MITA Annual Report 2021

01.

Executive Chairman’s Statement

The start of 2021 saw the commencement of a new three-year strategic plan that builds upon our years of public sector experience and know-how in implementing digital solutions and services to Government. We aim to transform our insight into new opportunities to improve service delivery and strengthen client trust, lifting our Agency to new heights of excellence.

We continued with our investment to modernise our facilities and tools to meet the demands of a modern Data Centre facility. Following the launch of the new Security Operations Centre, 2021 saw the completion of new offices for our Network Operations Centre. It is our priority to equip ourselves with innovative and efficient tools to ensure the smooth operation and maximum security of the Government digital infrastructure and services.

MITA is proud to have been nominated by Government to act as the National Coordination Centre, representing Malta within the network of coordination centres within the European Cybersecurity Competence Centre. This demonstrated the worth of trust that the Agency has earned within specialised competency areas such as cybersecurity.

We were also pleased to be chosen by Government to host the Prime Minister and the President of the European Commission, during an official visit in relation to the recovery and resilience facility NextGenerationEU and the national Recovery and Resilience Plan. MITA was allocated almost €23M in terms of recovery and resiliency funds.

This is by no coincidence, it is because of our people’s commitment toward rendering professional services and our pledge to support the Public Administration reach new heights in public service delivery.

Board Members

2021 was another challenging year because of the COVID-19 pandemic. We are however grateful as we still were able to achieve our goals for the year. We maintained our momentum thanks to every one of our employees. Not only did we guarantee our services but continued with our investments in areas such as information technology and systems modernisation, shared platforms, cybersecurity posture, as well as on communication and collaboration tools.

This included a new enterprise agreement for the provision of licences and other related services, providing accesses to the latest product versions. The agreement was reached following the issuance of a competitive public call for licence solution providers to submit their quotes. This involved an investment of €20M, covering a period of three years. The availability of these latest tools further supported the public service commitment to provide a strong and effective collaboration suite to support employees to virtually collaborate remotely from anywhere. This was further supported with an online training programme aimed at making sure that the end-users are properly trained to maximise the use of the solution.

We also launched a voice solution using Voice over Internet Protocol (VoIP), an ambitious initiative that will offer the public service an easy and cost-efficiency unified communication platform. MITA has successfully pioneered a reverse electronic auction as part of the procurement process for the provision of data connectivity services for the Public Service, marking a “first” for the Agency and indeed for Malta’s public procurement. Through this reverse e-auction, operators competed aggressively to reduce their prices and seize the chance to provide data connectivity to a share of the Public Service.

It is our pride to continue to be part of the public service success, through the continuous investement in the use of technologies. Through our central role in public service delivery, we aim to accelerate the digital transformation to help the public service further optimise service quality and delivery.

Executive Committee

In July 2021, MITA awarded the tender for the provision of a Corporate Enterprise Resource Planning Solution, including the implementation and configuration of all modules of the solution as well as the provision of training, together with service subscription and support services. MITA sees this project as an opportunity for business process automation, in areas such as accounting, procurement, project management and human resources, that will provide more insight and internal control for the better management of the Agency.

We are also looking into our email service offerings by moving also to the provision of a cloud-based enterprise-grade email service, offering ample mailbox space and online calendaring capabilities. This will allow our clients to have multiple devices maintained synchronised, ensuring continuous access to personal emails, calendar, and contacts accessible from anywhere.

In line with the implementation of new technologies, such as the hybrid cloud environment, our teams are modernising their practices in order to provide services more efficiently through DevOps concepts. This includes the automatic provisioning and management of servers, operating systems, database connections, storage, and other infrastructure components. On a day-to-day support we are also implementing automated processes that see through the intelligent provisioning to guarantee capacity and reduce resource consumption to ensure solution scalability, as well as workload monitoring and balancing to prevent potential issues.

This change process is a demonstration of our Agency’s commitment towards its workforce, as we believe that our employees propel our Agency ahead with their knowledge, commitment, and distinct viewpoints. We are an organisation that believe in learning and continuous transformation, as this makes us more resilient, more agile, and more responsive to public service needs.

Human Resouces

The human aspect has always been high on the Agency’s Agenda. The pandemic introduced new challenges and norms in everyday life that counteracted the prevalent health crisis. During 2021, the Agency enhanced the promotion of a work environment that was inclusive, adaptive, and understanding whilst at the same time pushing and challenging the capabilities of its workforce. This was necessary to ensure that the workforce remained capable, engaged, and motivated.

With all this in mind, the Agency continued to support Remote Working in addition to the long-established flexible work arrangements that included Teleworking, Reduced hours, and Flexi-Time policies. The Agency also piloted and implemented a new Flexi-week work arrangement that permits employees to compress or extend a work week from four to six days. In addition, the Agency strengthened the Wellbeing function to help employees who were facing personal challenges. Operational COVID-19 mitigation protocols were retained and enhanced to address risks associated with the spread.

The Agency also received the prestigious accreditation of the Investors in People standard. This accreditation meant that the Agency was evaluated for its people management competences and quality of leadership and was proven to meet recognized standards.

The training function continued to provide existing and new training platforms to promote industry related certifications with its workforce. A new recognition platform was also introduced to recognize and reward those employees who go out of their way in self-development, customer care, corporate and social activities. This platform is crucial to steer the climate and culture of the Agency toward becoming livelier and ever improving.

04.1 MITA Awards for Excellence

On Tuesday, 7th December 2021, the Agency hosted the annual MITA Awards for Excellence. In-line with established COVID-19 related health measures the majority of the workforce met under one roof for the first time after the COVID-19 pandemic. Awards were given to those employees who were voted as having embraced the MITA Values, and achieved the highest levels of teamwork.

The Awards conferred were as follows:

In addressing the everchanging developments of today’s technologies and in order to effectively monitor the ICT operations within our data centre facilities, MITA has undertaken an extensive embellishment project to upgrade the Network Operations Centre (NOC) to meet today’s business requirements.

