E-services between public administrations (G2G): case study of Girona City Council
In the framework of an open digital environment, trust is indispensable. While discussion so far has focused on G2C e-services, here the focus is on e-services between public administrations, i.e. G2G e-services. The objective was to analyze the degree of trust given to services and the authenticity of documents generated or used by them. The analysis aimed at getting the perspective of a municipal administration, here Girona City Council, and, more specifically, from the point of view of records management. The results are being used for implementing internal improvements and trying to influence public e-service providers for better quality e-services. Based on the results, recommendations for planning and designing e-services between public administrations are defined (see Appendix 2).
From the municipal viewpoint, a Catalan city council may have to use e-services from different levels of public administration: the state, the regional government and the provincial government. Additionally, in the case of Catalonia, there is the Consortium of Open Administration of Catalonia (Consorci Administracio Oberta de Catalunya, AOC). This consortium consists of different public administrations of Catalonia and its aim is to enable e-government for all Catalan public administrations by the implementation of e-services. One of the most important roles is the intermediation function to facilitate interoperability between any public entity in Catalonia or in Spain. In this sense, the benefit for the municipalities is clear: integration with AOC (1:1) simplifies communication and avoids multilateral integration of services with different providers (tv.m).
On the other hand, there has been a significant increase in e-services since the approval of several legal changes. The key moment was 1 October 2016, when the entire public sector was required to become digital and when the once-only principle was introduced. This principle, promoted by the EU and included in the EU eGovernment Action Plan 2016-2020 (European Commission, 2016), allows citizens and companies to provide their information to the public administration once, thus reducing administrative burdens and facilitating digital single market. However, from the records management perspective, the situation is not ideal since no state law requires having a records management system implemented. Until now, regional governments have assumed their regulation solely and unequally (see Chapter 3), and only the Catalan law on archives and records management (2001) established records management as mandatory, although with a limited success (Casellas, 2013). Thus, it can be concluded that digital transformation is not always supported by records management systems.
The research in this study was structured in five phases
- 1 identification of the services to be evaluated
- 2 assessment of trust in e-services
- 3 identification of services that could affect principles of the records management system of the City Council
- 4 assessment of critical factors related to the authenticity of records
- 5 proposal for improvements and recommendations.
Previously, an e-service was defined as any technological resource (infrastructure or application) that facilitates access to platforms of business management, information exchange, data interoperability or data validation, and verification. In a more extended meaning, it also covers the provisions of any service to citizens. Under this premise, the first task was to identify the e-services that Girona City Council and municipalities had to use. The analysis focused on the online catalogue of services of the two main public providers: the state and the AOC. In accordance with the criteria for the development of e-government in Catalonia, the AOC provides all e-services between public administrations in Catalonia, but a first revision revealed that both the Catalan and provincial governments did offer some e-services of their own. Therefore, the 89 e-services identified in the two unique catalogues available online, based on their own classifications, were
- • Spanish government (59 e-services)
- • e-government and services to citizens (47, grouped in 11 sections)
- • internal management (7)
- • infrastructures (5).
- • AOC Consortium (30 e-services)
- • relations with citizens (10)
- • internal management (7)
- • relations between public administrations (5)
- • identity and electronic signature (8).
The trust in e-services was evaluated taking into account basic requirements for private providers defined in the ITrust’s case study Cloud Service Provider
Contracts (Bushey, Demoulin, How, &c McLelland, 2016, 2018). Although the checklist was intended for private providers, the level of requirements for public sector must be at least the same (see also Chapter 4). For public administrations, the analysis focused on published information about e-services’ policies and the records of the City Council related to the formalisation of service level agreements. The following aspects were analyzed
- • information security: infrastructure security measures, data location, audits and controls, etc.
- • confidentiality and data privacy: data ownership, rights of access, intellectual property rights, obligations and responsibilities, audits and controls, etc.
- • control of records and data: corporate management (records management functions, retention and disposition, etc.) and characteristics of records.
Due to the scarcity of published online policies, the analysis was complemented by a checklist prepared using the Digital Records Maintenance and Preservation Strategies (Requirements Set C) (Hackett, 2008, pp. 24-27) and the information available for each service.
Regarding the effect of e-services on records management, the classifications used by providers in grouping the 89 identified services were not useful for the study. For this reason, services were analyzed from a functional point of view, i.e. the kind of interaction regarding records and information was analyzed. This perspective enabled the following typological approach
- 1 creation of records, usually by means of a structured template
- 2 transmission of data and records by submitting or entering to an external system
- 3 publication of data and records on public platforms, official registries, or official journals
- 4 verification of data and records which substitutes documents provided by citizens
- 5 software application for business management, temporary storage, or preservation over time
- 6 identity and digital signature as a means of access to e-services and records validation.
The impact on presumption of authenticity of records involved in the e- services was evaluated based on this new classification. The criterion for selection of e-services was that it matched at least one of the first four types, given that some of them could be done simultaneously or combined. That is the case of creation and transmission of records and the publication in the official journals. Evaluation was done using two checklists drawn up from two other requirement sets
- • Benchmark Requirements for Supporting the Presumption of Authenticity of Electronic Records (Requirements Set A) (Hackett, 2008, pp. 15-20) for creation of records or evidence of transactions carried out
- • Baseline Requirements Supporting the Production of Authentic Copies of Electronic Records (Requirements Set B) (Hackett, 2008, pp. 21-23) for obtaining authentic copies of records when an e-service is used for verification of records or data.
The main positive finding is the benefits coming out of integration with a single service provider that performs an intermediary role with other service providers, such as the AOC. However, the fact that several e-services were not integrated in the AOC platform complicates the situation. Next, the absence of an integrated e-service catalogue does not facilitate identification and analysis of each e-service. At the same time, internal management tools such as the catalogue of e-services used, or the registry of authorized interoperating users, are increasingly difficult to keep for at least two reasons: first, because of proliferation and diversity of e-services; second, control of users is usually done per individual e-service and it is difficult to integrate those rights at the level of public administration as a user. If integrated, it could result in a holistic control of the public administration’s staff permissions.
Regarding trust in the e-services, this is seriously affected by the absence of specific policies related either to the specific service or to the platform where it is implemented. In general, it could be said that information about e-service implementation is only included in the e-government portal policies, but in a very diffuse way. At a lower level, only the AOC really offers service level agreements, although they are not fully compliant with the reference requirements defined for private providers or preservation strategies that ensure the appropriate measures to prevent the loss or corruption of information.
Regarding the presumption of authenticity of records, all e-services are based on the digital signature and none provides sufficient contextual information to satisfy the presumption of authenticity in the long term. Generally, capturing of the archival bond and the identifier of authoritative record is not planned at the point of creation, incorporation, consultation, or verification of the records. This also hinders integration of management systems with the e-services, integration that in some exceptions is not automated and depends on organizational solutions, e.g. manual downloads of submitted records or transaction evidences, which are usually held on servers of the provider.
Because of the weak traceability of actions and non-integration with the management systems of the public administration as a user, authenticity of the records will be affected in the medium and long terms. This is especially worrying for two reasons. First, only the e-service provider holds control over the management and roles of external users, even though the public administration as a user can interact with it. Second, a relevant number of e-services do not allow users to obtain evidence of the transactions carried out.