MITA Annual Report 2020

ANNUAL REPORT 2020 1

2

TABLE Table OF of CONTENTS Contents

01.

EXECUTIVE CHAIRMAN’S STATEMENT

4

02.

BOARD OF DIRECTORS 6

03.

EXECUTIVE COMMITTEE 8

04.

HUMAN RESOURCES 10 04.1 MITA Awards for Excellence 13

05.

THIRTY YEARS OF MITA 14

06.

MITA BRANDING 20 06.1 Our Logo 22 06.2 Digital Look 23 06.3 Messaging Framework 23 06.4 Launch 27 06.5 Campaign 27

07.

MITA STRATEGY 30

08.

HIGHLIGHTS FROM 2020 34 08.1 Technical Direction And Enterprise Architecture 35 08.2 The Heart Of MITA’s Security Operations Excellence 36 08.3 Cyber Security Malta 40 08.4 An Automation Journey 41 08.5 Transformation Of The National Electronic Identity Solution 44 08.6 Data Quality And Record Linkage 45 08.7 Workstation Management 46

09.

SUPPORT DURING COVID-19 48 09.1 Managing It Service Desk 49 09.2 Business Continuity And Support For Covid-19 Initiatives 50 09.3 Covid19 Test Tracking 52 09.4 Telemedicine 52 09.5 Covid Alert Malta 52

10.

ENVIRONMENTAL COMMITMENT 54 10.1 MITA’s Tangible Commitment Towards The Environment 55

11.

MITA CARES 56 11.1 MITA Shares Its Digital Heart with Dar tal-Providenza 57

12.

FINANCIAL STATEMENTS 60 Board Of Members’ Report 61 12.1 12.2 Projects & Programmes 62 12.3 Statement of Board Members’ Responsabilities 69 12.4 Independent Auditors’ Report 70 12.5 Statement of Profit or Loss 73 12.6 Statement of Financial Position as At 31 December 74

3

01. Executive Chairman’s Statement

Executive Chairman Tony Sultana

2020 marked the 30th Anniversary since the establishment of the Malta Information Technology Agency (MITA). A year where, in addition to completing our commitments for the strategic period ending 2020, we planned a programme of activities to celebrate our three decades of success in delivering ICT services and solutions to Government. Our plans however had to be recalibrated to deal with the unexpected situation brought by the COVID-19 pandemic. We acted promptly, before the pandemic circumstance escalated, by simulating possible scenarios that the Agency could face to continue providing its critical services to Government, in a time where the value of ICT has more than ever proofed essential. We proved ourselves once again to rise to this unexpected situation and ensured continuity of services and supported our clients to shift to remote operations as needed. This was only possible through the commitment of our employees and our investment in modern workplace technologies that provide the flexibility to support a diverse range of modern ways of working.

4

“

“

We proved ourselves successful also through this difficult time, once again demonstrating our strategic value to Government.

While doing so, we continued with our plans to setup a new Security Centre that showcase our commitment towards safeguarding Government’s critical ICT assets. We continued to invest in modern technologies and tools to enhance our cyber intelligence and defense capabilities to proactively address any identified vulnerabilities and act against possible threats. Indeed, we proved ourselves successful also through this difficult time, once again demonstrating our strategic value to Government. Yes, not only did we achieve this, but as part of our 30th Anniversary commemoration, we underwent a full organisational corporate rebranding to give our brand identity a deserved updated and vibrant image that it deserves today.

5

6

02. Board of Directors

Left to right: Dr. Helen Borg Muscat, Anthony Borg, Tony Sultana (Executive Chairman), Ing. Saviour Baldacchino, Dr. Aron Mifsud Bonnici (Board Secretary), Joseph Noel Agius

The events that occured during 2020 have tested our preparedness to handle unanticipated situations. They tested the resiliency of our Agency - our people, processes, operations and infrastructure, to quickly respond and adapt to scenarios that were unexpectedly presented. It allowed us to emerge stronger and be better prepared to weather what comes next. As we worked through to address the pandemic situation, we progressed to deliver our commitments, providing ICT infrastructure and services, professional project management and consulting services to the Government. Moreover, we supported Government to implement solutions to manage COVID-19 relief schemes and initiatives that had to be introduced to sustain the economy. We were there to support the Public Health to setup Swabbing Centres and implement solutions to facilitate processes for the management of Swab Test results and the COVID exposure Alert App. Concurrently, we took stock of our achievements and laid down a new strategy, setting our goals for the next three-year strategic term 2021 – 2023 with a set vision to be “Committed to a Digital Future”. This will be achieved through focusing on four strategic drivers, i.e. Leadership, Innovation, Effectiveness and Governance, that will help achieve our strategic goals. Despite the situation, we wrapped up the year through the organisation of the MITA Awards for Excellence, this time with a difference, hosting a smaller scale event however live streamed to reach every employee. Together, amongst others, we acknowledged employees whose work practices reflect the true value of the Agency’s values – People, Empowerment, Continuous Improvement, Client Focus, Professionalism. As a token, every employee was given a copy of MITA’s commemorative publication: Celebrating Our 30th Anniversary - Honouring our Past, Embracing the Future. 7

8

03. Executive Committee

Left to right: Robert Galea, Pierre Vella, Priscilla Bugeja, Tony Sultana, Wayne Valentine, Jonathan Cassar Ivan Alessandro. Ing. Emanuel Darmanin, Jesmond Mizzi, Ing. Ian Bonello

The pandemic situation that we faced in 2020 has revealed the true value of MITA – our employees. It allowed for greater collaboration between teams, putting more to practice our cross functional skills, think more widely and with an open mindset. Through this we managed to continue to grow into an organisation that is more resilient and agile to adapt to changing scenarios and client demands. Our advantage was our experience and knowledge capital which we have nurtured throughout the past three decades. Our investment in technology has reached new heights, reaching around €1.2m, with a programme aimed to modernize and consolidate our infrastructure to sustain and support Government’s digital transformation programme. This included investment in a mix of on-premise and cloud-based technologies, backup infrastructure, networking equipment, increased internet bandwidth, transformation of the National Electronic Identity (eID) Solution and the modernisation of core information systems. We also looked into our support solutions and services to improve the client support experience. Along the pandemic, the world experienced an increase in cyberthreats. Hackers took advantage of the accelerated pace of digitalization and were in the lookout for exposed ICT assets and infrastructure to target. Not only did we extended our Security Centre operations services throughout this high-risk period but inaugurated a new purpose-built Security Centre equipped with modern security monitoring and response tools. For the latter, MITA subscription services amounted to approx. €2m which were aimed towards enhancing Government’s security posture. At par was the investment in the Cyber Security campaign targeting the public and the private sector, as well as the citizens. We retained our commitment toward the ICT students, tomorrow’s workforce, by hosting the annual Student Placement Programme (SPP), providing summer job exposure to 300 students across more than 77 organisations. We achieved this while being understanding of the pandemic situation and the employee personal needs brought therewith.

9

10

04. Human Resources

2020 was planned to be a year full of activities to commemorate the 30th Anniversary since the establishment of MITA (formerly MSU Ltd, MITTS Ltd). However, 2020 turned out very differently than planned. The Agency’s programme of activities had to be recalibrated in view of the pandemic, and all organised activities had to be downscaled to follow the Health authorities’ directives. Indeed, the pandemic disrupted the regular work routine! Human Resources (HR)’s role emerged as being critical to support management and employees to quickly adapt to changing work routines, adjust to social distancing practices and switch to remote working, at an unprecedented rate and scale. The Agency introduced a new Remote Working policy in addition to the long-established family friendly measures that included Teleworking, Reduced hours and Flexi-Time policies. Despite the increased workload due to changing work practices and health concerns, HR’s priority during the pandemic remained the employees’ health and well-being. Good and frequent communication was crucial to keep the Agency’s workforce focused, motivated and engaged. During this difficult period, management hosted regular online team meetings including one-to-one meetings with employees. The latter, apart from addressing work related issues, helped morale and support specific employee needs. Through the established systems and services, infrastructure and tools, the Agency rapidly deployed the majority of its workforce to work remotely, thereby protecting the safety of those employees required to physically report to the office. All this ensured that the critical Government ICT services, such as those in use by the Health sector, remained operational.

11

12

4.1 MITA Awards for Excellence On Thursday, 17th December 2020, the Agency hosted the annual MITA Awards for Excellence at the MITA Data Centre. In-line with established COVID related health measures the event was streamed online to allow all MITA employees to follow the event. Awards were given to those employees who were voted as having embraced the MITA Values and achieved the highest levels of teamwork. The Awards conferred were as follows: • Professionalism Award - Reuben Gauci • People Award - Sonia Debono • Client Focus Award - Matthew Catania • Continuous Improvement Award - Felix Attard • Empowerment Award - Wayne Bonello • Chairman’s Award- Robert Grixti

• Team Award – Maintenance Team - Wayne Portanier - Oliver Sammut - Daniel Farrugia - David Camilleri - Valerio Hall - Victor Scicluna - Carmel Borg - Gaetano Formosa

During the ceremony Alan Brincat and Adrian Camilleri were also conferred the title of MITA ICT Technical Fellows.