The NOC operates on a 24x7 basis to ensure ongoing proactive monitoring and provides a first line of support outside office hours.

The design principles adopted at the newly refurbished NOC aims to address the operational needs, visual impact, lighting scheme, environmental consideration, as well as portraying a professional image of the Agency. In addition, the NOC footprint was increased by 25% to provide greater flexibility and functionality.

One major improvement within the NOC was the deployment of wide Video Wall Display specifically intended to improve the visual ICT monitoring tools and consolidate the various dashboards into one holistic Video Wall Display.

The NOC upgrade project is another tangible commitment from MITA to provide high-quality data centre services as well as MITA’s dedication to retain improved uptime and economic value.

06.1 Reverse Bidding for Data Connectivity across the Public ServiceA First for Malta

We may all be familiar with a traditional auction process where competitors raise bids to acquire the object or property that is up for sale. The same concept can be applied to public procurement, in an electronic manner and also in reverse.

An eAuction is a real-time dynamic procurement procedure conducted online between a buying Contracting Authority and a number of pre-qualified suppliers who compete against each other to earn the Contracting Authority’s business. This procedure is appropriate for categories with strong competitive environments among numerous qualified suppliers or when there is a low level of procurement complexity, and specifications are well-defined industry standards.

In a ‘first’ for the Agency and indeed also for Malta’s public procurement, MITA has successfully pioneered a reverse electronic auction as part of the procurement process for the provision of data connectivity services for the Malta Public Service. The imminent coming into force of Government’s remote working policy led to the need to equip remote workers with the equipment and data connectivity necessary to carry out their work remotely. For this reason, in collaboration with the Office of the Prime Minister – Office of the Permanent Secretary (People & Standards) and the Office of the Permanent Secretary within the Ministry for Energy, Enterprise and Sustainable Development (MESD), MITA sought to conduct a reverse e-auction, during which operators competed aggressively to reduce their prices and grab the chance to provide a substantial portion of the Public Service with data connectivity.

Following a call for tenders in which a selection of electronic communication service providers were invited to submit the eligibility, technical and financial information, compliant bidders were invited to participate in an auction process. Conducted as a completely electronic process through the Government’s Electronic Public Procurement System (EPPS), bidders were allowed a pre-determined period of time to outbid each other financially, in real time, within defined parameters, and without the possibility of renegotiating or revising the technical specifications and contractual terms as originally agreed upon when submitting their bid.

The outcome of this exercise are savings to the tune of 37.5% from the maximum allowed rate per connection per month. The initiative will also provide a uniform and harmonised service across the Public Service being provided through a framework contract with one Economic Operator, at very competitive rates, to cater for all data connections required for remote workers. Contracting Authorities across Government will now be able to acquire data connectivity services through this centralised purchasing mechanism established by MITA. This goes to show that innovation can be implemented across all areas of Government- with a little creativity and determination even a call for tenders can be designed innovatively and effectively to achieve substantial efficiency and cost savings for Government.

As part of its strategy, MITA endeavours to provide high-quality digital consultancy services to the Public Administration, to develop procurement frameworks, and to work with the Public Administration to understand better how MITA can assist them in achieving their business requirements. In this specific instance, MITA was quick to respond to the request to assist with the implementation of the Remote Working Policy across the Public Service, by providing its technology expertise, designing and managing the entire procurement process as a Central Purchasing Body, within very stringent timeframes and at the turn of the summer recess period.

Having paved the way for the first reverse auction, MITA will reutilise this procurement procedure whenever the particular circumstances of the procurement will allow. MITA will continue to seek out appropriate use cases to implement reverse auctions, and who knows maybe other innovative procurement and electronic procedures, to continue maximising on investments made in electronic tools.

06.2 Government Modern Workplace Initiative - A Continuous Journey

Two years ago the Agency together with the Government of Malta embarked on implementing a modern workplace aiming at meeting the changing business pressures of the workplace. This changed the way individuals communicate and collaborate, becoming more mobile and requiring more flexibility to the way organizations need to adapt to attract and retain talent.

From the moment the modern workplace initiative was conceptualized, MITA did not consider it a pure technology project focusing only on the deployment of Office 365, but created a detailed adoption and change management plan that handled the people side of change and put end-user training at the forefront of this effort.

For the very first time, the end-user training on Office 365 focused primarily on instructor-led online sessions first using Microsoft Skype for Business then later switched to Microsoft Teams. The Institute of Public Service (IPS) complemented the online training that MITA was offering by delivering short courses about Microsoft 365 services in a classroom style training.

MITA in collaboration with Microsoft organised live training events for the public sector on various Microsoft products such as Microsoft Teams, Microsoft Forms, Microsoft To Do, OneDrive, OneNote, Planner, and SharePoint. This training had started before the pandemic but with the onset of the immediate need to remote working, the training sessions took on a more important role where people took the opportunity to attend these training sessions to be able to perform remote working to the best of their abilities. At the same time, MITA offered self-paced online training videos and recorded webinars through an e-learning site, to accommodate the needs of people who prefer this learning style or did not have the chance to attend the online sessions.

Moreover, Microsoft Teams became the main communication tool for relevant announcements, trying to minimise emails and changes to the people’s working styles and mindsets. A Champions virtual network was also created, consisting of employees across all Government organizations, leveraging tools such as Teams for monthly community calls, trainings, and communication.

The early key decisions taken during the design of the implementation plan to facilitate Government employees with different training streams during the rollout process of Microsoft365 services were rewarding. When the central Government at the beginning of the pandemic took the decision of remote working, the transition for Public Service employees was smooth and seamless. Different Government departments benefitted from these new modern online tools, for example the Ministry of Health implemented the Telemedicine platform where doctors could communicate with their patients and conduct remote health checks.

