Many factors make good digital ID planning and procurement

The journey to a secure identity usually begins with understanding an organization’s unique needs. With cyber threats evolving rapidly and data breaches becoming more sophisticated, reports of organizations implementing robust digital identity tools to protect sensitive information and ensure secure access, is also on the rise.

A session at the ID4Africa 2024 conference co-chaired by Dr. Sarah Lister, head of governance at UNDP, and Victor Margall von Hegyeshalmy, electoral/ID procurement lead at UNDP Procurement Services Unit focused on the practical aspects of eID and eGovernance digital tools. Lister tells Biometric Update that it is evident that many countries are currently planning or already designing and implementing digital ID and eGovernance systems.

“There is also a huge interest and dynamism in the industry around these technologies. And there is a significant thirst for support on issues of procurement,” she adds.

This “creates many opportunities but also risks and challenges. It is fundamental to have a well-balanced, well-informed and objective assessment on each case, starting with the needs and how to optimally address them. Factors that become critical may include medium and long term sustainability of the offerings, overall and hidden costs – search for the true ‘best value for money’, ensuring ownership by the beneficiary, and progressive capacity building and progressive introduction of technology.”

It was highlighted in the session that decisions to make or buy digital identity and governance systems must also consider all the above and further technological aspects, as each involve significantly different pros and cons, she continues.

Associated risks

According to the session, analyzing past security incidents and potential threat vectors can help in selecting an identity tool that addresses specific vulnerabilities. This proactive approach minimizes the risk of future breaches. Once the needs are identified, the next step is procuring technology that aligns with those needs. This phase involves meticulous research and evaluation of available options.

Margall von Hegyeshalmy notes that risks can materialize at any stage of the overall process and may come from very different angles and/or actors involved.

“In procurement, we use models and procedures geared towards risk identification and mitigation, including of course all  parts of contract implementation,” Margall von Hegyeshalmy adds.

“But risks go beyond that, and we must also look into aspects and potential risks relating to the further future and the resilience of the technologies and solutions chosen. The more advanced a country is in implementing a system, the more costly it may be to address design defects or even change to another system to address challenges in the future, so we need to take great care in every step towards designing and deploying a national identity solution.”

The session also delved into the risks associated with deploying national identity systems and how to mitigate them. Margall von Hegyeshalmy highlighted the importance of a holistic approach to risk management, which encompasses the entire lifecycle of the solution from procurement to long-term resilience.

The presentation at ID4Africa identified a number of risks and potential mitigation measures. This includes ensuring early and consistent involvement of relevant objective experts, for comprehensive and in depth analysis and advice from start to end. Additionally, it also includes seeking and conducting relevant business processes analysis, as technology alone will likely not be the answer to procedural issues, according to Lister.

Assessing technical capacities at the government and seeking to build those in line with the technical complexity of the system (hence, progressive approaches are practical), and ensuring steps taken are consistent and avoid back and forth, are both additional mitigation measures.

“Focus on needs and results; ensure ownership and tools are handed over to; consider total cost of ownership including maintenance; consider present and future use including scalability, interoperability, ensure open standards; and consider special contractual modalities and clauses for software/systems development,” Lister concludes.

Article Topics

biometrics  |  digital identity  |  digital public infrastructure  |  ID4Africa  |  ID4Africa 2024  |  national ID  |  UNDP