13

14

05. Thirty Years of MITA

An Enduring Success of a Public Entity During the MITA Awards for Excellence event, MITA launched a publication to mark the 30th Anniversary since the establishment of the Agency. This book provides a detailed overview about how the Agency has evolved throughout these years and gives a profile on how it took an active role to deliver modern digital solutions to the Maltese Government. MITA, formerly MSU Ltd and MITTS Ltd, was established in 1990 and has since then been constantly dedicated in assisting the Government in transforming technological innovations into real business solutions that facilitate public service delivery. This book covers the history of the establishment of the Agency and the progress that MITA has made through visionary strategies that have seen the implementation of the technology, such as the network service (the MAGNET), email and the Internet. We have seen information systems implemented and developed for those that are today. We have seen the establishment of computer rooms that met the needs of the time for the construction of a modern Data Center, which we have today. We have always been protagonists in the implementation of procedures and standards for the operation and good governance of ICT services, built and operated in accordance with international standards, which are regularly audited. Over time we wanted to always be there to give the best service. We have set up a Call Centre, today with a 24x7 operations, to assist, and if possible, solve technical problems as soon as possible. We have implemented a proactive monitoring service for our solutions, with holistic visibility over Government digital infrastructure. Priorities continued to change over time and today at par with the continuous development in technology so has the sophistication of malicious attacks. So had, therefore, the priority in the security of systems and infrastructure has continued to grow and today MITA has a modern centre with the best solutions to protect and guard against cyber threats. All this was not permissible, if not for all employees who have worked or are still employed with the Agency to date. We learned together, and we always looked forward. We learned, too, from some of our mistakes, but we never looked back. We have always been there to give the best service. This has allowed us to succeed and gain recognition. For example, in eGovernment services where over the years we have been at the forefront of other EU countries. So, we have always been a supporter of the Government of the day, where we have been called upon to offer our services at national events, including the coordination of changes in Y2K-related systems, the euro, events such as CHOGM, the Maltese Presidency of the EU, in ICT and other legislation.

15

We also wanted to share our experiences with students, our future co-workers, where we provided various opportunities, including summer jobs and apprenticeships, scholarships and incentives for startups. We have also opened a laboratory where one can practice on new technologies. Apart from our work, MITA employees have always been protagonists in being there for those who need help in any way. Through MITA Cares, which today leads this work, community work is constantly being done, such as MITA’s participation in l-iStrina and Puttinu Cares, and the implementation of the WIFI network for id-Dar tal-Providenza. Today MITA, through the direction of the Ministry for the Economy and Industry, collaborates with the Office of the Principle Permanent Secretary and Ministry CIOs to attain its mandated strategies and assigned projects. The Agency is dedicated in assisting the Government in transforming technological innovations into real business solutions. Its unique approach combines an innovative array of ICT and project management services with focused delivery capabilities using tried and tested methodologies to help fulfil Government’s strategies and projects and maximise the benefits of investment in technology. This book lists some of these experiences and augurs a future ahead in continuing to transform technological innovations into real business solutions that facilitate public service delivery.

16

17

18

Use the QR code to watch the video

19

06. MITA Branding

20

As part of the 30th Anniversary celebration from its foundation, the Agency launched a new brand image that represents our past, our future and the way forward that we must achieve together. A change in design that represents an Agency that must always move forward in terms of its technology, security and digital implementation. An initiative that brings not only a change in appearance, but also in our ideology. We will be the digital future of our country. The rebranding exercise commenced with a brainstorming exercise which highlighted the importance of the changes within MITA and its brand image externally. This was followed by the setting up of a strategic team involving a number of employees from different departments and led by our marketing executives. A professional entity was engaged to support throughout the process. The exercise began through the to formulate through the identification of the new logo. Once this was finalised the strategic team started to work on several initiatives such as website, signages, branded stationery and merchandise. More than ever, it has become very clear that the digital support and protection we provide is crucial for the country. We have understood and showed that our Agency is essential for our country’s digital future. And this led us to change our brands’ image, which now better reflect our identity. The last phase of the rebranding exercise was the launch of the new MITA strategy which focuses on how to work digitally better across all government sectors.

21

06.1 Our Logo In this initiative we have rebranded our identity by changing our logo, our website, our corporate look, and we will continue to change and grow together. The MITA logo displays an arrow which acts as an identifier that symbolises two things; the back-end development through coding and a forward-looking direction, meaning a vision to propel MITA into the future. This is intended to push the agency to the forefront, making it one of the best digital innovators in Malta for the upcoming years. It’s designed to channel flexibility, harnessing the power of technology into the identity of the agency. This logo serves as a homage to the very start of the programming language age. In the beginning, the use of such languages in our world was something that caused a significant shift. It completely transformed our way of life and opened doors to endless possibilities. MITA is doing just that, by entering in this new chapter. This fresh start, with a thirst for growth into uncharted waters and prior experience, enables us to be at the forefront in consulting the Government with technical solutions. The other arrow point-like symbol symbolises MITA’s ongoing journey. The dash at the top shows the starting point, is an acknowledgement of the past, while the one at the bottom illustrates the unknown yet bright future that lays ahead. MITA’s journey towards the future is one with experience and knowledge after all the brand bears a 30-year legacy which warrants celebration.

22

06.2 Digital Look As part of our rebranding the Agency also changed its main digital look by transforming the MITA website. The new website incorporates all the new elements of the MITA branding and features the main services that MITA offers. The careers section was also revamped and know prospective candidates can apply directly from the page. Subsequently the main Call Centre which was previously separate from the main MITA website was also introduced in the new website. A new chat system was also introduced, and Call Centre Agents can now be contacted through a messenger. In addition, a full portfolio which includes all MITA roles and services was introduced.

06.3 Messaging Framework Our rebranding marks a new chapter in the agency’s history. A change that will define us and will lead us to new opportunities. We have the expertise, experience, capacity and willingness to continue to be Government’s prime consultant where it comes to digital technologies, whether this relates to policy direction, enterprise architecture, and design, implementation and support of secure digital solutions as well as our core values. This is why MITA’s ‘Our Digital Future’ is divided into the following arms: • Shaping Our Digital Future • Supporting Our Digital Future • Securing Our Digital Future Shaping as we are catalyst in the implementation and execution of all ICT Government strategies. Supporting as we support Government in critical ICT systems and major national events like how MITA was at the forefront to keep the public sector moving forward during the pandemic. Securing as we are responsible of safeguarding all Government system to work efficiently and in a timely secure manner.

23

24

Visit our website 25

26

06.4 Launch With Covid-19 regulations the Branding Strategic team decided to go for a Big Bang Launch. All old logos were replaced in a weekender from Friday 25th September till Sunday 27th September. Employees were welcomed to their office work both at Head Office, Data Centre & Gozo Office with a new look. This involved all building signage, new merchandise and stationery, new website and all new templates which are used for work purposes. A video message from our Executive Chairman official launched our new logo and brand message. This was followed by a logo reveal, video production. The production focused on movement to bring out a number of elements the logo represents, mostly the fluidity of technology while adding a human element of people supporting each other, breaking boundaries and moving forward which is the heart of MITA and its values. An informative video of how to use and adapt the new logo was also sent to all MITA employees. These were complemented by a number of online posts, including Minister video, new website post and photos of the launch day.

06.5 Campaign Following the launch of the new MITA rebranding, a number of advertising material were put in place. The branding team used the campaign allocated budget to hit all possible channels. When it comes to TV adverts the Agency placed 30seconds advert for a full 1 month before the main news of TVM, One & Net Tv. More advert on these stations were shown periodically throughout the day. Also, a 30 second advert was shown on the famous X-Factor TV show on TVM. We also had the opportunity to work hand in hand with Gadgets which we sponsor every year. A number of billboard (6 in total) around Malta and Gozo were done as well as a moving AD on one of the public buses. A number of articles were also published on local printed and online publications.

27

28

29

07. MITA Strategy

30

An Action Team was setup to define a new strategy for period 2021 - 2023. Therein, the Agency defined its vision and objectives, principles, high-level policies, and associated actions for the three years ahead. It provides direction so that the Agency can achieve its goals and guidance to stakeholders, both internal and those external, to better understand MITA’s areas of focus. Setting a strategic way forward is very important, especially in this dynamic industry. MITA has been supporting Government and the Public Administration for the past thirty years and has continuously evolved to be ready to provide the ICT infrastructure and services which are in line with the technological trends and social expectations. It is with a clear vision and well communicated direction that MITA remains relevant, and a crucial reference point to its clients. In developing the strategy, the Agency analysed the external environment, the current organisational situation and the achievements attained so far. It set its strategic position and established the vision, “a commitment to a digital future”, to serve as a key inspirational driver. The Agency is committed to further embrace digital innovation and future digital challenges to fulfil its mission to its best ability, that is, to “provide technology direction and implement digital solutions for Government”. The Agency’s Board and Executive Committee, together with the specifically assigned Action Team, worked to formulate Policy Statements and Actions. MITA will focus on seven main domains. It will provide digital architecture frameworks and will continue to assist Government in conceptualising digital policies and strategies. MITA remains committed to safeguard the Government’s digital assets while also contributing to cybersecurity at a national level. At the core, MITA remains focused to upkeep the Government’s digital infrastructure; the constant application of digital technologies and the better use of data; as well as the continuous modernisation and updating of shared platforms and vertical information systems. The objective for the next three years is to maintain these domains and bring about the required growth to keep them at par with the latest technologies and to meet clients’ needs. Through this Strategy, MITA will also work in two other key areas, client relations and internal improvements. Through the former, there is a continuous application of knowledge, expertise, and experience to promote ICT consultancies and to further assist clients in their digital agenda. The latter acknowledges the need for continuous improvement within, through improved processes and application of new tools. People Management is intentionally given special attention in the strategy. The Agency gives its human resources top importance as its main resource. The Agency will continue to further motivate and recognise the dedication and hard work of its employees, which will be critical for the Agency to successfully implement the strategy. 31

32

Use the QR code to access this document.

