Social security operations and strategic decisions are based on the mission-critical availability of data related to the individuals and stakeholders involved in social programmes managed by institutions. As a consequence, the reliability of these operations and adjudications are based strongly on the reliability of the used data. Among the large volumes of data managed by social security institutions there is a key subset that is common to social programmes, and its quality and management have a strong impact on the overall activities of social security institutions.

The institution considers the use of advanced hardware components (“gadgets”) in mobile devices to improve services, such as fingerprint readers for personal identification based on biometrics.

The institution evaluates the use of mobile devices for the collection of contributions and payment of benefits, taking account of the various methods of payment and technological options available.

The institution establishes a legally valid, efficient and secure means of maintaining an association between a user and a mobile device when a transaction is performed.

Such user identification will be required for several intermediate and advanced services.

The institution develops mobile-based services according to institutional plans, taking into account the main types of user interaction and system integration approaches.

The institution establishes a framework for the application of mobile technologies which defines the main procedures, duties and responsibilities, and technical standards, and includes an application strategy plan.

The application strategy could be a medium-term, three- to five-year plan.

This section of the guidelines covers the types of mobile services which social security institutions might offer, and their technological and organizational implications. These may vary according to the current level of deployment of mobile technologies in the country and institution concerned. The five guidelines which follow will assist those responsible for developing mobile services to focus on the technical decisions and choices to be made. They take account of success stories in both social security and other types of institutions, and of all existing technologies.

The institution establishes mechanisms to enforce security policies in ICT operations.

This includes software and patch management, protection against computer viruses and malicious codes, administration of operating systems and backups.

The institution implements security measures in software application development, especially for Internet-based applications.