The German federal state of Thuringia will join North RhineWestphalia, Baden-Württemberg, Hamburg and Hesse and start using OSiP, a system for performing security checks for staff access to sensitive areas, such as airports, nuclear plants, and ports. The system, built on open source components, is set to become the default security system for all 16 federal states.
The four states currently using OSiP are pooling resources for maintenance and development. They are also planning a competence centre to support new users.
The system is built using many well-known open source software components, including operating system Linux, the Apache Webserver and the Jboss business integration software. This allows it to be combined with either MySQL or MariaDB, two very similar, open source database systems. The code and configuration settings for OSiP are not shared publicly, but the developers are considering making the OSi-API available as open source.
The development of OSiP (Online-Sicherheitsprüfung) began shortly after the terrorist attacks in the US, on 11 September 2001, says Helmut Nehrenheim, from the Ministry of Interior of the State of North RhineWestphalia. Security checks at airports were tightened, and the German air safety act was modified to cover not just flight crews, but all staff that have access to security critical areas in airports are now checked by the Air Safety Authority. “These security checks are done annually, and 9/11 increased the number of checks dramatically”, Nehrenheim says.
He presented OSiP at the Sharing & Reuse Conference 2017, in Lisbon on 29 March: “The system had to be able to include all stakeholders involved in safety reviews and background checks. The workflow process should be easy, without files having to be downloaded or converted.” OSiP came third in the ‘national category’ of the Sharing and Reuse Award, which were handed out at the conference.
Set to be the standard
These days, OSiP connects an airport with air carriers and the aviation security authority. A central hub allows access to, for example, the offices of criminal investigations and secret services and several federal central registers. Based on all the information, staff at the aviation security authority can determine if a person is allowed access or not. All of this is done without ‘media breaks’ - conversion of records or files. “To the great relief of the airport safety organisation, all parties were brought together in one process chain”, Nehrenheim says.
Deciding to make the system available to other states was easy. OSiP project management is under control of the IT Plannungsrat (IT planning council), in which the chief information officers of all the German federal states are represented. “This council has now decided that OSiP is to be the standard security background check application”, Nehrenheim says.
In North RhineWestphalia OSIP is expeced to manage some 400,000 requests this year. In Baden-Württembergq, OSiP currently manages about 200,000 requests per year.
More information:
Sharing & Reuse Conference 2017
OSiP presentation (PDF)
OSiP presentation (video)
OSiP description page on Joinup