33

08. Highlights from 2020

34

08.1 Technical Direction and Enterprise Architecture The CTO Office, which is responsible for the Technical Direction and Enterprise Architecture for Government, together with other architects from across the Agency, provides technical consultancy on several government projects and EU-wide initiatives. It devices the technological direction through research and implementation of cutting-edge technologies, and performing numerous architecture assessments on critical IT systems. A subset of these architecture assessments are conducted for each system being on-boarded on the MITA Hybrid Cloud platform, where the architect assesses the solution design to determine the most appropriate hosting, ensuring architecture is in line with technology direction and provides direction to improve to the solution’s design in terms of performance, resiliency and cost optimisation. In 2020, the CTO Office directed efforts towards the participation in EU-funded projects as a means to obtain targeted funding and enabling MITA to become a leader in Research, Development, and Innovation (RDI). This will enable MITA to not only enhance collaboration between departments, but also to widen the Agency’s collaboration network internationally, with the end goal of further enabling Government in achieving its technology goals. Through the establishment of different international consortia, and in collaboration with PMD, the CTO Office submitted a number of proposals for funding targeting specific priority domains of interest to MITA. Two of these proposals made it through the highly competitive selection process and were accepted for funding. The inGOV (Inclusive Governance Models and ICT Tools for Integrated Public Service Co-Creation and Provision) project has the objective of developing and deploying a comprehensive Integrated Public Services (IPS) holistic framework and ICT mobile tools that will support IPS co-creation and governance. In this project with 12 different members from Luxembourg, Italy, Greece, Cyprus, Croatia, Belgium, and Austria, MITA has the role of a pilot partner, where it will be contributing to the modernisation and integration of the digital common household unit public service. In Malta, this service is envisaged to affect 200,000 households and involve many public administrations through the implementation of the once-only principle. This project is funded by the Horizon 2020 EU Research and Innovation Programme for three years, where MITA has been allocated over 150k Euro funding.

35

The NLTP (National Language Technology Platform) Project aims at combining the most advanced language technology tools and solutions in a new state-of-the-art, artificial intelligence driven, National Language Technology Platform. The developed solution will provide public administrations and the general public with a secure access to high quality tools for translation of texts, including sensitive information, as well as translations of confidential documents in an efficient and cost effective way. In collaboration with partners from Latvia, Estonia, Croatia, Iceland, as well as the University of Malta and the Office of the State Advocate from Malta, MITA has the goal of adapting and integrating eTranslation services to the local Maltese context. This includes integration of NLTP modules through APIs in other public services within the public administration as required. This project is funded by the CEF Telecom Programme (Automated Translation) for 2 years, where MITA has been allocated nearly 100k Euro funding.

08.2 The heart of MITA’s security operations excellence There was a time when protecting digital environments simply meant setting up a strong perimeter to keep threat actors out. However, with the significant growth of connected devices and services, including cloud adoption and cloud-based applications, that perimeter now extends across a much more diverse set of technologies. Every day, we see reports of threat actors targeting individuals, businesses, Governments, and organisations for financial gain or socially motivated, to disrupt operations, conduct espionage, or undermine trust. The myriad of threats from around the globe encountered these days are not new, but the level of sophistication cybercrime syndicates employ in these threats continues to reach new heights. In response to the ever-evolving threats, the Agency embarked on an investment for the design and establishment of state-of-the-art facilities to further support its comprehensive cybersecurity programme, which is built on the fundamental principles of confidentiality, integrity, and availability to protect Government’s ICT Infrastructure and Digital Assets. MITA’s brand-new Security Operations Centre aims to unite all the Agency’s security teams and personnel under one roof. MITA’s Cybersecurity programme is supported by its Head of Security, the Cyber Defense & Advanced Operations Team, the Cyber Threat Intelligence Unit, the National Cyber Security Coordination Centre, the Security Governance Team and the Security Operations Team. Inaugurated in October 2020 by the Hon Prime Minister of Malta, Dr. Robert Abela, MITA’s Security Operations Centre brings together its security experts to help identify, protect, detect, respond and recover to and from security threats against Government’s ICT infrastructure and services in real-time. Informed by millions of data points across its extensive network of sensors, devices, authentication events and communications, MITA’s Security Operations Centre teams employ automated software, machine learning, behavioural analysis and forensic techniques to create an intelligent security graph of the environment and its threat landscape.

36

The intelligent security graph helps MITA’s security teams protect all endpoints, networks and applications, better identify and detect attacks and accelerate response and recovery activities. The intelligent security graph is visualised on a dedicated 12K resolution videowall, devised of 27 bezel-free design 55” LED panels forming up a seamless videowall. The Client Protection Framework was launched as part of the security department’s relocation to the new premises. This dashboard, developed by resources within the Security Governance team, is providing the Security Operations Centre with visibility on the security posture of environments across several domains, including workstations deployed across Government and environments hosted within the Segregated Hosted Environment. Through the eventual roll-out of this framework across Ministries, respective CIOs will be able to effectively mitigate identified vulnerabilities and security recommendations on environments falling within their responsibility to ensure that Government’s data continues to be safeguarded from the ever-increasing sophistication of the cyber-threat landscape. In today’s complex security environments, investigations more often require highly specialized and technical expertise. To better address these challenges, one of the policing capabilities that MITA focuses on is digital forensics, a rapidly changing discipline which requires robust policies, procedures and specialised hardware and software. To meet this growing challenge, the new state-of-the-art premises also accommodates for a dedicated Digital Forensics and Malware Analysis Laboratory, designed and built on global guidelines published by The International Criminal Police Organization (INTERPOL). This dedicated laboratory enables the capability of the analysis of infected artefacts in a controlled environment leading to the discovery of indicators of compromise, from which MITA can implement controls to augment and enhance the security of Government IT Infrastructure and its security posture.

37

38

Use the QR code to watch the video

39

New Security Operations Centre

08.3

Cyber Security Malta

The Cyber Security Malta campaign, led by MITA, has for the third consecutive year delivered National Cyber Security Awareness and Education activities targeting different groups. Holding on to the principles that cyber security is everyone’s responsibility and that awareness is required all year round, the Cyber Security Malta programme for 2020 was jam-packed with activities intended to instil amongst citizens a cyber hygiene culture together with a sense of responsibility whilst being digital. Secure by design is a principle aimed at ensuring security considerations at the architecture design stage of systems. This technical concept was presented on the Cyber Security Malta social media platforms by creating a comparison with the wrestling. This innovative and relevant comparison between a specialised technical subject and a sport discipline enabled people to understand the subject and relate with ease. The message was delivered through the production of eight social media clips which, via an element of hype, highlighted concepts, best practices, and similarities existing in these two disciplines. The Covid-19 pandemic brought about the need of being more online in 2020. To this effect, Cyber Security Malta embarked on a specific campaign in this respect. The campaign was characterised by three main elements including TV productions, an alliance with an international campaign and social media productions. The Virtwal-e campaign, aired on the national TV stations, treated various topics like two-factor authentication, ransomware, fake news, online shopping and teleworking. MITA specialists on Cyber Security, together with the Malta Police Force, explained the concept of the topics whilst delving deeper into why it is important to stay safe. Cyber Security Malta also combined efforts and created synergies with the #WashYourCyberHands campaign led by Interpol. Cyber Security Malta joined this alliance, formed by global law enforcement and cyber security communities, to deliver messages related to Covid-19 emerging cyber threats. Cyber Security Malta produced original material with a national context to ensure maximum reach-out to local communities, whilst sharing informative material produced by Interpol. 40

On the 28th of October, Cyber Security Malta organised the first national cyber security webinar with the title Emerging Threats . . . unplugged. During this four-hour webinar, executives had the opportunity to explore further the anticipated threats for 2021. During this webinar, there were two panels - one discussing the importance of thinking before acting when it comes to cyber protection and the other one focusing on the shifting sands of cyber security. There were more than 600 registrations, reaching a maximum of 330 concurrent participants at a point in time throughout the webinar. In year 2020 Cyber Security Malta was also busy with the implementation of the B Secure Scheme for the private sector, a scheme which was launched in 2020. The three main elements included: • generation of articles treating emerging cyber security topics, which eventually were shared on Cyber Security Malta website; • coordination of the delivery of 13 different specialised training courses attended by almost 150 executives and professionals; • coordination of the execution of risk assessments, including penetration testing and vulnerabilities assessments, for seven SMEs and three large entities. The beneficiaries had very positive comments. A common testimony was the power such an exercise gives in influencing senior management to invest in cyber security. The different schemes, awareness and educational campaigns that Cyber Security Malta embarks on are various, in line with the changing dynamics of the cyber domain, and ongoing. All activities are intended to ensure inclusiveness, using different platforms and formats in conveying the messages. Whilst 2020 has been rich in offering various deliverables, 2021 is none the less with several interesting initiatives in the pipeline.

