road Safety Authority?s preparations for the introduction of an on~line option for such services, the ?rst stage of which is planned for roll-out next month by the Authority?s National Driving Licence Service (NDLS). As I am sure that you will agree, the addition of the PSC to the NDLS application process has signi?cant bene?ts in terms of improved ef?ciencies and, through addressing the number of fraudulent applications for a licence/permit, reducing the number of unlicenced drivers using our roads. Let me first say that it is gratifying to see the progress that the Authority has made in delivering the underpinning Government policy in relation to eGovernment services and measures to avoid fraud by robust identity veri?cation. note that this was supported by clari?cations provided in my Department?s previous correspondence (to which your letter refers), particularly in respect of the legal basis for the sharing of data between the Department of Employment and Social Protection and the Authority (including the DLS). The Authority is to be commended in not only complying with the overall policy requirements, but also the actual on-Iine application process, which I understand is exceptionally well designed and user friendly. From what i am informed by my staff in the Road Safety Division, that design directs the applicant to MyGole.le to enable the applicant?s identity to be veri?ed for online services. Having done so, they can then choose to continue with the application online. However, I would draw your attention to what is said in the eGovernment Strategy 2017-2020. it provides that online services should be the 'preferred option? in delivery of State services, but does not state that this is the only option. In fact the Strategy goes on to state that other channels should be kept open for ?those who are disconnected by choice or necessity?. The fact that the RSA will be providing online, front office and postal options to applicants for driving licences/learner permits, integrating the infrastructure into each option, is a model of compliance. While 1 acknowledge that the Authority has a preference, for operational reasons, for the mandatory use of the PSC, the Minister has recently indicated that he does not wish to proceed with legislating for the mandatory use of the PSC for NDLS applications, (while this has been informally communicated to you at the request of that Of?ce, we are still awaiting formal noti?cation of that decision). However, in light of the way in which the on-line system is designed and as that is but one of the options available to applicants for a licence/permit, such legislation may not now be required. We are currently engaging with the Office of the Parliamentary Counsel (OPC) to draft legislation (Le. a Statutory Instrument) to enable the PSC to be used as part of the application process. A copy of that S.I. will shortly be made available to the Authority, following its signing into law by the Minister. Incidentally, I understand that the requirement for applicants to verify their identity using a PSC, when undertaking a Driver Theory Test, is operating very well in practice. This clearly re?ects the wide public acceptance for such a requirement to uphold the integrity of the testing process. Indeed the signi?cant increase in successful MyGole registrations according to DEASP, to which you refer to in your letter, is in my view largely attributable to the excellent communications campaign that the Authority have been running to date. I am informed that the dif?culties associated with maintaining front of?ce services post February 2019, as mentioned in your latter, have been the subject of discussions in the past with the staff from the Road Safety Division. Indeed, the challenges surrounding the identification of expected volumes of applicants, post the introduction of on-line and postal application options, for any public procurement purposes were also mentioned. Nevertheless, and in line with what i have stated above, I believe that this has been conveyed to you as something that will have to be factored into the delivery of services by the NDLS into the future. My colleagues in Road Safety Division are available, as always, to you and the Authority in examining such future requirements if so required. Regarding your comments in relation to having to notify the Comptroller and Auditor General of the expenditure involved in this project, this is no more than the standard requirements for any such spending under Public Financial Procedures. Accordingly, there is an obligation on the Authority, as a public body, to account for its expenditure. I am especially at a loss in understanding your reference to ?any losses incurred as a result of the decision? and to ?writing off expenditure on IT and communications". Given the planned integration of the PSC and MyGole into the NDLS is going ahead, albeit not on an exclusive basis, these issues should not arise. I trust that my aforementioned comments in relation to the design of the NDLS on-line system and the related legislative requirements con?rm that. Finally, i am informed that a very constructive meeting took place on 16 March between this Department?s Road Safety Division and the Authority in relation to the delivery of driving licences/learner permits by the NDLS, integrating the PSC infrastructure as required. This allowed for clari?cation and agreement on a number of fronts, including addressing any misunderstanding that you have had in relation to the continued roll-out of the NDLS driving licence/learner permit application process, including the use of the PSC. The close working relationship between the Division and the Authority in delivering the enhanced driver licensing services should ensure both con?dence and clarity in respect of this Department?s commitment to the delivery of the Government?s policy under the eGovernment Strategy. Kind regards 5/ Gra am Doyle Secretary General Blank Page @699) Working To Save Lives 28 March, 2018 Mr. Antciin Lachtnain, Director, Digital Rights Ireland, 10 Castle Hill, Bennetsbridge, Co. Kilkenny. Dear Mr. Lachtnain, Thank you for your letter concerning documentation required for an application to the National Driver Licence Service (NDLS) with effect from 9 April, 2018. From 9 April, 2018 the Public Services Card (PSC) will replace the requirement for certain documentation when applying for a driving licence I learner permit. However, this will now be a voluntary requirement and customers will have two options available to them to validate their identity and residency during the application process. 1. Presenting a PSC at the NDLS centre will simplify and make the application process quicker, because the PSC will be enough to prove your photo id, PPSN, address and residency entitlement. 2. If someone does not have a PSC they must bring documentation to prove their identity, address, PPSN, as well as con?rmation of country of birth residency entitlement. Having a Public Services Card (PSC) should bring many benefits for customers by simplifying the process of applying for a driving licence or learner permit and making it quicker. It will also enable customers to renew their driving licence learner permit online as part of a new online service that will be rolled out to customers in the coming months. However, the PSC will be the only acceptable form of ID for customers who wish to apply for a licence online, which as mentioned will be rolling out gradually over the coming months. Yours sincerely, Moyagh Murdock CEO P?irc Ghno Ghteann na Muardhc, Cno: an tSabhalrtin, Bdthar Sharla Atha Cliatn. B?al an ntha. Co. Mhsigh E6 Valley Park, Pr mrose Hill. Dubl Road. Ballma, Co. Mayo . locall? 1890 50 60 80 (096} 25 000 ?nal: inlo@rsa.ie website: rsajc Udaras Um Shabhallteacht Ar Bhoithre Road Safety Authority Blank Page Vivienne Moran From: Antoin Lachtnain I. Sent: 05 March 2018 12:13 To: Info Subject: letter for attention CEO re Public Services Card Attachments: letter to RSA re PSC march 2018.pdf ex muris - for a complex world. antoin@exmuris.com Blank page Digital Rights Ireland Our Ref: PSC Your Ref: 5 March 2018 Moyagh Murdock Chief Executive Road Safety Authority Moy Valley Business Park Primrose Hill Ballina Co. Mayo F26 Re: 'Public Services Card' Dear Ms Murdock. I refer to your new practice and proposed new practice of refusing to issue driving licences and permits to persons who do not hold a Public Services Card. even in cases where you are satisfied as to the identity of the applicant. Could you please explain in detail the legal basis for these new practices. Yours sincerely Ania?Q Laclxl'riu Antoin Lachtnain Director Digital Rights Ireland CLG. Registered in Ireland. Directors: McCarthaigh. A 0 Lachtnain TJ McIntyre. Registered Office: 10 Castle Hill. Bennetsbridge. Co. Kilkenny. Ireland Blank Page