NSIS analysis for municipalities: More than just a GAP analysis

Take the right approach to the NSIS task, with a collective plan setting out estimates of resources and costs.

All municipalities have to comply with the requirements introduced within the new “National Standard for Identity Assurance Levels” (NSIS). Thus, you are now faced with a task that affects many parts of your organisation.

Globeteam recommends that you start with an NSIS analysis. Unlike a GAP analysis, the NSIS analysis provides you with a full overview of where you are today regarding the requirements and standards that you have to comply with, so that you can map the shortest path to meeting NSIS requirements.

NSIS also comes with the new means of identification MitID and NemLog-in3, which is why it is important to be aware that a focused NSIS GAP analysis will not uncover the entirety of the task at hand within the municipality. This goes for tasks with citizens’ services and in the authority portals (virk.dk, among others) as well as risk assessments of the service provider solutions.

Map the overall scope of tasks with a full NSIS analysis from Globeteam and Vangsaa Consult

In collaboration with Vangsaa Consult, Globeteam can offer a thorough NSIS analysis of the municipality. The analysis covers the overall scope of tasks regarding NSIS, NemLog-in3 and MitID within IT and compliance, based on the current guidelines from the Danish Agency for Digitisation. The analysis also estimates the costs and resources that the municipality will have to devote in order to reach full compliance.

The analysis is carried out in the form of a series of 4 workshops and the delivery of a final report. Each workshop focuses on an overall task area:

1. Citizens’ services

What is the time and resource consumption compared with the current support tasks in citizens’ services, and how will the scope of work grow with MitID?

The workshop will clarify how the common public digitisation strategy can be used to create further digitisation and savings in citizens’ services, and how specifically it can be delivered via new IT solutions and/or adaptations of the existing setup.

You will also come away with a clear overview of what the new compliance tasks are, and if they can be handled within the framework of your current audit agreement, or if you might have to make a call for tender.

2. Internal user management (Identity Provider and Identity Management)

Which IdP and IdM solutions will support the municipality’s current IT strategy? And what savings and improvements do they provide?

As a result of this workshop, you will have an overview of how best to manage the work of developing an audit statement that documents how your IdP solution meets NSIS requirements.

We can also offer help with setting out and implementing the processes that are required to achieve an audit statement/ISO certification.

3. External user management

Which authority portals do you use in the municipality, and how many user accesses do you have for the different portals? What is the time and resource consumption involved in creating a user?

The aim of this workshop is to identify your current processes for managing the rights of the users that access the authority portals.

Based on this, we will look into whether or not some of these processes could be switched to Robotic Desktop Automation, and what kind of saving potential that might bring.
 
 

4. Service provider solutions

What service provider solutions are there in the municipality, and how do you ensure that you comply with the required NSIS assurance level?

The workshop will provide you with an overview of the most important service provider solutions and the number of use cases in the solutions, as well as how many risk assessments you would have to carry out.

You will also have a defined process detailing how best to carry out adjustments of a service provider solution, regardless of whether the responsibility lies with you or the provider.

Delivery of a final report

The final report sets out an offer of costs for external providers, procurement of systems and IT, as well as an estimate of hours required internally in the municipality for each of the 4 task areas that are covered in the workshops.

The report also contains a section that describes the possible consequences for the municipality if you do not carry out the tasks detailed above.

[contact-form-7 id=”25341″ title=”NSIS-analyse”]

Peter Langvad er ansvarlig for salgsteamet og er derudover accountansvarlig for en række offentlige og private kunder. Kunderne er primært store kunder med leverancer på tværs af Globeteams ydelser.

For more information, contact:

Optimize your business and your IT-investments

Are you interested in knowing more about the services of Globeteam, and how we can help exactly your company?