08.4

An Automation Journey

In today’s digital world, Government organisations leverage IT to offer public services with increased efficiency and reduced queue time. Government IT systems and services need a secure, reliable, and flexible environment to cater to diverse needs. MITA, Infrastructure Services Department, has a team of professionals dedicated to creating and support a stable and secure hosting infrastructure – both cloud and on-premise – which Government organisations can use to build their applications. The support and continuous improvement of such an extensive infrastructure built with a plethora of diverse technologies can be quite arduous and time-consuming, especially if repeatable tasks are done manually. To keep abreast of the improvements, the team soon realised the need to transition from traditional system administrators that react to daily situations and are more accustomed to being task-driven, to a team that harnesses automation and proactive engineering. 41

One can compare our work with that of a chef who spends most of his time preparing food to achieve consistent food quality. The chef realised that he is dawdling too much time on cooking and would prefer to dedicate more time to creating new recipes, so he needed to find a solution that would speed up his cooking processes while maintaining high standards. He invests time in implementing an automated solution for his meals creation to have a standardised quality of food, speed up preparation time, cut down waiting time, be proactive, and provide self-service without requiring his input. Furthermore, the chef designed a process to manage his kitchen inventory whereby when meals are prepared automatically, the ingredients used are deducted from the stock. Once the inventory of those ingredients is low, an order is done automatically to the supplier. Our team started to automate several mundane tasks, some of which required days to be serviced manually as other teams’ input was needed by which are now being completed within five minutes. These initiatives provide a lot of advantages apart from considerable time saving, such as standardisation and efficiency. Having a standardised automated process would prevent human errors that would result in unplanned work, similarly when the chef would have to urgently re-prepare another meal because he added too much salt. In our case, a meal could be anything from a trivial shared folder to a critical and complex solution where a modest error could potentially result in service downtime or degradation, possibly causing hours (or days) of unplanned work. The time saved by virtue of these initiatives is utilised to further achieve greater automation goals, with the intent to increase efficiency that all stakeholders can benefit from. We aim to continue building on our achievements and evaluating solutions for providing self-service to our clients, while also identifying the best way to engineer and implement better self-healing processes. In such a dynamic industry where tasks and technologies are constantly shifting, these initiatives are not a destination, but an enthralling ongoing journey that empowers us to support the country’s digital future efficiently and effectively. 42

43

08.5 Transformation of the National Electronic Identity Solution In 2020, MITA completed the transformation of the national electronic identity (eID) mechanism we had been working on for the past few years, for the eID to become a key enabler for eGovernment services and a critical core service provided by MITA. The first important step of the transformation was a complete technology overhaul of the solution and the introduction of a Single Sign-on (SSO) screen for a newly harmonised user experience for the eID authentication mechanism. The SSO screen was newly designed using a simplified graphics user interface and re-engineered to streamline the key eID functions and operations. The screen met the requirements for accessibility and was designed to be responsive and usable from various devices. Changes were made in the operational procedures to simplify the acquisition of the eID. This meant not only that Maltese citizens and residents had easier access to the eID but also that the authentication experience was consistent for all service providers. The SSO Screen was also an important development for the security of the integration process. By using the SAML 2.0 protocol, it was possible to uniquely identify incoming requests from service providers and to encrypt responses containing the users’ data. The lighter OpenID Connect protocol was also supported for native app development. Most importantly, the service provider would no longer have access to the users’ credentials which are only handled by the Identity Provider. The subsequent step of the transformation in 2018 was the alignment of the Levels of Assurance to achieve a Basic Assurance level using the eID Account and password, and a High Assurance level using the ID Card and PIN, as shown below. This resulted in the provision of a better choice of usability and security for the subscribers and relying parties. The Basic Assurance level is based on a password with sufficient complexity and an optional time-based one-time password (TOTP). The High Assurance level may potentially involve some usability challenges in view of the initial set up of the electronic ID Card but provides for higher security when required. The latest step in the transformation in 2020 was the upgrade of the eID Account Management functionality to further align eID with the GDPR and to provide users with additional visibility and control over their eID account. The new Account Management screen includes an updated user profile with activity tracking and overhauled help facility. It allows for changes of password, email address and mobile number including corresponding verification. It also allows the user to switch on two-factor authentication using either email address, mobile or app for receiving the TOTP. The system now also allows users to preview and confirm the list of personal data fields which are sent to service providers during the authentication process, including the options to remember such access. 44

As a result of the improvements made to the eID, we have witnessed a significant increase in the number of active eID accounts which now exceed 200K and a similar increase in the amount of yearly transactions which now exceed 2M. The eID has become an essential tool in the daily lives of citizens and residents of Malta and has been of great help to the public during the pandemic to facilitate online access to Government services. The next steps in the transformation include additional technology upgrades to ensure the continued resilience of the platform and the commencement of planning the subsequent evolution of the electronic identity mechanism.

08.6 Data Quality and Record Linkage It is said that data is king. MITA as the data processor, and thus having to sit on a wealth of data, the latter statement, becomes significantly accurate. With many data entries done by different people, from different data sources happening simultaneously and at such high speed, the transformation of data to intelligence requires technology intervention. The quality of data plays a very important part in the processing of data for record linkages, particularly for data cleaning. Many key identifiers for the same entity can be presented quite differently between data sets, which can greatly complicate record linkage. Entity matching is a process for identifying records from different data sources that correspond to the same real-world entities. For example, a key identifier for a man named Joseph G. Borg might appear in three different data sets but entered using different formats e.g.: Joseph George Borg or J.G. Borg. Entity Matching is used to cater for similar and other several data matching challenges such as entries of initials instead of full name or misspellings, name order variations, missing information, acronyms and so on. Multiple domains, such as Taxation, Social Security, Health, and Public Registry, face the same issue of not being able to match instances referring to the same entities, such as Persons, Organisations and Addresses, resulting in double entries of entities, misplacement, or missing records of entities. This is a consequence of data being operated by different government bodies resulting in non-interoperable data silos due to diverging formats, data structures and levels of details. To facilitate this process and support the respective business owners, MITA developed an Entity Matching System (EMS). Advanced Analytics techniques, such as fuzzy matching, statistical learning, and machine learning, are used to carry out Entity Matching and thus fill in existing data holes. The EMS is hosted on the Government of Malta Hybrid Cloud and is composed of four different components:

45

1. EMS APIs: a. Cleaning API: used to clean and normalize files, such as removal of special characters and/or extra white spaces, encoding to UTF-8, and letter casing conversion. B. Matching API: Offers several Entity Matching techniques, such as exact matching, conditional matching, and fuzzy matching. These techniques can be applied to find matching entities (e.g. duplicate records) either within a single dataset and/ or between two datasets. 2. EMS Question and Answer Bot: A conversational question and answer bot that provides information about Entity Matching and the EMS in terms of functionality. One area where this Entity matching system was used was to help government entities identify possible cases of persons or organisations existing in a sanctions list which obliges government to act under international regulations (e.g., United States Specially Designated Nationals List) Clean and accurate data means quicker application of business intelligence to the resolved identities and their relationships. The deployment of such technologies allows for automated and effective business decisions to be made, whilst impacting business and administrative processes in real time, limiting the need for human intervention, and reducing the risk of errors that can be a discomfort for citizens.

08.7 Workstation Management The MITA Workstation Management function is vested with the responsibility to centrally manage and operate more than 18,000 workstations across all Government ministries and departments. The management and operations include incident management, service level management, deployment management, supplier management, continual service improvement and more. During 2020, the Workstation Management function continued to improve the services being provided and implemented several new modern technologies related to workstation and mobile device management. These technologies resulted in the co-creation of value for MITA and its customers and in being more efficient and effective in the day-to-day operations. For years, the commissioning of new workstations and the re-installation of workstations already in use had always been carried out by using pen drives directly attached to the workstations. The pen drives contained the latest Windows Operating System and the standard MITA software and configuration. This method of installing (re-installing) workstations always required physical access to the workstation resulting in delays and even loss of productivity to have the workstation re-installed.