Training and development remain a top priority aiming at enhancing employees’ skills. MITA will continue with its support and collaboration towards the public sector to improve their day-to-day work by ‘empowering Government employees through a digital workplace’.

06.3 Call Centre & Service Desk

At the heart of MITA, the Service Call Centre is geared to provide the best level of service while striving to maintain a positive user experience throughout its operations. With a 34,000 user-base and more than 500 services being supported round the clock, MITA has embarked on a venture to outsource its first line of support with the aim to continue improving the quality of service provided. This initiative was driven by the MITA Call Centre with the backing of all stake holders.

Prior to the outsourcing of the first line of support, the team was struggling to find the right balance between consistently providing the expected level of support while in parallel investing in our people to remain aligned with the latest technologies.

As part of the outsourcing preliminary analysis, it was noted that approximately 50% of the daily incoming calls can be processed by non-technical trained personnel. These calls, which are usually serviced in less than five minutes are mainly related to queries or basic assistance. The steps required to address these calls can be documented in a format of Frequently Asked Questions (FAQs).

In view of these results, it was agreed that our partner’s main role is to handle all incoming calls and assist on non-technical matters while transferring calls to the MITA Service Desk when technical support is required. In each case a ticket is logged within the MITA’s Service Management System and processed as per defined procedures. In the event where technical assistance must be invoked, the phone call is transferred to the MITA Service Desk for technical support and follow up. The overall service provided is closely monitored by established metrics and quality related checks are carried out regularly. These exercises allow us to identify related process improvements.

This initiative made way for MITA trained agents to support more complex issues. To reach this goal, specific training has been identified and planned so the team is transformed from a Call Centre to a Service Desk. This transformation has led to a higher resolution of the total reported issues without the need to involve MITA Technical third liners or Project teams. Moreover, the number of abandoned calls has decreased while the number of calls answered in the first 60 seconds has increased drastically. Another benefit is that other specialised MITA internal teams have gained more time on their hands to focus on the development and improvements of services under their responsibility.

The transition and training period was very challenging since we had to align ourselves with COVID-19 directives and hence all training had to be delivered remotely.

In late 2020, MITA set up a new Applied Research function responsible for kick-starting innovative proof-of-concept projects (POCs) that solve existing and practical business problems, and promote the practical take-up of emerging technologies, by both Public Administration and MITA as the beneficiaries.

Through its Applied Research initiative MITA’s role is to select and propose problem areas to research through a POC, and then provide overall project direction to keep collaborators on track with respect to the practical goals set for them.

MITA is collaborating with the University of Malta (UoM) and MCAST as academic institutions and/or technology partners to provide their knowledge, competences and resources needed to experimentally develop the prototype and test it in an authentic business setting.

Together with the Government of Malta, the Agency is investing in this, to increase the practical take-up of digital technology for the benefit of citizens and businesses, as well as increase demands for applied R&D skills and expertise. It also strengthens the beneficiary’s business case and mitigates the risks associated with new technologies, through evidence-based inputs when procuring innovative solutions, or improving current ones.

The importance of pursuing Applied Research projects lies in what makes problem driven solutions attractive. They allow for innovation and the incorporation of emerging technologies as a main instrument for the solution. This is how the Applied Research initiative links with the Emerging Technologies Lab (ETL) within MITA. Where relevant and necessary, MITA is making its ETL available as an additional resource to these applied research projects, given the resources and space available.

06.5 Student Placement Programme - The experience of new employers

The Student Placement Programme (SPP) is an annual, mutually beneficial programme for ICT and ICT related students and employers of all sectors during the summer season.

The programme aims to reduce the mismatch between supply and demand for ICT skills in the Maltese labour market. Through this programme employers can have a more diversified workforce as they employ new generations with new talents and a variety of ideas into their organisation.

With an investment of over €750,000 in student salaries, a total number of 396 students and 113 employers benefited from the programme. To reduce the financial burden that came about due to the pandemic in 2021, MITA reimbursed 75% of the students salary to private employers and 100% of the salary cost to the NGOs and the public sector.

The following shows the statistics in which sectors the students were placed, and how many employers from each sector benefited from this year’s programme.

06.6 Moving Forward – Technology an enabler for Change

MITA stepped into 2021 fresh from its recent 30th Anniversary. Over the years MITA has evolved from a company focusing on supporting Public Service reform to a multi-faceted Agency holding a pivotal role in the evolution of Malta into a world class information society and economy. Today, the Agency’s sole client base is the public service and sector, where it provisions digital services to all Ministries and nearly all public bodies.

Understandingly, provisioning and managing hundreds of information systems efficiently and securely is no easy feat, especially when services need to be provided around the clock and when such services are vital for public service delivery.

Backed with its expertise as a mature organisation and a trailblazer of best practices and innovation in the corporate ICT and public service scene, MITA has managed to build a human resource talent and technical infrastructure platforms which allow government to act agilely and productively in an ever-evolving working environment and public administration.

Globally, the COVID-19 situation has impacted the work environment and work processes of millions of workers, Malta and its public sector being no exception. Thousands of public sector employees moved towards working remotely; whilst the use of government online services by the general public and businesses rocketed. MITA’s provision of various digital technologies, tools and platforms acted as an enabler towards such developments whereby government administration could keep productivity while not compromising on quality and security. The demands on the Agency grew further as Malta took various measures needing the support of ICT infrastructure and systems. In parallel with the provision of tools and services, MITA was also involved in supporting the Health Ministry directly in initiatives ranging from Swab Test centers to the delivery of the COVID-19 Contact-Tracing Mobile App.

MITA’s strong client relationship is pivotal towards ensuring that government’s needs can be met efficiently and effectively. Being client focused is one of our keys to success, whilst providing 24x7 Call Centre services, a dedicated Customer Care function, and having various specialised teams for service provision and improvement. The Agency also has a dedicated team of Client Relationship Managers who work daily towards developing and strengthening relationships with government stakeholders.

