LCQ3: Ensuring the normal operation of government electronic systems
********************************************************************
Question:
In the evening of the polling day for the 2023 District Council Ordinary Election, voting at polling stations was once suspended due to a failure of the Electronic Poll Register system; and earlier on, the Government's sports and recreation services booking and information system, "SmartPLAY", also experienced "double bookings" and system failure. There are views that these incidents reflect the Government's failure to ensure the normal operation of its electronic systems. In this connection, will the Government inform this Council:
(1) of the inspection and testing procedures undertaken by the Government in respect of the Electronic Poll Register system; whether it will review and improve the relevant procedures to prevent the recurrence of similar incidents in the future; if so, of the details; if not, the reasons for that;
(2) of the Government's new plans to ensure the normal operation of its electronic systems, including the new measures to enhance cyber security and upgrade the technical standard of relevant personnel; and
(3) whether a mechanism is currently in place to penalize contractors providing electronic systems to the Government for incidents caused by their faults; if so, of the details; if not, the reasons for that, and how it ensures that contractors will improve the stability of the electronic systems?
Reply:
President,
The Government has been striving to drive the adoption of technologies by bureaux/departments (B/Ds) to enhance operational efficiency and improve public services, as e-government services and governmental operations are closely related to citizen's livelihood. We envisage challenges as the Government presses ahead with the digitalisation process and rolls out more digital services. Recent cases of malfunction of individual systems at the time of launch serve as a reminder of our commitment to digitalisation of public services and the need to constantly improve our work.
In response to the Hon Yung Hoi-yan's three questions, in consultation with the Constitutional and Mainland Affairs Bureau and other relevant B/Ds, my reply is as follows:
(1) The Registration and Electoral Office (REO) has conducted three levels of monitoring and testing for the Electronic Poll Register (EPR) system, including: internal testing conducted by REO's Information Technology Management Division; independent testings conducted by third parties entrusted by the REO; and final review by the Electoral Affairs Commission’s (EAC) Technical Advisory Committee.
Regarding the malfunction of EPR system occurred on the polling day of the District Councils Ordinary Election held on December 10, 2023, the EAC has, pursuant to the instructions of the Chief Executive (CE), established a dedicated investigation group to investigate the causes of the incident comprehensively so as to ensure that similar incidents will not happen again. The work of the investigation group is on-going. The findings of the investigation will be reported in detail in the report to be submitted to the CE within three months after the election as required by the law.
(2) The Office of the Government Chief Information Officer (OGCIO) is responsible for the Government's central backbone systems and inter-departmental information technology (IT) service projects, including the government cloud services, the big data analytics platform and the recently launched initiatives on cross-boundary data flow and Cross-boundary Public Services. Other government IT projects with a focus on services offered by individual departments are spearheaded by responsible B/Ds such that the system development and operation cater for the respective policy and the needs of the public service recipients.
OGCIO has been working closely with B/Ds and renders support to departments in implementing their e-government services at different stages. These include providing policy guidance and technical standards at project initiation stage, and assigning officers on a need basis to participate in the Project Steering Committees set up by B/Ds for their large-scale projects to provide departmental management with professional advice during system development.
As for cybersecurity, the Government has formulated the Government IT Security Policy and Guidelines, which set out the requirements applicable to B/Ds for the establishment, implementation, maintenance and continuous enhancement of their information security management system. OGCIO also regularly reminds B/Ds to adopt measures to protect government information systems and data. Meanwhile, OGCIO organises departmental cybersecurity drills, seminars and solution showcases, etc. Over 3 400 staff members of government departments attended relevant events last year.
To assist departments in strengthening preparedness before the launch of their major e-government systems, the Government introduced a new measure in November 2023 requiring respective departments to subject their large-scale electronic systems to additional stress and load tests to be conducted by an independent third party arranged by OGCIO.
To support the important mission of building a digital government in the future, the Government is formulating new policies, with a view to strengthening the governance measures of OGCIO, or the future Digital Policy Office, at different work junctures such as project initiation, tendering, formulation of technical options, system development, testing and risk assessment. These are aimed at providing more professional support to B/Ds and further enhancing the stability and security of government e-services under a multi-pronged approach. The relevant new measures will soon be announced.
(3) Government information systems are based on the public services individual departments provide. Hence, B/Ds will initiate, invite tenders and take forward the IT projects in accordance with their policies and requirements of their service clients.
To assist departments in managing and monitoring their IT service contractors, OGCIO has issued the Practice Guide to Project Management for IT Projects under an Outsourced Environment, covering project initiation, planning, implementation and completion. The Practice Guide also recommends a set of good practices for B/Ds to follow. B/Ds would monitor their contractors with reference to the contracts. If the performance of contractors fail to fulfil the service requirements and standards specified in the contracts, departments may take actions based on the contractual clauses. These actions include warning, demand for compensation or even early termination of contract. To further support departments in identifying and engaging quality contractors, the Government is actively exploring how to strengthen the role of OGCIO in B/Ds' assessment and selection of service contractors, and formulating specific enhancement proposals.
For those smaller scale projects with a budget not exceeding $20 million, OGCIO implements the Standing Offer Agreement for Quality Professional Services scheme (the SOA-QPS scheme) to facilitate their speedy implementation. Under the SOA-QPS scheme, B/Ds can directly invite contractors having passed OGCIO's pre-qualification to submit proposals for B/Ds to select suitable service contractors. Contractors with continuous subpar performance may be suspended from further bidding under the SOA-QPS scheme until their performance improves.
Ends/Wednesday, January 17, 2024
Issued at HKT 16:50
Issued at HKT 16:50
NNNN