46

The effort to co-ordinate the appointment with the end user is also not to be underestimated. Moreover, there is ongoing overhead to ensure that all the pen drives being used contain the latest software and configuration. To achieve a faster, more reliable way to deploy windows and applications to devices, MITA implemented Microsoft Autopilot. This completely changed the way workstations are managed as it permits the client services personnel, and even end users via a self-service mechanism, to install and re-install the workstation remotely. Using this technology, workstations that are not connected to the Government network can also be installed or re-installed remotely without the need of doing an onsite visit. This has been well received by MITA main customers (CIOs / IMU Office) and has drastically reduced the time spent to install and re-install workstations across the Government Ministries and departments. A number of workstations overseas in the Maltese embassies have already been successfully imaged using this new technology. Also, with the recent developments of the pandemic where substantial number of Government employees are working remotely from home, this technology has added even more value to MITA and its customers since workstations can be re-imaged with the standard MITA image software whilst connected to the internet from home. Another technology designed to facilitate the management of Government owned mobile devices such as tablets, was also implemented by the MITA Workstation Management Team in Year 2020. This technology, the Microsoft Endpoint Manager Configuration Manager, mobile devices can be managed as long as they have an internet connection. With such a technology the management of mobile devices owned by the Government is more efficient, secure, and effective. Software, security policies, updates, patches, and apps can be easily centrally deployed and monitored. This will drastically reduce the time spent to deploy new software and keep the mobile devices updated with the latest patches and updates. Through this tool the mobile devices can be easily encrypted to further safeguard the Government data.

47

09. Support during COVID-19

48

09.1 Managing IT Service Desk Transferring the Service Management Department (SMD) workforce to start working from home at short notice might sound daunting, but in fact was achieved quickly and with little or no disruption. The most challenging aspect was for the MITA Service Call Centre agents to start receiving and processing phone calls from their respective homes. However, the SMD was prepared for this. As part of a number of business continuity exercises carried out during the previous years, the MITA Service Call Centre was already set to be able to take phone calls from different premises. Once the lock-down started, MITA’s Call Centre services continued to operate seamlessly and in fact during the following few weeks the number of incoming phone calls almost doubled. To cater for this increase in load, some personnel from other MITA departments were temporarily assigned to perform Service Call Centre work. One factor that helped to ease the load on SMD staff was the RFS system, that provided MITA clients with self-service support for requests such as granting VPN access to users. In fact, the number of automated requests processed via RFS doubled during mid-March. One logistical aspect that had to be tackled was that of workstation support since face-to-face support was being discouraged or prohibited. MITA uses a Microsoft tool, the System Center Configuration Manager (SCCM), to connect remotely to workstations. MITA’s suppliers were provided with this tool to be able to reduce the contact with the clients as much as possible. However, the government’s Information Management Units (IMUs) also required to be able to assist users while working from home on their personal workstations. SCCM was not an option since this tool is only installed by default on government workstations managed by MITA. For this reason, another product, Bomgar, was made available as a service to IMUs to be able to connect to their clients’ personal workstations remotely. As the lock-down began, MITA’s Network Operations Centre immediately aligned its processes to have half of its compliment working remotely with a maximum of 2 resources per shift having onsite 24/7. presence at MITA DC in St Venera, prioritizing the health and safety of its employees while minimizing the impact of the pandemic on its operations. NOC continued to carry out its day-to-day operations smoothly, monitoring the availability of the Government IT services and most importantly those related to Health, whilst adding focus on having more visibility of the underlying network infrastructure which was vital to cater for the unprecedented levels of government users working from home at one go. On site presence enabled NOC to continue operating MITA’s Corporate Data Centres adhering to the required service levels. During such time, NOC also supported the Service Call Centre function during out of office hours handling circa 3,000 telephone calls during the first 3 months of the pandemic. These were mostly related to assisting users to set up their home working environments and attending to urgent Primary Health Care requests channeled through a specifically set up emergency line. 49

09.2 Business Continuity and Support for COVID-19 initiatives Stakeholder management, building and maintaining effective relationships with an extensive array of stakeholders is the bedrock upon which MITA successfully implements services across Government. Equally important is mutual trust - in our people and them in the Agency, trust in our products and services, trust given to us by our clients by the general public. These two pillars were core for successful endeavors in 2020, the de facto year of uncertainty and change. As much as we dislike uncertainty, recognition of the benefits that it brings, such as creativity, hard work and problem solving, must be acknowledged. Many teams within MITA promptly steered their efforts towards supporting our country in the battle against COVID-19. To mention a few, the Health Team, required all hands-on deck to ascertain timely delivery of IT systems; the Social Security team provided continuous support to the MSFC in the issuance of additional benefits for the unemployed, medical-related, disability or Parent related payments. The Tax Team had their hands full with the Government’s financial support schemes to countermeasure the temporary closure of businesses during the onslaught brought by the pandemic. For example, various enhancements were implemented to support the Government in the implementation of fiscal measures due to the COVID situation including the tax deferral process, wage supplement and a new VAT grant e-form to refund the deposit paid for postponement of Weddings/Civil Union ceremonies. These teams understood the need to step up their efforts beyond their usual 100%, and as a result, never failed to meet a request set by the client. Flexibility took another meaning in 2020. MITA leveraged the benefits of major investments made as people were asked to work from home. The flexibility and resilience of project teams was put to test and team spirit, collaboration and hard work triumphed to ensure timely delivery of critical services to Government, businesses, and citizens. Given the circumstances the world was in, regardless of the pandemic, work of a cyclical nature, was still delivered on time. For example, the yearly financial Budget and associated simplification measures which greatly impact Social Security and Taxation, could not be placed on the backburner. Teams optimised time management, persevered and improved resource allocation, to reach these goals. Technology is by no means static. Moving forward means that keeping technology up to standard is vital. MITA progress on an ambitious project to modernise all Government IT Systems. During the year, Phase 1 of the Taxation and Social Security modernisation project was concluded and marked the delivery of a modern designs for several business modules.

50

For MITA, the vision to put the citizens first was never derailed despite the heavy lifting that everyone was doing to maintain a layer of normalcy. An example of this was the rebranding of the Social Security Online Service portal to MySocialSecurity (https://mysocialsecurity.gov.mt/) and the launch of new mServices. Another example of servicing the citizen was the implementation of two online services related to the notification of a Birth or Death of a person. To avoid queuing in person; especially during a pandemic, these eServices enabled citizens to submit the required documentation and pay online. These processes are now entirely digitised, from notification phase to Act registration and certificate printing. Citizens are electronically notified at different intervals through a well-organised workflow solution. Maintaining high spirits and motivation were always a priority to MITA and its leaders. Our way of thinking was to remain visionary, expecting great things from our people, despite the challenges; whilst taking care of ourselves. The year 2020 made us rethink on how to lead in hard times and how to find new ways to succeed.

51

09.3 COVID19 Test Tracking The COVID19 Test Tracking system was a joint project between the Ministry of Health, MITA and Microsoft, to manage the full lifecycle of COVID19 swabbing tests. The solution, provided by Microsoft under the MSDR (Microsoft Service Disaster Response) programme, provides functionality to register for swabbing test through a citizen facing portal, where citizens are to fill-in a brief questionnaire and provided with an appointment at one of the swabbing centres. Citizens receive an appointment by email, containing a QR code which is scanned at swabbing centres, to link test vial to the citizen. The backend solution is used by the Health Public Response Team, the different swabbing centres, and call centre to register and trace the swabbing tests across the country. The project was implemented in very tight deadlines and has proved an important asset for the Health Public Response Team in their testing strategy, handling more than 330,000 swabbing appointments in the first 6 months in operation.

09.4 Telemedicine During the first months of the pandemic MITA assisted health authorities with the implementation of new practice of Telemedicine in our country. Medical consultations were being carried out through communication via Microsoft Teams. The patients were able to contact health professionals without physical contact. In a few months, this service was a success and is still in operation throughout Malta and Gozo.

09.5 COVID Alert Malta During the early months of the Covid-19 pandemic, the CTO office stepped up its technical consultancy to the Ministry of Health, to assist in the deployment of critical systems to manage the Covid-19 testing hubs and Covid-19 exposure notification mobile application.

52

COVID Alert Malta, the Exposure Notification app, was a joint project between MITA and the Ministry of Health. This CTO managed project, in collaboration with Programme Management Department and the eGovernment and Corporate Solutions Department, had the aim of developing an app is to complement the manual contact tracing process being carried out at the time by the Health authorities. The latter involved volunteers phoning people to let them know they have been in contact with a positive patient. This manual process, apart from being very time consuming, is also prone to mistakes. For example, if the positive patient forgets to mention an encounter with another person, the contact tracing team will not be able to inform him or her that they are at risk of having been infected. Of course, such a manual process is very labour intensive, and can cause major delays in identifying and notifying at-risk individuals, therefore making it harder to stop the infection chains. The app, available for both Android and iOS devices, uses Apple and Google’s Bluetooth contact tracing system, which does not collect user information and strikes a balance between enabling contact tracing functionality, and respecting users’ privacy in line with the GDPR. The app keeps track of proximity events between users through a log of pseudonymised information. If an individual tests positive for the virus, he or she is given a covid-code to confirm their infection on the app. The app then alerts individuals who were in close proximity to the infected person and are therefore at risk of having contracted the virus, as defined by the health authorities. These individuals are then encouraged to contact the health authorities. The quick self-isolation of individuals who were exposed to a COVID-19 positive individual facilitates the stopping of COVID-19 infection chains.

Hon. Chris Fearne & Hon. Clayton Bartolo Presenting the COVID app.

53

10.