The pandemic has enhanced the need for governments to be agile and ready for change, while working towards providing services of excellence. Governments now appreciate more the importance of service innovation and preparedness. Locally, digital technology was key in achieving business continuity for various business, government and essential services such as education.

MITA looks forward in continuing to partner with Malta’s Government towards the provision of excellent customer care and value-added services to the general public being citizens, practitioners and businesses.

As an Agency we look forward towards supporting government in providing solutions and services which are accessible and user-friendly as much as possible, leveraging a modern digital ecosystem and contributing towards the definition and execution of the Government’s digital strategies that sustain a modern digital economy.

06.7 Customer Care – Improving through feedback

Throughout 2021, the MITA Customer Care function continued to evolve its deliverables, further transforming towards a more far-reaching mindset. The idea of the function as being simply a reactive unit, only acting on dismayed clients, has progressed to a culture of feedback embracement, one that leads to continual improvement.

Caring for the customer is a sum of moving parts. It is a critical function that needs governance, awareness, structured mechanisms, collaboration, and more. For this purpose, MITA has strengthened the function’s position through the formalisation of the Customer Care Policy. This is the Agency’s demonstration of commitment, thus clearly showing the leadership’s support. Senior Management also continues to review the work carried out by the function at periodical intervals. To ensure compliance with the policy as well as improvement of the Customer Care function the enhancement of internal knowledge and documentation was also a priority.

Throughout the year, work was also carried out to ensure that the deliverables of the unit create more value. In line with this, a clear objective has been set to extend the visibility and include further levels of client feedback to widen the analysis of sentiment. The Agency received 672 complaints, of which 183 required further intervention with the majority being related to technology and processes.

The Customer Care function has thus become a pillar gateway for stakeholders to voice their post-service concern or make more recommendations. It is a day-to-day drive, and as time progresses awareness of this service is increasing, thus allowing more persons to communicate with MITA through this channel.

The peak of the relationship between Customer Care and the client culminates when the analysis of feedback results in improvements taking place. This of course requires meticulous analysis, discussions with various stakeholders, targets, effort, review, and implementation, where applicable. Throughout the year, MITA Customer Care identified and coordinated more than 60 improvements across different departments within the Agency.

While 2021 was a consolidating year for a relatively new function, MITA is aiming at further improving through the next calendar year.

06.8 Prague 2021 – European Cyber Security Challenge

October is the month dedicated to the awareness raising on Cyber Security across the European Union (EU). For the last five years ENISA, which is the Union’s Agency dedicated to achieving a high common level of cyber security across Europe, has been celebrating talent in this domain by organising the European Cyber Security Challenge.

This is a challenge lasting 16 hours spread across two days. Teams composed of ten members, aged between 14 and 25 years, from different countries compete against each other in jeopardy challenges. The aim behind this event is to enhance cyber security talent across Europe and connecting high potentials with industry leading organizations. After acting as an observer for 3 years, this year, Malta set up its own team composed of ten people studying various areas of technology. These were selected following a national cyber security challenge that lasted 24 hours, held between the 31st July and 1st August 2021. Following an interviewing process, twelve were shortlisted and had the opportunity to attend a boot camp delivered by a cyber security specialist. Another challenge of 6 hours was organised from which the best performing ten were selected. From then onwards, it was a roller-coaster of preparations for Prague, the city hosting the 2021 European Cyber Security Challenge. Preparations tackled both the technical aspect but also the social aspect. In preparation for the challenge various roles were assigned to different team members, including the roles of leaders and presenters.

During the competition both the coaches and the team worked together to achieve a positive result. The competion was concluded with an award’s ceremony where various honourable speakers were present, including partners, academics and representatives from ENISA.

06.9 Security Governance – A compliance perspective

The risks involved in the security of information are nowadays very real and a constant cause of concern for business executives operating in today’s cyber space. As organizations maintain their competitive edge in the global economy, they must also consider the risks involved in the number of threats that are evolving exponentially and that may be exploited at any time by malicious actors online.

One of the tools available for organisations today is enforcement, achieved through the effective and meticulous implementation of information security compliance activities which play a critical role within the Security Governance function.

The primary objective of Security Governance is to help ensure that an organisation has the proper controls in place to mitigate information security risks. These controls are at the highest level defined within structured policy documents that lay the foundations for a strong and robust security vision that are clearly communicated within the organisation.

Compliance activities are executed to continuously monitor and verify that this vision is thoroughly understood and implemented by the various business functions that are processing information that needs to be continuously protected from malicious activities, especially in instances when such information is sensitive in nature and/or relates to the processing of personal data. They also ensure that other applicable requirements stemming from international industry standards that the organisation is aligned to or certified against are continuously adhered to and pertinent legislative requirements met.

Conducting security compliance checks help organizations strengthen their commitments towards information security and provide management with visibility on what is working and what is not by determining the present state vis-à-vis the requirements of applicable controls. Such assignments outline conformities and non-conformities and identify corrective actions deemed necessary to rectify issues as per specific regulations, strategies, and policies. Something to keep in mind is that being compliant is very often not enough, organizations must also be able to provide evidence of their compliant state to external assurance bodies such as third-party auditors, implying that executed compliance checks are auditable and thus adequate evidence is required to be collected and preserved to illustrate conformance by depicting all measures taken to comply with required objectives.

Implementing Security Governance and instilling a compliance culture does not come overnight. It’s a continuous process of raising awareness and learning, revising the controls in place to ensure that these are effective in the context of the information involved and adapting to today’s changing technological landscape to protect what’s most valuable for the organisation to the best extent possible.

06.10 Malta – Europe’s Top Performer in eGovernment

Malta was reconfirmed Europe’s top performer in eGovernment, standing out with a score of 96% amongst the 27 European Union (EU) Member States, Iceland, Norway, Switzerland, the United Kingdom, Albania, Montenegro, North Macedonia, Serbia and Turkey.

