IT Standards Inquiry report to the Government

The IT Standards Inquiry delivered their final report to the Swedish Government. The title of the report is The Invisible Infrastructure. It is 520 pages long, in Swedish, but have on pages 29-46 a summary in English.

Proposals:

  • That the use of formal standards for electronic information management be promoted in the case of authorities accountable to the Government.

  • That the Government also instruct the Administrative Development Agency to attach particular importance to the longterm implications of using standards with a high degree of openness when drafting tender model specifications for framework contracts. If this proposal is adopted, the agency should be required to report annually on progress in this area.

  • That Sweden actively seek the adoption of an EU position on public procurement that allows reference to be made to other than formal standards. Such a position, which would apply at national as well as EU level, would make it possible in practice to refer to IT standards developed by the IETF, OASIS, W3C, UN/CEFACT and other, similar bodies that provide widely adopted standards but are not recognised in the sense understood in Community law.

  • That the Government commission the National Archives to issue regulations permitting authorities covered by the Archives Act to store electronic documents which are in a widely used format based on standards provided by recognised standards bodies.

Assessment:

  • Agencies taking part in procurement of e-government IT services and equipment should define their own organisation’s security requirements in relation to what is to be procured.

  • The Administrative Development Agency should pursue efforts to draw up a regulation that specifies ISO/IEC 27001 and ISO/IEC 27002 (LIS) respectively as bases for agency efforts to improve information security, and possibly also develop an improved version of the Swedish Emergency Management Agency’s methodological tool, BITS, as a platform for establishing a basic level of information security.

I am also extremely satisfied with the following statement that is built upon a discussion in the report where the finding is that Open Source and Open Standards are two different things and should be discussed as such.

The Administrative Development Agency’s analysis (commissioned by the Inquiry) led it to the conclusion that open standards and interfaces, not open source software, should be promoted as a first priority. Another conclusion was that in normal circumstances open source software must be able to compete in the market on its own merits. Assessment

  • Government agencies should contribute open software developed in house to eGovforge and other similar repositories, provided this is permitted under relevant licensing terms and conditions.

  • A guidance should be drawn up with recommendations on how agencies should go about acquiring and developing open software and procuring support services for the latter, and how they should proceed so as to facilitate re-use of the programs they have developed.

Regarding procurement:

Assessment

  • A special unit with responsibility for coordinating public IT procurement should be set up at the Administrative Development Agency with the task of promoting inter-agency coordination of the development of common procurement requirements specifications, which can subsequently be used in tender dossiers in the IT domain.

Overall, this is a big step towards (a) having the Government accepting not only formal standards, but also standards in other standards bodies (like the IETF) as well as de-facto standards and (b) that it is recognized that Open Standards have a large impact on competition in the market, and that the Government as a procurer have a big role as a customer regarding how the market evolves.