Environmental Commitment

54

10.1 Mita’s Tangible Commitment Towards The Environment Over the past years, MITA has continued to consolidate its effort of attaining tangible results in sustainable environment. The positive results accomplished over the past years clearly demonstrate the corporate-wide support both from the management and its employees. Through these years, MITA has invested heavily in several environmental friendly initiatives both in terms of capital projects and other initiatives aimed directly at reducing our environmental impact. Consolidated Effort to maximise better use of resources Apart from its commitment to reduce its carbon footprint, MITA continued on its waste separation and the associated recycling process across its offices. During 2019-2021, the percentage of recycling waste has reached 40% of the total waste disposed. Electric Vehicles MITA has replaced two of its corporate fleet cars by two electric vehicle as part of its pilot initiative. ISO14001:2015 Certification Following the systematic implementation of the Environmental Management System, MITA is committed to maintain and assess its overall processes related to the environmental impacts and aspects of its business operations. MITA is certified to ISO14001:2015 for its Environmental Management System which is another flag bearer of MITA’s commitment and positive contribution towards a greener environment for the benefit of our society. MITA Data Centre Services The reporting mechanism adopted by MITA for monitoring power consumption within its MITA Data Centre is based on Green Grid international standards, and is in line with the EU Code of Conduct for Data Centre Energy Efficiency. MITA is an official supporter of the EU Code, which was created in response to increasing energy consumption in data centres and the need to reduce the related environmental, economic and energy supply security impacts. It encourages a reduction in energy consumption, in a cost-effective manner, without hampering the mission critical function of data centres. This is achieved by improving understanding of energy demand, raising awareness, and recommending energy efficient best practice and targets.

55

11. MITA Cares

56

11.1

MITA shares its Digital Heart with Dar tal-Providenza

Everyone is aware of the invaluable contribution that Dar tal-Providenza gives to the Maltese society in general, particularly to persons with disabilities residing at Siggiewi home and within other homes that are spread across the Maltese islands. MITA Cares embarked on discussions with Dar tal-Providenza administration to assist on a well-needed project to upgrade its ICT networking infrastructure with its campus. Following preliminary site-visits, it was clearly established that the previous ICT setup mandated a complete overhaul to address today’s and future operational needs within the campus. In addressing these needs, MITA Cares undertook this assignment as a Corporate Social Responsibility project – Total ICT networking infrastructure upgrade at Dar tal-Providenza encompassing all aspects of the project lifecycle including design, costing, funding, implementation and training. The project aimed to specifically address the following requirements: • Upgrade of the network performance both in terms of bandwidth and reliability; • WIFI deployment across all campus to cater for administration purposes; • Free public Internet use to residents, staff, volunteers and more equally visitors. Following a 12-month implementation programme, the newly deployed ICT networking infrastructure at Dar tal-Providenza includes over 10 km of data cable, over 400 data points, state of the art networking backend infrastructure and over 60 WIFI access points to cover all areas within the campus. This is the largest CSR investment of MITA Cares over the past years. This substantial investment was a strong commitment both financially and direct contribution from MITA employees who were directly involved in the installation process. Over 2,000 voluntary hours of effort were provided by MITA employees together with other monetary donations and fundraising held during various team building events. MITA Cares has invested in the Dar tal-Providenza because of two key reasons: • The invaluable contribution the Dar tal-Providenza provides towards the Maltese society; • In strong recognition to the support provided to an ex-MITA employee, Debbie Schembri who was one of the first residents at this home and lived in for over 40 years. Throughout this project journey, MITA Cares was strongly supported by its Board of Directors, Senior Management and MITA employees. MITA is honored to have partnered with Dar tal-Providenza for this tangible CSR assignment. Thanks to this support, MITA has once again demonstrated its Digital Heart commitment to the Maltese society in general. 57

58

Use the QR code to watch the video

59

12. Financial Statements

60

12.1 Board Of Members’ Report

for the year ended 31 December 2020

Board Members Mr Tony Sultana - Chairman Mr Anthony Borg Ing. Saviour Baldacchino Mr Joseph Noel Agius Dr Helen Borg Muscat Board Secretary

Dr Aaron Mifsud Bonnici

Registered Address Gattard House National Road Blata l-Bajda HMR 9010 Malta The board members of the Agency present their annual report and the audited financial statements for the year ended 31 December 2020. Overview Malta Information Technology Agency (MITA) is the central driver of the Government’s information and communications technology policy, programmes and initiatives. The Agency is responsible for the delivery and management of all programmes related to the implementation of information technology and related systems in Government with the aim of enhancing public service delivery. MITA also provides information and communications technology infrastructure services to Government. Additionally, the Agency promotes and delivers programmes aimed at enhancing ICT education and the use of ICT as a learning tool. MITA is also involved in initiatives aimed at proliferating the further application and take- up of information and communications technologies in society and economy. Core ICT Services to Government Throughout 2020, the provision of Core ICT Services to Government detailed by means of a contractual agreement between MITA and the Office of the Prime Minister, continued to provide the basis for the provision of the core ICT infrastructure to Government.

61

12.2 Projects & Programmes

Information System.

Justice Domain

INSPIRE

The modernisation process of the Justice Solutions took a major step forward in 2020 where the functionality of several Courts’ Legal Case Management (LECAM) modules was remodelled using latest technology platforms. These included the Case Management module specific for the Criminal Courts and Attorney General, the Administration a nd Acts module servicing all Courts, and the Fines and Warrants modules for the Courts’ Civil Registries. Various other additional features were incorporated in the eCourts website, such as the replacement of old eForms, simplification measures and migration of backend processes to the cloud.

Key implementation activities related to the INSPIRE directive were concluded during 2020, including the upgrade of the Malta geospatial portal, migration to the new e-Forms platform, provision of geospatial datasets, compliance of spatial datasets, and the launch of a data sharing policy. Preparatory activities were performed to divest this initiative to Planning Authority.

VISA During 2020, an initiative was undertaken by the Ministry for Foreign and European Affairs and MITA to refresh the existing National Visa System with new business processes and upgrade the technology behind the application system to make it more current and compatible with today’s client tools. Police A Domestic Violence and Protection Order System was developed to allow Police Officers to be alerted about victims under a protection order issued through a Court Decree and additionally provides alerts on the perpetrators involved. Systems were enhanced to allow Police Officers to receive real-time alerts on stolen vehicles and wanted persons, both National and European, whilst issuing traffic offence tickets. MITA provided consultancy to the Malta Police Force on the development and maintenance of the next generation enhancements of the Schengen 62

CdB The Common Database (CdB) was upgraded to accept and process data containing Maltese characters, shifting from using the Latin 8-character dataset to using the UTF-8-character dataset. CdB is the platform for sharing person data across government. Since not all IT systems are UTF-8 ready, CdB incorporates processes to share information to other systems either in the LATIN 8 or UTF-8 format – according to the need or requirement of the specific IT System. Funding Programme A new web responsive businessenhance. gov.mt portal was implemented to promote EU Funds and improve communication and interaction with SMEs and other beneficiaries. Another initiative, the Single Digital Gateway was implemented to collate google analytical data from businessenhance.gov.mt and other gov.mt websites and transmits to a single European Portal for analysis. Moreover, as part of the modernisation initiative, migration of around 40 databases to the cloud service SQL PaaS, together with other technologies and infrastructural upgrades were carried out.

Social Security Consultancy services were provided to Ministry for Social Justice and Solidarity, The Family and Children’s Rights (MSFC) and Housing Authority to procure solutions that holistically consider both their business and technical requirements. These services enabled procurement requirements for a Business Intelligence Platform for MSFC, the Digitisation of the Appeal Services within the Office of the Umpire and the Licensing Unit within the Social Care Standards Authority (SCSA) and a Housing Management Solution for the Housing Authority. Taxation During 2020, various improvements within the CfR non-filers’ system were implemented to enhance use of information reported by various entities to work out the tax due and tax credits automatically, increasing to 80% the share of citizens not required to file an Income Tax Return. The myTax personal portal was launched with phase one implementing a revamped online individual tax return. The new electronic return exploits the benefits of the Hybrid-cloud infrastructure and improves the experience for the user. It simplifies the filing process by using data already known by the CfR office and automates the calculation of tax and tax credits. Improvements within the notaries’ portal were also implemented, including the submission of properties’ contracts. This service includes various in-built controls including an AI vision model to support the notary in filing the correct information. During 2020, 168 notaries used this service submitting over 3K property contracts.

Monitoring and Evaluation of Implementation Solution (MEIS) MITA delivered Phase 1 of the Monitoring and Evaluation of Implementation Solution to the Office of the Prime Minister. Using the latest cloud technology, the solution is used by the Public Administration who are coordinated by the OPM Implementation Division. Using a workflow approach, the system allows for the creation of measures to the assignment of a project leader, followed by regular monthly reporting which are in turn evaluated and presented to Cabinet by the Implementation Division. A traffic light system depicts the status of implementation of a particular measure. It also promotes the once only principle through the linking of measures function. PoSeID-on platform Participation in a Horizon 2020 project ‘Protection and Control of Secured Information by Means of a Privacy Enhanced Dashboard’ is a solution aimed to safeguard the rights of data subjects while ensuring GDPR compliance. The main novelty of the tools that have been developed and delivered is the securitisation of their open architecture through Permissioned Blockchain and Smart Contracts, cloud, access management according to eIDAS and privacy management. The team successfully integrated the starting of a Business eService (operated by Business First) with the PoSeID-on pla tform achieving an open-source proof of concept. This concept has the potential to enable Maltese Citizens using eGovernment services to manage the sharing of their personal information provided to Government entities in line with GDPR.