The results were published in the eGovernment Benchmark 2021 reports on Friday 12th November 2021 by the European Commission.

The benchmarking study carried out by Capgemini, Sogeti, IDC, and the Politecnico di Milano for the European Commission Directorate-General for Communications Networks, Content and Technology measures four dimensions as well as compares the state of play of eGovernment services between the participating countries.

In order to assess how countries are performing in eGovernment, eight life events covering the most common domains of public services, namely setting-up a business start-up, losing and finding a job, career, family life, regular business operations, moving home, transport and starting a small claims procedure, were assessed. Each life event is associated with a journey that businesses and/or citizens experiencing this life event, will go through. For this assessment, mystery shoppers acting as prospective users, visited and assessed webpages relating to these life events, by following a detailed and objective checklist between August and September 2020.

Malta, once again, attained an exceptional result by leading in all the four dimensions and ranking first in the overall results.

Each life event is measured once every two years to allow countries to follow up on the results and to implement improvements after each measurement.

User Centricity Dimension

This dimension measures the online ‘availability’, ‘mobile friendliness’ and ‘user support’ of eGovernment services. Malta has ranked first in the online ‘availability’ and ‘user support’ of eGovernment services, leading this overall dimension with a score of 99%; 11% above the EU average.

Transparency Dimension

This dimension examines mainly the service design, delivery processes and access to personal data. Malta leads in this dimension with a score of 98% while the EU average score is 64%.

Key Enablers Dimension

This dimension measures the availability of several technical elements for the delivery of eGovernment services. Malta attained an overall score of 98%, where again it was confirmed leader. Most of the Government Departments, Entities and Agencies provide their services and Agencies provide their services online, and citizens and businesses are no longer required to physically pay a visit to get served. A citizen who needs to communicate digitally with the Government, is to authenticate themselves by using the electronic identity (eID), fill in the required application forms, and attach related documentation.

Cross Border Services Dimension

The last dimension measured in this assessment is the Cross Border Services. This dimension assesses governments’ ability to provide businesses and citizens from other European countries seamless access to online public services. Once again, Malta is the top performer with an overall score of 90%, 35 percentage points above the EU average.

The eGovernment Benchmarking assessment is key to continuous improvement. Government Departments, Entities and Agencies are implementing digitalisation and modernisation initiatives, to continue providing citizens and business best-in-class services.

Malta must be proud of this success.

The eGovernment Benchmark 2021 Insight and Background Reports are available at

06.11 Implementing the Single Digital Gateway in Malta

The Single Digital Gateway (SDG) is intended to facilitate online access to the information, procedures, and assistance services that citizens and businesses need to get active in another EU country. The Ministry for the Economy and Investment requested MITA to help with the implementation of the SDG in Malta, in line with our recently launched corporate strategy and our ambitious programmes for Digital Transformation.

The SDG envisages a once-only technical system set up for the transmission of the electronic evidence required for the fulfilment of procedures across borders. The principal benefit expected from the system is the authenticity of the evidence which will be provided by approved sources.

To illustrate the process, for an Italian citizen to access a cross-border service to register for a second degree offered by an education institute in Malta, she would first authenticate to the service with her Italian credentials using the eIDAS Node. Subsequently, the service would ask the Evidence Broker what type of evidence is required to fulfil the criterion for eligibility which in this case is the completion of a first degree. The broker would inform the service that the required evidence type is a first-degree certificate. The service would then ask the Data Services Directory from where to obtain such a certificate from Italy, and the directory would respond with the location of one or more data providers.

The service would then be required to ask the user for an explicit request to seek the evidence from the selected data providers. If such authorisation is granted by the user, the service would then use the eDelivery system to submit a request for evidence. Upon receiving the information, the service would be required to allow the user to preview the evidence prior to using this within the procedure.

It has been confirmed that the CEF eDelivery building block will be adopted as is in the SDG technical specifications. To de-risk the project, MITA immediately set out to implement this part using our Cloud-based technologies. eDelivery uses a decentralised four-corner model messaging topology, allowing communication between different parties without setting up bilateral channels.

In conclusion, the SDG represents the biggest attempt made so far by Europe to achieve widespread cross-border digital connectivity and the project presents several interesting business-related, legal and technical challenges. MITA is very well positioned to facilitate this transformational journey in Malta by providing technical expertise and building the shared services required to achieve these objectives.

06.12 The benefits from MITA’s LAN Procurement Framework

The push towards digitalisation has taken an exponential leap in the last few years, largely due to the ever-increasing demand on ICT-related services and products that rely on digital connections. In fact, years ago the Maltese Government launched it’s own National Digital Strategy covering 2014 – 2020.

The Maltese Government has always strived to provide citizens with access to value added services which are both efficient and effective in terms of quality and execution. MITA, being the enabler of such services, invests heavily in technological solutions by embarking on projects and procurement frameworks that give Government the right options and tools with which such services can be offered.

One of the latest procurement frameworks offered by MITA was related to wired and wireless network equipment which can be procured by government Ministries, Departments and Entities. Now commonly known as ‘LAN Procurement Framework’, the benefits this framework provides are multiple; apart from offering highly discounted prices through a large volume purchase framework and greatly reducing procurement complexity and delivery times, it also paves the way to a standard setup across the MAlta Government NETwork (MAGNET). Through the installation of networking devices of the same brand and model, MITA can offer a homogenous ecosystem and the best possible service in terms of updates, maintenance and network changes that meet client expectations who can then focus offering fit-for-purpose services to the public.

