The following guidelines are organized in two sections:
Section C.1, Master Data Governance and Master Data Management, addresses master data management concepts and activities, as well as organizational aspects to implementing master data in social security institutions.
The institution considers the use of advanced hardware components (“gadgets”) in mobile devices to improve services, such as fingerprint readers for personal identification based on biometrics.
The institution evaluates the use of mobile devices for the collection of contributions and payment of benefits, taking account of the various methods of payment and technological options available.
The institution establishes a legally valid, efficient and secure means of maintaining an association between a user and a mobile device when a transaction is performed.
Such user identification will be required for several intermediate and advanced services.
The institution develops mobile-based services according to institutional plans, taking into account the main types of user interaction and system integration approaches.
The institution establishes a framework for the application of mobile technologies which defines the main procedures, duties and responsibilities, and technical standards, and includes an application strategy plan.
The application strategy could be a medium-term, three- to five-year plan.
This section of the guidelines covers the types of mobile services which social security institutions might offer, and their technological and organizational implications. These may vary according to the current level of deployment of mobile technologies in the country and institution concerned. The five guidelines which follow will assist those responsible for developing mobile services to focus on the technical decisions and choices to be made. They take account of success stories in both social security and other types of institutions, and of all existing technologies.
The institution establishes mechanisms to enforce security policies in ICT operations.
This includes software and patch management, protection against computer viruses and malicious codes, administration of operating systems and backups.
The institution implements security measures in software application development, especially for Internet-based applications.
The institution includes security measures in networks and communication systems, especially those linked with critical systems and information resources.
This involves the security of local area networks, the Internet, and wireless, FTP, email and mobile technologies and systems.