63

Public Registry MITA enabled the use of Maltese diacritic letters when registering a new-born’s name and the implementation of legislation changes in Deaths and Marriages that promote equality between Genders. The modernisation of the Certifikati website was also a significant deliverable. Designed as mobile first, it integrates seamlessly with the New Public Registry System, enabling process efficiency and improving business operations. Furthermore, during 2020, MITA implemented a new register pertaining to child Foundlings, automating the process using the same principles and concepts of other Public registry modules. Transport Malta MITA provided consultancy services for the modernisation of the Vehicle Online Registration eService to integrate seamlessly with the VERA (Vehicle Registration and Administration) system, thus, enabling data sharing between solutions. In addition, key eServices pertaining to the Learner Permit application and Test booking/ scheduling were implemented as part of the modernisation initiative within the Driving Licence domain. This upgrade facilitates the interaction between authorised eAgents and this portal, whilst also serving as a hub to integrate other eServices such as the renewal of driving licences. Health The myHealth online services were enhanced to include facilities for citizens and doctors to view historical episodes of care. One service was also designed to send COVID-19 swab test results via email and SMS the moment the result is made available in the Laboratory 64

Information System. The setting up of the necessary infrastructure for health workers, such as the Radiology Department, was done to allow them to work from home during the pandemic. Customs MITA collaborated with the Malta Customs and a major leading bank to deliver a High Value Online Payments’ Gateway providing the Operators with an easy and safe mechanism to transfer high value online payments to Government. This service was designed to enable other Government entities to facilitate high value payments. 2020 marked BREXIT and the work required to align the National Import and Export System (NIES) to handle declarations of goods imported and exported from and to the UK. Furthermore, the NIES was enhanced to provide an electronic gate pass on mobile devices to enable customs officers at the gate to release containers without the use of paper documents. MITA also worked on a system that will collect, declare, and directly pay the VAT to the tax authorities, rather than having the customer pay the import VAT at the time the goods are delivered to them. Business First The Sole Trader eForm was migrated to the Hybrid Cloud. A new service was implemented to cater for VAT re- activations, thus giving Economic operators the facility to register for VAT obligations from a single platform. National Electronic Identity In 2020, we completed the transformation of the (eID) mechanism we had been working on for the past few years, for the eID to become a key enabler for eGovernment services and a critical core service provided by MITA.

Corporate Financial Management Solution

Implementation of Multi Factor Authentication

MITA provides consultancy services to the Treasury Department on the implementation of the Corporate Financial Management Solution (CFMS) across Government. In January 2020, CFMS went into live operations in 15 pilot sites across various Ministries – Finance, Gozo, Infrastructure, Foreign Affairs, Economy, Health, Tourism and Home Affairs.

During Year 2020, the MITA Email Team coordinated the implementation of two-factor authentication on the Government Email Service. With this implementation the thousands of Government Email accounts are more secured and protected from cyberattacks. This was indeed a milestone successfully achieved and a major change which positively affected all Government users, entities, and ministries.

Workflow Automation Platform

Embracing Cloud Technology

MITA carried out hand-holding sessions with several public offices to support them during the building of eServices on the Workflow Automation Platform. Training at intermediate and advanced levels was also organised and attended by 40 Information Management Unit officers.

In order to embrace the modern cloud technology landscape, it was pivotal for MITA’s Network Operations Centre to be able to not only speak a common language with stakeholders but also to fully contribute and provide direction where and necessary. To this effect, in 2020, NOC embarked on an upskilling initiative to get all its resources not only certified at a Cloud Fundamental level, but a number of resources were certified at an Azure Administrator level.

Document Registry System The Document Registry System (DocReg) web application and databases were successfully migrated onto MITA Azure Stack. A phased approach was adopted to minimise disruption to Government day to day operations, with the databases migration happening seamlessly over a weekend. Request For Service A new self-service Request For Service (RFS) system was launched during 2020. Through this system clients can carry out automated account management, request or cancel services including email accounts, file-shares, office licences and others. The system is based on a workflow whereby services are automatically granted following the appropriate approvals.

Outsourcing First Line Support During 2020 the MITA Call Centre outsourced the first line of support, a role which mainly deals with answering customer queries. This enabled some MITA personnel to be redeployed to other sections. Moreover, current MITA agents are now able to focus more on technical work and process additional requests that provide more value. Transfer of Customer Care Function In the second quarter of 2020 the MITA Customer Care function was transferred to the Service Management Department. The operating procedures were updated to give more immediate attention to client pain points and rectify pending issues as soon as possible. There is also focus on 65

recording and implementing improvements to minimise recurring complaints.

3D-Printing, Artificial Intelligence, Augmented Reality and Internet of Things.

GMICT Policies

Telemedicine

During 2020, GMICT Policies content was rationalised and consolidated into a core set of policy documents to ensure that Government ICT policies remain current and relevant. An awareness exercise was also carried out to bring GMICT Policies to the attention of all MITA employees, Ministry Office of CIOs and Public employees in general.

During the first months of the pandemic MITA assisted health authorities with the implementation of new practice of Telemedicine in our country. Medical consultations were being carried out through communication via Microsoft Teams. The patients were able to contact health professionals without physical contact. In a few months, this service was a success and is still in operation throughout Malta and Gozo.

Student Placement Programme The Student Placement Programme provides students studying ICT with temporary jobs during the three months of summer. In 2020, the initiative placed 300 students across more than 77 organisations from the private sector, public sector and Non-Government Organisations. This involved an investment of €535K to reimburse students’ salaries paid by participating organisations. Emerging Technologies Lab In 2020, the Emerging Technologies Lab went into its second year of operations and in view of physical limitations imposed by COVID-19, several changes had to be done to permit the continued promotion and take- up of technology. Delivery of sessions was mainly shifted to online with the introduction of new formats such as online panels and online seminars. The advent of online delivery also saw various public officers attending such sessions and increased interest in different technologies. In total 33 sessions were organised throughout the year for which 510 participants attended. Various students engaged with the Lab for assistance as part of the My Lab Idea initiative. Such projects involved the use of technologies such as 66

Berlin Declaration On 8th December 2020, the Berlin Declaration on Digital Society and Value-based Digital Government was signed by the responsible ministers of all EU Member States including Malta. The draft Declaration prepared by the German Presidency of the Council of the EU in July 2020 was discussed and updated with feedback provided by Member States and the European Commission, during a series of online meetings held. MITA, through its Strategy and Business Department, was commissioned to follow up on this initiative on behalf of Malta and to coordinate its feedback. The Berlin Declaration aims to contribute to a value-based digital transformation of public administration by addressing and ultimately strengthening digital participation and digital inclusion within European societies. Thus, it aims to set a strategic direction in digital transition, that is aligned to the EU’s fundamental rights and values and that is shaped by participatory processes.

EU Funding Over the past year, the EU and International Relations Unit has helped the Agency and its Clients in submitting for more than €2 million in EU grants/support. From these more than €800,000 EU funds have been secured for projects that will be either implemented by MITA or its Clients. MITA Innovation Hub Another edition of the tech startup programme YouStartIT was organised during 2020, which for the second-year running was split into two phases: validation of the business concept idea, and later acceleration to market validation through prototyping. The first phase took in nine startup teams, out of which five were selected for acceleration to receive a total pre-seed ticket of €30,000, comprising a €20,000 cash grant. Since inception of the programme in 2016, over 600 startup projects were assessed with 32 of them accelerated, one-third of which collectively raising €5.5M in further seed and government funding for further growth of their project. Legal Basis for Base Registers During 2020 the Enterprise Data Management function collaborated with various entities and departments or agencies and mainly with the Data Governance Council to establish the legal basis for the Person Register and the Address Register, with these legal instruments now at varying stages of completion. National Data Portal The work for the updating and finalisation of the Register of Registers and other administrative registers as

visible from the data.gov.mt portal continued with more improvements needed as such details are now being passed to the line-of-business owners of each register as these are currently being identified. The Internal Audit Office The Internal Audit Office (IAO) primary mandate is to ensure an independent disciplined approach in evaluating and improving the Agency’s controls and in adding value to the operations of MITA. Risk based Audits and reviews are conducted as commissioned by the Board Audit Committee (BAC) and as illustrated in the IAO Strategic audit plan. IAO ensures the uphold of four main principles as part of its code of ethics, being, Integrity, Objectivity, Confidentiality and Competency in adhering to the Institute of Internal Auditors (IIA) International Standards. IAO focuses on verifying selected MITA processes to address identified key risks at both strategic and operational level in collaboration with the Enterprise Risk Management function. IAO also recommends improvement in reviewed business functions and audit follow-ups. The Internal Audit plan of 2020 was realised in line with scheduled audits and as approved by the Board Audit Committee (BAC). The BAC plays a key role in assisting the MITA board to fulfil its oversight responsibilities in internal control systems, risk management systems and the internal and external audit functions whilst ensuring the objective assessment of the Agency’s performance and its management. The MITA Internal Audit Office reports to the BAC, enabling independence and the structural separation from management to enhance objectivity. 67

68

Enterprise Risk Management

Achieving Corporate Governance

During 2020 MITA continued in its endeavours towards ensuring that Enterprise Risk Management (ERM) is integrated within the Agency’s processes and that risks are being identified and effectively managed in a timely manner in line with the ERM policy and procedure, whilst taking into consideration the Agency’s risk appetite. Through regular ERM Committee meetings, it is ensured that material risks which may impact the Agency are routinely discussed, reviewed, and monitored by the ERM Committee members. The MITA Risk Register System (RRS) in use by the Agency is also regularly updated in terms of functionality to ensure that it continues to provide a solid base where MITA risks are recorded and maintained.