As part of the wireless framework, MITA procured enterprise grade network equipment to redesign the provision of wireless networks across government sites. One of the main objectives of this framework was to simplify the procurement process vis-à-vis client related wireless infrastructure projects. The MITA Network Services team created a simple yet scalable design which is easy to replicate across different government sites and is centrally managed from the backend infrastructure. In addition to the widely known benefits of wireless connectivity, wireless network access has become ubiquitous to accommodate the new mobile workplace. Trends such as seamless remote working (securely work from anywhere) and the increasingly expanding domain of Internet of Things (IoT) introduced ancillary management and security control challenges. The high level of investment in this new wireless infrastructure, opened a new window for supporting enhanced user mobility, productivity and security control requirements with the adoption of Network Access Control (NAC) technology.

MITA invested considerable resources in 2021 to get to a stage whereby this LAN Procurement Framework can start being used by the CIO Offices across government. The procurement made so far by CIO Offices on wired and wireless network equipment has already been significant; which resulted in substantial cost savings for Government. It is envisaged that through the resultant standardised setup across government sites, the LAN Procurement Framework will provide always-on, secure, network connectivity with the desired performance and user experience coupled with a high return on investment.

06.13 Supporting Our Digital Future - An Automation Journey

In today’s digital world, Government organisations leverage ICT to offer public services with increased efficiency and reduced queuing time. Government ICT systems and services need a secure, reliable, and flexible environment to cater to diverse needs.

The Systems & Databases Team is dedicated to build and support a stable and secure hosting infrastructure, both cloud and on-premise, which Government organisations can use to build their applications. The support and continuous improvement of such an extensive infrastructure built with a plethora of diverse technologies can be quite arduous and time-consuming, especially if repeatable tasks are required to be done manually and frequently.

To keep abreast of the improvements, the team soon realised the need to transition from traditional system administrators that react to daily situations and that are more accustomed to being task-driven, to a team that harnesses automation and proactive engineering.

One can compare the work with that of a chef who spends most of his time preparing food to achieve consistent food quality. The chef realised that he is spending too much time on cooking and would prefer to dedicate more time to creating new recipes, so he needed to find a solution that would speed up his cooking processes while maintaining high standards. He invests time in implementing an automated solution for his meals creation to have a standardised quality of food, speed up preparation time, cut down waiting time, be proactive, and provide self-service without requiring his input.

Furthermore, the chef designed a process to manage his kitchen inventory whereby meals are prepared automatically and the ingredients used are deducted from the stock. Once the inventory of those ingredients is low, an order is automatically sent to the supplier.

In 2021 the Systems & Databases team started to automate several mundane tasks, some of which required days to be serviced manually as other teams’ input was needed but which are now being completed within five minutes. These initiatives provide many advantages apart from considerable time saving, such as standardisation and efficiency. Having a standardised automated process also eliminates human errors that would result in unplanned work, similarly when the chef would have to urgently re-prepare another meal because he added too much salt. In our environment, a meal could be anything from the creation of a trivial shared folder to the setting up of a critical and complex solution where a modest error could potentially result in service downtime or degradation, possibly causing hours (or days) of unplanned work.

The time saved by virtue of these initiatives is being utilised to further achieve greater automation goals, with the intent of increasing efficiency that all stakeholders can benefit from. The team aims to continue building on these achievements and evaluating solutions for providing self-service to the clients, while also identifying the best way to engineer and implement better self-healing processes. In such a dynamic industry where tasks and technologies are constantly shifting, and human resources being a scarce commodity, these initiatives are not a destination but an enthralling ongoing journey that empowers us to support the country’s digital future efficiently and effectively.

07. Commitment to Quality and the Environment

During 2021, MITA continued its pursuit of excellence by achieving very good results during the external audits against the three ISO Standards it holds, being ISO 9001:2015 for Quality Management, ISO 27001:2013 for Information Security (both standards under the TickITplus Scheme) and ISO 14001:2015 for Environmental Management.

The Agency ensures that policies and procedures are being reviewed and applied across its operation by utilising these standards. The Certification Management Unit, within the Facilities Management Department, performs several internal assessments throughout the year. These are aimed at assuring the compliance to the ISO standards maintained by the Agency and that improvements are applied wherever possible.

MITA’s philosophy is that every single employee is part of its feat towards excellence, therefore every department of the Agency is represented within the ISO Forum, which is chaired by the Certification Management Unit. The main duty of this Forum is to enable cross functional continuous improvement of the agency’s operational procedures. Through the Forum, information on standardisation can flow from the roots of the Agency to management and vice versa.

Conformity with international industrial standards is very dynamic. It inspires organisations to be always abreast towards new methods of operation and emerging technologies which can transform and improve their output and customer satisfaction. In this effect, the Certification Management Unit continuously seeks to assist the Agency to achieve full benefit of its investment in the ISO Standards it holds.

MITA has always and will continue to strive to ensure that it controls how customer requirements are processed and transformed into quality products and services with the relevant information security measures, while ensuring an environmentally friendly policy.

MITA Cares, is the Agency’s Corporate Social Responsibility (CSR) reaching arm that ensures its employees are and remain good corporate citizens.

Social responsibility incorporates everything that every single one of us do, which indirectly has an impact on the society around us. It reproduces our morals, values and conduct as an organisation.

MITA Cares regularly organises events and encourages employees and their families to participate as volunteers in aid to improve our community.

Through these programmes, the MITA Cares Committee nurtures in our employees the culture of responsibility.

The MITA Cares Committee apart from supporting MITA employees, where at times may be going through personal difficulties, MITA Cares engages with several NGOs and entities. The support comes through ICT hardware donations, financial contributions, food donations, logistical support and employee’s voluntary work.

Such NGO’s includes ALS, Puttinu, Caritas, Aġenzija Appoġġ, and the Malta Community Chest Fund Foundation. With the latter, MITA provides a major support during the annual L-Istrina marathon by taking care of the pledging call system and their collection.

Periodically throughout the year, the MITA Committee also promotes blood donation campaigns to support the National Blood Donation Centre.

