The Audit Guide for compliance with the National Interoperability Framework is published to help assessing, through a list of controls, the compliance with the National Interoperability Framework (Esquema Nacional de Interoperabilidad – ENI) by Spanish Public Administrations.
The guide integrates some recent pieces of laws addressing the digitalisation of public services in Spain together with the implementation and monitoring of criteria that are already fulfilled by the alignment of the national law. The Audit Guide contains a set of appropriate mechanisms to assess compliance with the provisions of controls about the fulfilment of the requirements of the National Interoperability Framework.
The NIF is established in article 156 of Law 40/2015 (dated 1st of October 2015), on the Legal Regime of the Public Sector, which replaces paragraph 1 of article 42 of Law 11/2007 (dated 22nd of June 2007), of electronic access of citizens to Public Services. Its purpose is to create the necessary conditions to guarantee the adequate level of technical, semantic and organisational interoperability of the systems and applications used by the Public Administrations. This allows the exercise of rights and the fulfilment of duties through electronic access to the Public services. At the same time, it benefits from efficiency and effectiveness, within the framework, among other rules, of Law 39/2015 of Common Administrative Procedure of Public Administrations.
It is applicable to all public administrations in Spain. This legal approach to implement the NIF embeds interoperability requirements in the legal framework of administrative procedures and eGovernment, thus configuring an integrated, coherent and comprehensive approach.
The legislative corpus from which most of the guidelines are reflected is mainly composed by the following texts:
· Law 39/2015 (about the Common Administrative Procedure of the Public Administrations),
· and Law 40/2015, (about the Legal Regime of the Public Sector).
They are supposed to apply and supervise the digital transformation of all the public administrations. They come to set up a scenario in which the electronic processing should be the usual action of the public administrations (for internal management, relationship between administrations and relationship with citizens).
Among many other important principles, the NIF states that "compliance with the National Interoperability Framework will be included in the life cycle of services and systems, accompanied by the corresponding control procedures ", including the regular audit (internal or external). It also specifies that “The bodies and Public Law Entities of Public Administrations shall publicise, in the corresponding electronic offices, the declarations of conformity and other potential interoperability badges that are creditors, obtained regarding compliance with the National Interoperability".
The Audit Guide for compliance with the National Interoperability Framework applies to the whole set of Spanish public administrations that are present.
The purpose of this Audit Guide for compliance with the National Interoperability Framework is to provide an instrument to facilitate an assessment of compliance with interoperability measures, indicating a list of controls on the National Interoperability Framework and its interoperability agreements.
The controls provided in the Audit Guide are grouped into three categories:
· Organisational framework: controls whose fulfilment requires horizontal measures such as the legal or policy action. Often referred to governance of interoperability;
· Operational framework: controls whose performance requires the adoption of practices, procedures and measures aligned with the administration of interoperability as a whole (including design, implementation, configuration and operation of interoperable systems);
· Technical measures: represent specific requirements ensuring interoperability (including formats or protocols vocabularies).
The format of this Audit Guide allows its use as a practical work tool during the audit process. In order to facilitate the performance of the audit, and similar results by different auditors, information is to be provided on possible evidence of compliance with each NIF requirement. Auditor may require these evidences, although this may vary according to circumstances.
In particular, the "Degree of compliance" indicates the level of compliance with an applicable control, with respect to the number of information systems, services or information included within its scope. Six levels of compliance are established, which are defined as follows:
· Null, corresponding to 0% compliance.
· Initiated, when the estimated compliance is between 1% and 20%.
· Progressing, when the estimated compliance is between 21% and 50%.
· Advanced, when the estimated compliance is between 51% and 70%.
· Superior, when the estimated compliance is between 71% and 90%.
· Excellent, when the estimated compliance is between 91% and 100%.
The Audit Guide for compliance with the National Interoperability Framework is a document.
A complementary action, the interoperability section of DATAOBSAE, shows monitoring information of a range of services with contribute in practice to interoperability in Spain.
It is appropriate to have a guide that identifies the requirements to be met in order to demonstrate compliance with the NIF. The Audit Guide for compliance with the National Interoperability Framework is another instrument available to public administrations in Spain. It improves the implementation of the NIF together with the systematic monitoring of interoperability through DATAOBSAE. The Audit Guide has been published quite recently (end of 2016) and some time is still necessary to assess its results and to gain relevant feedback for future releases.
The development of a legal framework that encourages a strict application of consistent audit will bring a higher monitoring of the Interoperability criteria and categories. In the long term that will be reflected in the level of the services provided to the citizenship by the public administrations.