The Internal Audit Office and ERM continued to work jointly to carry out risk-based checks on multiple risk areas within the Agency, which has contributed to the identification of risks that MITA may be exposed to, and the recommendation of effective controls to mitigate the risks. Follow-ups of previous activities have ensured the effectiveness of the verified governing controls. Financial review The overall financial performance of the Agency for 2020 shows a net surplus before tax of €828,672 (2019: €775,491). Revenue from the provision of projects and ICT services to Goverment reached €32,031,072 (2019: €32,016,955), up by 0.04% from 2019 results.

12.3 STATEMENT OF BOARD MEMBERS’ RESPONSIBILITIES The Agency’s statute requires the board members to prepare financial statements for each financial year which give a true and fair view of the state of the affairs and profit or loss of the Agency for that year, in accordance with the requirements of International Financial Reporting Standards as adopted by the European Union. In preparing these the board members are required to: • adopt the going concern basis unless it is inappropriate to presume that the Agency will continue in business; • select suitable accounting policies and apply them consistently; • make judgements and estimates that are reasonable and prudent; • account for income and charges relating to the accounting period on the accruals basis; • value separately the components of asset and liability items; and • report comparative figures corresponding to those of the preceding accounting period. The board members are responsible for keeping proper accounting records which disclose with reasonable accuracy, at any time, the financial position of the Agency. They are also responsible for safeguarding the assets of the Agency and hence for taking reasonable steps for the prevention and detection of fraud and other irregularities. The financial statements of MITA for the year ended 31 December 2020 may be made available on the Agency’s website. The Board Members are responsible for the maintenance and integrity of the financial statements on the website in view of their responsibility for the controls over, and the security and jurisdictions, where legislation governing the preparation and dissemination of financial statements may differ from requirements or practice in Malta. Auditors RSM Malta, Certified Public Accountants, have expressed their willingness to continue in office and a resolution for their reappointment will be proposed at the Annual General Meeting. This report was approved and authorised for issue by the Board Members on 17 March 2022, and signed on its behalf by:

Mr Tony Sultana Mr Anthony Borg Chairman Board Member 69

12.4 INDEPENDENT AUDITORS’ REPORT To the Members of Malta Information Technology Agency REPORT ON THE AUDIT OF THE FINANCIAL STATEMENTS Opinion We have audited the financial statements of Malta Information Technology Agency (“the Agency”), which comprise the statement of financial position as at 31 December 2020, the statement of profit or loss and other comprehensive income, statement of changes in accumulated fund and statement of cash flows for the year then ended, and notes to the financial statements, including a summary of significant accounting policies. In our opinion, the financial statements give a true and fair view of the financial position of the Agency as at 31 December 2020, and of its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards (IFRS) as adopted by the European Union (EU). Basis for Opinion We conducted our audit in accordance with International Standards on Auditing (ISAs). Our responsibilities under those standards are further described in the Auditors’ Responsibilities for the Audit of the Financial Statements section of our report. We are independent of the Agency in accordance with the ethical requirements of both the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants (including International Independence Standards) (IESBA Code) and the Accountancy Profession (Code of Ethics for Warrant Holders) Directive issued in terms of the Accountancy Profession Act (Cap. 281) in Malta that are relevant to our audit of the financial statements, and we have fulfilled our other ethical responsibilities in accordance with the IESBA Code and the Code of Ethics for Warrant Holders in Malta. We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Other Matters The financial statements of the Agency for the year ended 31 December 2019 were audited by Nexia BT who expressed an unqualified opinion on those financial statements on 4 September 2020. Other Information The board members are responsible for the other information. The other information comprises the board members’ report. Our opinion on the financial statements does not cover the other information, including the board members’ report. In connection with our audit of the financial statements, our responsibility is to read the other information identified above and, in doing so, consider whether the other information is materially inconsistent with the financial statements or our knowledge obtained in the audit, or otherwise appears to be materially 70

misstated. If, based on the work we have performed on the other information that we have obtained prior to the date of this auditors’ report, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard. Responsibilities of the Board Members for the Financial Statements The board members are responsible for the preparation of financial statements that give a true and fair view in accordance with IFRS as adopted by the EU, and for such internal control as the board members determine is necessary to enable the preparation of financial statements that are free from material misstatement, whether due to fraud or error. In preparing the financial statements, the board members are responsible for assessing the Agency’s ability to continue as a going concern, disclosing, as applicable, matters related to going concern and using the going concern basis of accounting unless the board members either intend to liquidate the Agency or to cease operations, or have no realistic alternative but to do so. The board members are responsible for overseeing the Agency’s financial reporting process. Auditors’ Responsibilities for the Audit of the Financial Statements Our objectives are to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to issue an auditors’ report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that an audit conducted in accordance with ISAs will always detect a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if, individually or in the aggregate, they could reasonably be expected to influence the economic decisions of users taken on the basis of these financial statements. As part of an audit in accordance with ISAs, we exercise professional judgement and maintain professional scepticism throughout the audit. We also: • Identify and assess the risks of material misstatement of the financial statements, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control. • Obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the Agency’s internal control. 71

• Evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the board members. • Conclude on the appropriateness of the board members’ use of the going concern basis of accounting and, based on the audit evidence obtained, whether a material uncertainty exists related to events or conditions that may cast significant doubt on the Agency’s ability to continue as a going concern. If we conclude that a material uncertainty exists, we are required to draw attention in our auditors’ report to the related disclosures in the financial statements or, if such disclosures are inadequate, to modify our opinion. Our conclusions are based on the audit evidence obtained up to the date of our auditors’ report. However, future events or conditions may cause the Agency to cease to continue as a going concern. • Evaluate the overall presentation, structure and content of the financial statements, including the disclosures, and whether the financial statements represent the underlying transactions and events in a manner that achieves fair presentation. We communicate with the board members regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. This copy of the audit report has been signed by

Mr Conrad Borg (Principal) for and on behalf of RSM Malta Registered Auditors Mdina Road Zebbug ZBG 9015 Malta 17 March 2022

72

12.5 STATEMENT OF PROFIT OR LOSS AND OTHER COMPREHENSIVE INCOME for the year ended 31 December 2020

2020 € Revenue 32,031,072 Cost of sales

2019 Restated € 32,016,955

(24,164,273)

(23,666,589)

Gross surplus 7,866,799

8,350,366

Pension benefits expense (287,095)

(134,005)

Administrative expenses

(6,658,304)

(7,291,181)

Operating surplus

921,400

925,180

Finance income

64,546

3,530

Finance costs

(157,274)

(153,219)

Surplus before tax

828,672

775,491

Income tax (325,892)

(134,643)

Surplus for the year

502,780

640,848

Total comprehensive income for the year

502,780

640,848

73

12.6 STATEMENT OF FINANCIAL POSITION as at 31 December 2020

2020 € ASSETS

2019 Restated €

Non-current assets Property, plant and equipment

2,993,200

2,725,091

Right-of-use assets 2,532,091

2,722,985

Other financial asset

20,000

20,000

Deferred tax 1,165,282

968,419

Total non-current assets

6,710,573

6,436,495

CURRENT ASSETS Inventories

23,885

Trade and other receivables

3,243,089

4,913,049

Contract assets

59,281

488,231

Current tax receivable Cash and cash equivalents

-

4,117

18,271,592

13,744,170

Total current assets 21,590,348

19,173,452

TOTAL ASSETS

74

16,386

28,300,921

25,609,947

2020 € EQUITY AND LIABILITIES

2019 Restated €

Capital and reserves Capital reserve 4,542,497

4,542,497

Accumulated fund 4,261,413

3,758,633

TOTAL EQUITY

8,301,130

8,803,910

Non-current liabilities Finance lease obligation 2,373,172 Provision for liabilities and charges

2,548,369

1,416,378

1,234,782

3,789,550

3,783,151

Current tax payable

211,650

-

Finance lease obligation 230,399

204,605

Total non-current liabilities Current liabilities

Provision for liabilities and charges

228,819

171,992

Trade and other payables

9,642,785

7,266,437

Contract liabilities 5,393,808

5,882,632

Total current liabilities

15,707,461

13,525,666

TOTAL LIABILITIES 19,497,011

17,308,817

TOTAL EQUITY AND LIABILITIES

28,300,921

25,609,947

The financial statements have been authorised for issue by the board members on 17 March 2022:

Mr Tony Sultana Chairman

Mr Anthony Borg Board Member

75

76