The applications that make this exchange possible are developed and managed bythe BKWI (Bureau of Chain Computerization for Work and Income), which oversees the Suwinet on behalf of the government. Since 2015, the environment in which these applications are tested, monitored and provided has been hosted at Schuberg Philis.
The applications that make this exchange possible are developed and managed bythe BKWI (Bureau of Chain Computerization for Work and Income), which oversees the Suwinet on behalf of the government. Since 2015, the environment in which these applications are tested, monitored and provided has been hosted at Schuberg Philis. After a smooth migration and some improvements in the application and technical management, BKWI now has more velocity, a more stable application landscape, and an optimized reporting environment.
The Employee Insurance Agency (UWV), the organization that implements national insurance schemes in the Netherlands (SVB) and local government Social Services Departments (GSD) are required by law to offer access to one another’s data on residents’ work and income. Using three different applications, they can see this data in one another’s files, enter it in their own systems, and receive it as structured XML reports. Every month the files of more than 600,000 residents of the Netherlands are called up. Yet another application allows the registered users to email one another on the Suwinet, without going through the internet. These Suwinet services exchange about ten million messages per month.
Suwinet does not store the data of government bodies, but it transmits information between them. Every time a file is consulted or a message is exchanged, this is recorded so that illegitimate use of the Suwinet can be traced. The three main users can also use Suwinet to request basic data from other bodies, such as the Netherlands Vehicle Authority, the department of the Delivery of Education (DUO), the Chamber of Commerce and the Land Registry. Finally, residents and citizens themselves can use yet another application to see their own personal particulars in the data banks linked to Suwinet, and where necessary correct them.
This is an extremely complex network of linkages and agreements that enables many personal particulars to be shared. Therefore a number of security measures are built into the design of the system. The Suwinet infrastructure is a combination of a closed network, the Suwinet, the central environment that contains all the Suwinet servers, and the organizations mentioned above, which are connected as sources of data. Various government bodies are connected to Suwinet. Information about residents, citizens and organizations can be safely exchanged through this closed network. When users log in, they can only see what they are allowed to see, on the basis of their credentials – the ‘purpose limitation.’ All their actions are logged. The application layer and the data traffic arelogically separated.
So managers have no way of seeing what is in the files; they only see the metadata. They can, for example, see which institution or employee has been reading which files, how often, when, and so forth. But not what is in the files. Reports on this metadata are compiled and can also be used for additional checks against misuse. If an employee is reading files outside of working hours or requests the files for a particular person unusually often, that is immediately visible. In this way the security of personal information is guaranteed, thanks to maximum system transparency.
Another big challenge is keeping the system up to date. Suwinet is a combination of applications and linkages to different organizations, and each application combines files from different databases. Changes in one of the connected systems, or changes to the specifications of messages, can have major consequences for the operation of the system as a whole. To keep the changes coherent and manageable, a Central Office for Chain Computerization Changes has been established.
Where will you be in three years?
The core Suwinet applications have been developed by the BKWI and are hosted by a third party. For a long time they were hosted at the civil service pension fund APG. When that contract ended in 2014, a new call for tenders was issued. Joost Huijbregts, Service Manager at BKWI: “We deliberately made the task description very open. Rather than detailing the technical specifications for the project, we gave the functional requirements the system must deliver, what our standard of evaluation would be, and when the system had to be delivered. But we also asked: where do you think we will be in three years?” He received many good offers, but the proposal from Schuberg Philis was the most attractive one.
“They really want to know what motivates the customer and what the customer does. They quickly understood what our environment implies. There’s a lot of knowhow at Schuberg Philis about private cloud solutions, embodied for example in procedures that you can reuse.”
Patrick de Zoete, Mission Critical Engineer for Schuberg Philis: “I’d been working for Schuberg Philis for fifteen years and I wanted to do something with a government agency. I’ve seen a lot of spaghetti code written by the government’s suppliers, and I wanted to show that there is a better way. This is a customer who is also familiar with a DevOps type approach, and who needs to retain control and responsibility. So right at the start we were consulting with all the key players around one table: the architect, developers, security officer, everyone.” Janot van Wegen, Customer Director and Risk Officer at Schuberg Philis: “We organized many workshops to examine the entire IT stack, and talked to those responsible for the file content so we had an idea of the data flows and could prepare the logical map.” The BKWI’s Joost Huijbregts says of these workshops, “They gave us a flying tart. Even before the project began they had three hundred backlog items for restructuring the environment.”
On February 23, 2015, BKWI and Schuberg Philis signed a contract for the next three years. The team started work the following week, and on June 13 the new environment was delivered. During this process, the Schuberg Philis engineers noticed that many processes from third parties had been handed over, but were not well documented. That too had to be put right, and they had to work out the best division of labor. Huijbregts: “We do the Suwi code, Schuberg Philis does the non-Suwi code, but we find more and more overlaps, where we work together. Everyone works on the basis of their own responsibilities.” The migration of all the functionalities took place on time and within budget.
Make things even easier
In the autumn there were some infrastructural hiccups, but the impact on the end user was minimal. The environment has been stable since then, with 100% availability for five months in a row. The norm that more than 95% of the requested files must be provided within six seconds has been more than met. Best practices are documented in cookbooks, so that the deployment, testing and production of new applications are automated as far as possible. The managers now have more time for management and pro-active problem analyses, and the developers have more time for innovation. According to Huijbregts, both parties have learned so much from one another that Schuberg Philis is ready to take on even more tasks in 2016 and so make things even easier for the BKWI.