LATVIA: Can we rely on access to information systems and the receipt of e-services?
The amount of expenses for the operation of information systems (IS) and the maintenance of the related ICT infrastructure in public administration continues to grow in Latvia. During the last five years, it has increased from 41 million euros to 64 million euros per year. IS operation is the basis for receiving e-services. In turn, the level of IS availability reached is one of the indicators of IS maintenance which indicates cost-effectiveness.
The use of e-services continues to grow. Undeniably, the opportunity of receiving services provided by state institutions in a remote way has been especially actualised by the COVID-19 pandemic because e-services have been used four times more often than face-to-face services during this period.
When choosing to receive an e-service, an individual expects it to be quickly and conveniently available. However, for an e-service to work, it often involves several institutions and includes both the IS these institutions maintain, the corresponding ICT infrastructure and the various communication networks. All these components must be available for the service to work, and a malfunction of even one component will affect the ability to receive an e-service.
Components involved in providing an e-service
In 2022, the State Audit Office of the Republic of Latvia finalised a performance audit, in which it assessed whether the availability of IS and the receipt of e-services can be relied upon. The auditors could not get an unequivocal answer for several reasons.
- Information about the achieved level of availability of e-services and the IS supporting them is not collected and analysed together. The information at the disposal of leading institutions in the field of e-governance and IS security is fragmented and is analysed only in the state institution where the service is provided, without ensuring the exchange of information with other state institutions about ICT incidents, affected IS, and e-services. As a result, there is no unified accounting or quick information exchange, and no one knows which services are disrupted or not available at all;
- No estimate has been made of how much the unavailability of IS and e-services costs and what consequences it has for private individuals, state institutions or the economy as a whole.
The auditors’ estimates show that if the Latvija.lv portal is unavailable for 24 hours, service recipients may not receive at least 22,500 e-services during this time. When analysing the operation of the Latvija.lv portal and e-services over 4 months, it was found that 21 of the 119 e-services hosted on the portal malfunctioned.
In case of the unavailability of e-services, an administrative burden is created both for the recipient of the service (an alternative solution must be sought; time must be spent checking whether availability has been restored) and for the state administration (customer service in a less automated channel of service provision is more resource-intensive). According to the estimate made during the audit, the unavailability of one e-service may cost an individual 15.40 euros and he/she may require an average of 1.5 hours to receive the service in person. Although the cost of one failure to receive an e-service may not seem high, e-service malfunctioning 10,000 times in four months could create an administrative burden for the population of 162,000 euros taking into account the statistics on e-services malfunctions.
- Laws and regulations stipulate the attainable level of accessibility for IS and e-services. Nevertheless, state institutions do not have a detailed methodology for calculating the level of accessibility, and it is unclear how to ensure it and what to monitor to achieve it. Organisational prerequisites outlined in the laws and regulations for ensuring the availability of IS and restoring the continuity of operations in state institutions have not been fully implemented.
Institutions understand the achievable IS availability in different ways. They do not measure anything and do not even highlight IS availability as a necessity; they only measure the availability of databases (one of the components for IS and e-service to function) and interpret IS security incidents differently.
The information provided by state institutions about the actual level of availability of IS and e-services is mostly based on opinions rather than facts. Additional reasons to be mentioned for the lack of reliable data:
- Planned and short-term (up to 15 minutes) unplanned interruptions, as well as the duration of these interruptions, are not recorded in the incident registers of state institutions;
- The terminology in laws and regulations is unclear regarding the working hours of an e-service, i.e., whether the availability of an e-service can be expected during the working hours of the state institution concerned or in a 24/7 operating mode.
- Operation time and achievable availability among all components of e-service provision (for e-service, IS, ICT infrastructure and a website where the service is hosted) are not coordinated.
Audit summary (in English): https://www.lrvk.gov.lv/en/audit-summaries/audit-summaries/can-we-rely-on-the-access-to-information-systems-and-the-receipt-of-e-services;
Press release (in English): https://www.lrvk.gov.lv/en/news/safeguarding-access-to-e-services-would-result-in-more-efficient-use-of-financial-and-human-resources
Audit report (in Latvian): https://www.lrvk.gov.lv/lv/getrevisionfile/29525-cp-mdLwar3GEHUtNWpRfTa3-3xHTtGU2.pdf
Infographics (in Latvian): https://www.lrvk.gov.lv/lv/getrevisionfile/29525-37c4hzlSPu4jzAt18PSn-JLAKZ2WkWwq.pdf