09. Financial Statements

09.1 BOARD

REPORT for the year ended 31 December 2021

Board Members

MEMBERS’

Mr Tony Sultana - Chairman

Mr Anthony Borg

Inġ Saviour Baldacchino

Mr Joseph Noel Agius

Dr Helen Borg Muscat

Ms Rosana Piscopo (Appointed on 1 July 2022)

Board Secretary

Registered Address

Dr Aaron Mifsud Bonnici

Gattard House National Road

Blata l-Bajda HMR 9010

Malta

The board members of the Agency present their annual report and the audited financial statements for the year ended 31 December 2021.

Overview

Malta Information Technology Agency (MITA) is the central driver of the Government’s information and communications technology policy, programmes and initiatives. The Agency is responsible for the delivery and management of all programmes related to the implementation of information technology and related systems in Government with the aim of enhancing public service delivery.

MITA also provides information and communications technology infrastructure services to Government. Additionally, the Agency promotes and delivers programmes aimed at enhancing ICT education and the use of ICT as a learning tool. MITA is also involved in initiatives aimed at proliferating the further application and take up of information and communications technologies in society and economy.

Core ICT Services to Government

Throughout 2021, the provision of Core ICT Services to Government detailed by means of a contractual agreement between MITA and the Ministry for Economy and Investment, continued to provide the basis for the provision of the core ICT infrastructure to Government.

Projects and Programmes

The delivery of specific projects and programmes provided a significant portion of the Agency’s business during the year. Specific programmes and deliverables included:

Strategy and Governance

MITA supported the Data Governance Council in the definition of a Data Strategy. The Strategy aims at fostering data empowerment towards a more effective digital transformation.

MITA has also been commissioned, to work alongside other contributors, on Cyber Security, focusing on aspects such as policy direction, operations, awareness and education, and foreign cooperation.

MITA was also tasked to review a draft of Malta Digitali - the national digital strategy for the years 2022 - 2027. Malta Digitali is seen as a crucial instrument for the attainment of Malta’s Economic Vision 2021-2030, through a series of actions aimed at attaining digital transformation on a national scale.

Digital Infrastructure and Services

During this year, we have strengthened our internet bandwidth to improve connectivity and data transmission to optimise work-from-home user experience. We have also invested around €1M to upgrade our infrastructure to make our service more efficient and secure.

Procurement vehicles were made available for Ministries and Entities, which apart from facilitating the procurement process, also provided advantageous prices, for instance, for the procurement of networking equipment such as network access points.

As part of the continuous improvement initiatives, in September, a major network change was carried out to strengthen and simplify the core routing infrastructure in view of several significant projects which MITA would be working on over the next months.

The core service management processes, namely Change Management, Configuration Management and Problem Management, have undergone improvement initiatives to realign them with the current business needs, while further exploring agility concepts and practices in this regard.

Digital Security

The increased use of digital technology brought with it even additional challenges. To rise to this challenge, MITA made substantial investment both in the facilities and tools within its Security Operation Centre, for the monitoring and continuous protection of digital infrastructure. We also set up a digital forensics and malware analysis laboratory. This will aid us to strengthen our controls and respond to incidents more efficiently and in coordination with local and international partners regarding threat intelligence.

Throughout 2021, we continued to invest in having the best tools to make use of machine learning and Al. We have continued to strengthen the collection of

intelligence related to digital attacks through international collaboration and have assisted in the protection of government systems.

MITA was also appointed by Government to fulfil the role of the National Cyber Security Coordination Centre on behalf of Malta, acting as the link with the EU counterparts in the chain to fight Cyber Security threats and attacks.

Digital security is not only the responsibility of Government but of each and every one of us. We therefore continued the national awareness and education campaign in our society including the public, private and public sector with the aim of increasing the level of digital security at national level.

Information Systems

MITA progressed with its programme to modernise IT systems, including Tax, Customs, Social Security, Health, Public Registry Systems, Justice, VISA and EU funding systems. This is being done to better address the needs of our clients and enable better service to the citizens and businesses, whilst also making better use of the investments being made in technology. Additionally, we have also provided consultancy services to other Ministries and Entities in modernising their systems to meet changing requirements, increase capabilities, and improve performance to meet today’s fast-changing needs. These include Police, social security systems, JobsPlus, the Transport Authority and Malta Enterprise, with the latter in relation to the Business Portal.

We also developed the website vaccin.gov.mt, the Rapid Antigen Test system, improvements to the myHealth portal to the Ministry for Health and provided consultancy on the implementation of the Digital Green Certificate.

Extensive work has also been done on Tax and Customs systems to adopt the EU One Stop Shop directive. We are also implementing Al and Machine Learning concepts in various systems, including the Commissioner of Revenue systems.

Digital consultancy and platforms

MITA provided consultancy services to the Public Administration on the Document Management system. We have invested to build a new platform based on the latest cloud technologies which will be used to host Government web sites.

An investment of around €100k was also committed for the implementation of a Content Management System, built in accordance with the GDPR and accessibility directives. The use of our Workflow Automation solution, which provides all the tools necessary for the creation of public and internal facing eServices, continued to facilitate the transformation of business processes providing increased quality of service delivery, as well as an optimised value chain that complements the resources available within government.

MITA Government Payment Gateway, is part of the horizontal infrastructure supporting the eGovernment services. We continued to invest in this service to ensure continuous stability and security of service provision.

This year we also worked on the Single Digital Gateway, to build digital services that can be used by citizens of other EU member states. Related to this, we have continued to support the EIDAS Node, which recognizes electronic credentials from European countries. All EU member states are now connected to use these services.

MITA also provided consultancy to Government on the proposal to build a European Digital Wallet for the electronic identity of European citizens. We also strengthened the elD solution, which among the available electronic services, has been used for the download of the digital Government Voucher eWallet and for the electronic COVID-19 vaccine certificate.

Recovery and Resilience Facility - EU Fund

MITA took a central role in the preparation of the business case to request EU funds through the Recovery and Resilience Facility. Malta was successful to receive a budget of €SOM for investment in the digital field, of which almost €23M will be used to improve the Government’s digital infrastructure. Two priority areas are Digital Security and remote working platforms.

Reverse Electronic Auction - Data Connectivity Services

In 2021, MITA pioneered a reverse electronic auction as part of the procurement process for the provision of data connectivity services for the Malta Public Service, to equip remote workers with the equipment and data connectivity necessary to work remotely, pursuant to Government’s remote working policy. Following a call for tenders inviting a selection of electronic communication service providers to submit the eligibility, technical and financial information, compliant bidders were invited to outbid each other financially in a fully electronic auction process. The process resulted in savings of 37.5% from the estimated budget, and harmonised services across the Public Service being provided through a framework contract with one Economic Operator for a maximum value of€1.8M, excluding VAT.

Other main contracting initiatives

MITA was also involved on the Electronic Public Procurement System (ePPS) renewal agreement, the re-issue of the Microsoft licenses contract and the conclusion of the Enterprise Resource Planning (ERP) tendering process.

The Internal Audit Office

The Internal Audit Office (IAO) primary mandate is to ensure an independent disciplined approach in evaluating and improving the Agency’s controls and in adding value to the operations of MITA. Risk based Audits and reviews are conducted as commissioned by the Board Audit Committee (BAC) and as illustrated in the IAO Strategic audit plan. IAO ensures the uphold of four main principles as part of its code of ethics, being, Integrity, Objectivity, Confidentiality and Competency in adhering to the Institute of Internal Auditors (IIA) International

Standards. IAO also develops a yearly risk based plan, as approved by the Board Audit Committee (BAC) which is realised through the verification of key risks at both strategic and operational level. Recommendations are put forward to add value and ensure improvement both in audit engagements and audit follow-ups.

The BAC plays a key role in assisting the MITA board to fulfil its oversight responsibilities in internal control systems, risk management systems and the internal and external audit functions whilst ensuring the objective assessment of the Agency’s performance and its management. The MITA Internal Audit Office reports to the BAC, enabling independence and the structural separation from management to enhance objectivity.

Enterprise Risk Management

During 2021, MITA continued in its endeavours towards ensuring that Enterprise Risk Management (ERM) is integrated within the Agency’s processes and that risks, of different classifications, are being identified and effectively managed in a timely manner in line with the ERM policy and procedure, whilst taking into consideration the Agency’s risk appetite. Through regular ERM Committee meetings, it is ensured that material risks which may impact the Agency are routinely discussed, reviewed, and monitored by the ERM Committee members. The MITA Risk Register System (RRS) in use by the Agency is also regularly updated in terms of functionality to ensure that it continues to provide a solid base where MITA risks are recorded and maintained.

Achieving Corporate Governance

The Internal Audit Office and ERM continued to work jointly to carry out risk-based checks on multiple risk areas within the Agency, which has contributed to the identification of risks that MITA may be exposed to, and the recommendation of effective controls to mitigate the risks. Follow-ups of previous activities have ensured the effectiveness of the verified governing controls. Additionally, in 2021, IAO and ERM established a Risk Based Audit Plan development framework, to build the annual risk based plan through the use of a systematic risk assessment. This framework was immediately benchmarked to create the Annual Risk Based Plan 2022.

Financial review

The overall financial performance of the Agency for 2021 shows a net surplus before tax of €975,791 (2020: €828,672). Revenue from the provision of projects and ICT services to Government reached €35,788,038 (2020: €32,031,072), up by 12% from 2020 results.

To the Members of Malta Information Technology Agency

Report on the Audit of the Financial Statements

Opinion

We have audited the accompanying financial statements of Malta Information Technology Agency (“the Agency”), which comprise the statement of financial position as at 31 December 2021, the statement of profit or loss and other comprehensive income, statement of changes in accumulated fund and statement of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies.

In our opinion, the financial statements give a true and fair view of the financial position of the Agency as at 31 December 2021, and of its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards (IFRS) as adopted by the European Union (EU).

Basis for Opinion

We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditors’ Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Agency in accordance with the ethical requirements of both the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards) (IESBA Code) and the Accountancy Profession (Code of Ethics for Warrant Holders) Directive issued in terms of the Accountancy Profession Act (Cap. 281) in Malta that are relevant to our audit of the financial statements, and we have fulfilled our other ethical responsibilities in accordance with the IESBA Code and the Code of Ethics for Warrant Holders in Malta. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion.

Other Information

The board members are responsible for the other information. The other information comprises the board members’ report. Our opinion on the financial statements does not cover the other information, including the board members’ report.

In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially misstated. If, based on the work we have performed on the other information that we have obtained prior to the date of this auditors’ report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.

Responsibilities of the Board Members for the Financial Statements

The board members are responsible for the preparation of financial statements that give a true and fair view in accordance with IFRS as adopted by the EU, and for such internal control as the board members determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error.

In preparing the financial statements, the board members are responsible for assessing the Agency’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the board members either intend to liquidate the Agency or to cease operations, or have no realistic alternative but to do so.

The board members are responsible for overseeing the Agency’s financial reporting process.

Auditors’ Responsibilities for the Audit of the Financial Statements

Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements.

As part of an audit in accordance with ISAs, we exercise professional judgement and maintain professional scepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit proce dures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.

• Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Agency’s internal control.

• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the board members.

• Conclude on the appropriateness of the board members’ use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Agency’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors’ report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors’ report. However, future events or conditions may cause the Agency to cease to continue as a going concern.

• Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation.

We communicate with the board members regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit.

This copy of the audit report has been signed by

Registered Auditors

Mdina Road

Zebbug ZBG 9015 Malta

02 September 2022

09.3 STATEMENT OF PROFIT OR LOSS AND OTHER COMPREHENSIVE INCOME

09.4 STATEMENT OF FINANCIAL POSITION

The financial statements have been approved and authorised for issue by the board members on 02 September 2022: