REPUBLIC OF KOSOVA
KOSOVO PROSECUTORIAL COUNCIL
KPC ICT SRATEGIC PLAN 2015-2020
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 1
Table of Contents 1 Management Summary .............................................................................................................. 9
2 Introduction ................................................................................................................................ 12
2.1 Background/ History .......................................................................................................... 12
2.2 Vision ................................................................................................................................... 13
2.3 Mission ................................................................................................................................. 13
2.4 Purpose and Scope ............................................................................................................. 13
2.5 ICT Strategy ......................................................................................................................... 14
2.6 Methodology ....................................................................................................................... 14
3 Strategic Key Area 1: Legal & Regulatory Framework ....................................................... 16
3.1 Current Position .................................................................................................................. 16
3.2 Legislative Changes Needed for Successful Introduction of ICT in KPC .................. 16
3.3 Regulatory Changes within KPC Responsibility ........................................................... 17
3.4 Memorandum of Understanding with other Institutions ............................................ 17
4 Strategic Key Area 2 – Application Landscape .................................................................... 19
4.1 Current Position .................................................................................................................. 19
4.2 Rationale .............................................................................................................................. 19
4.3 Benefits ................................................................................................................................. 20
5 Strategic Key Area 3 ‐ ICT infrastructure .............................................................................. 21
5.1 Current Position .................................................................................................................. 21
5.2 Setting ‐Up Data Center According To Well‐Defined Standards ................................ 21
5.3 Establishing Physical Separation of the KPC Assets ..................................................... 23
5.4 Implementing Data Center Disaster Recovery Plan ...................................................... 25
5.5 Implementing Data Center Resilience ............................................................................. 26
5.6 Providing of Adequate Patch Rooms .............................................................................. 27
5.7 Implementing Virtualization of the Servers ................................................................... 28
5.8 Implementing Adequate Scanning Devices .................................................................... 29
5.9 Implementing Adequate Data Backups .......................................................................... 30
5.10 Implementing Data Archiving .......................................................................................... 31
5.11 Implement Adequate Networks ....................................................................................... 31
5.12 Providing of Adequate Desktops ..................................................................................... 32
5.13 Providing of Telephony Services ..................................................................................... 33
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 2
5.14 Implementing Cooling and Ventilation Systems .......................................................... 34
5.15 Providing Uninterruptible Power Supplies (UPS) ......................................................... 34
5.16 Implementing Fire Protection Systems ........................................................................... 35
6 Strategic Key Area 4 ‐ Security ................................................................................................ 36
6.1 Current Position .................................................................................................................. 36
6.2 Implementing Adequate Security Zones ........................................................................ 36
6.3 Establishing Segregation of ICT Environments and Duties ........................................ 38
6.4 Implementing Network Access Control .......................................................................... 39
6.5 Implementing User Access Management ....................................................................... 40
6.6 Implementing Physical Access Control ........................................................................... 40
6.7 Implementing Controlled Internet Access ...................................................................... 41
6.8 Ensuring Data Encryption ................................................................................................. 42
6.9 Implementing Audit Trail (Log Management) .............................................................. 43
6.10 Implementing Information Technology Risk Management ......................................... 44
7 Strategic Key Area 5 – Collaboration Solutions .................................................................. 45
7.1 Current Position .................................................................................................................. 45
7.2 Controlled Usage of E‐mail System ................................................................................ 45
7.3 Usage of New Collaboration Tools .................................................................................. 46
8 Strategic Key Area 6 ‐ Implementation Methodologies ..................................................... 48
8.1 Current Position .................................................................................................................. 48
8.2 Choice of Suitable Implementation Methodologies: Iterative Approaches ............... 48
8.3 Development of a Coherent Test Strategy ...................................................................... 50
8.4 Co‐ordination between Development and Production: ʺDevOpsʺ Approach ........... 51
8.5 Migration Path: Reuse of Existing Data ......................................................................... 52
8.6 Filling CMIS Data ............................................................................................................... 53
9 Strategic Key Area 7 ‐ Adequate Software Platform & Tools ........................................... 54
9.1 Implementing Software Architecture .............................................................................. 54
9.2 Use of Standard Protocol for Information Exchange ..................................................... 56
9.3 Selection of a Suitable Scanning Solution ....................................................................... 57
9.4 Use of Adequate Collaboration Tools .............................................................................. 57
9.5 Witness Protections Systems ............................................................................................. 58
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 3
10 Strategic Key Area 8 ‐ Support and Maintenance ............................................................... 60
10.1 Current Position .................................................................................................................. 60
10.2 Standard ............................................................................................................................... 60
10.3 Rationale .............................................................................................................................. 60
10.4 Benefits ................................................................................................................................. 62
11 Strategic Key Area 9 ‐ Human Resources .............................................................................. 63
11.1 Current Position .................................................................................................................. 63
11.2 Rationale .............................................................................................................................. 63
11.3 Benefits ................................................................................................................................. 66
12 Strategic Key Area 10 ‐ Process Change Management ....................................................... 67
12.1 Current Position .................................................................................................................. 67
12.2 Rationale .............................................................................................................................. 67
12.3 Benefits ................................................................................................................................. 69
Annexes ............................................................................................................................................... 70
KPC ICT Strategic Plan ‐ Working Group .................................................................................. 70
Page 4
Table of figures Fig. 1: The ten Strategic Key Areas of the KPC ICT Strategic Plan.............................................. 14
Fig. 2: Physical separation of the Data Center Servers between KPC and KJC ......................... 24
Fig. 3: Patch Room .............................................................................................................................. 27
Fig. 4: Security zones .......................................................................................................................... 37
Fig. 5: A proposed DevOps maturity model for KPC ................................................................... 52
Fig. 6: ICT human resources organization ...................................................................................... 64
Fig. 6: Accompanying activities for the five phases of change management ............................ 68
Fig. 7: A 7‐steps communication strategy ....................................................................................... 68
Referenced documents Reference Document Name
RD1 KJC ICT Strategy 2012‐2017
RD2 Assessment Report ‘’Building capacity of the Kosovo Judicial Council on
Information Communication Technology’’‐2011
RD3 Law on the Kosovo Prosecutorial Council
RD4 Law on State Prosecutor
RD5 ICT/CMIS Project Proposal
RD6 Regional conference on cooperation on the use of ICT in Judiciaries in the
western Balkans
RD7 KPC ICT strategic plan 2015‐2020 – Kick off meeting
RD8 Analysis of the Legal Framework Relevant for Transformation of the Existing
Manual Judiciary into an e‐Judiciary, February 2015
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 5
Glossary ADKAR Awareness, Desire, Knowledge, Ability and Reinforcement ‐ The ADKAR®
Model, introduced by Prosci (a leader company in benchmarking research and
change management products), is one of the most popular and effective change
management model, based on the individual progression.
ANSI/TIA‐
942
American National Standard Institute‐ Telecommunication Industry
Association ‐ A standard providing guidelines for building data centres and
computer rooms.
CMDB Configuration Management Database ‐ A database that contains information
about IT assets, as well as the relationships between these components.
CMIS Case Management Information System ‐ A project aiming to automate the work
in all prosecution offices in Kosovo.
CPU Central Processing Unit ‐ The main component of a computer, containing the
logic circuitry that performs the instructions of a computerʹs programs.
DBMS Database Management System ‐ A program enabling to create, to store, to
modify, and to extract information from a database.
DevOps Development and Operations – A way of collaborating and communicating
between development and operations teams; that encompass both
organisational aspects and ad‐hoc tooling.
DMZ Demilitarized zone ‐ A computer or small network inserted as a ʺneutral zoneʺ
between a trusted, private network and an untrusted, public network. It
prevents outside users from getting direct access to a server that holds private
data.
DRP Data Center Recovery Plan ‐ A documented plan to ensure business continuity,
by recovering and protecting an IT infrastructure in the event of a disaster.
DTAP Development, Test, Acceptance and Production – An acronym used to describe
the four steps of software implementation.
Forefront
TMG
Forefront Threat Management Gateway (TMG) is commonly deployed as a
secure web gateway with advanced web protection capabilities.
ICT Information and Communication Technologies ‐ A generic term to describe all
communication devices, computers, networks, as well as various associated
services or applications.
IMG International Management Group – A private company providing
administrative and financial management for the CMIS project.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 6
IP Internet Protocol ‐ The primary network protocol used on the Internet.
ISIS Image and Scanner Interface Specification – A standard interface for image
scanning technologies.
ISO International Standardization Organization – The international organization
that develops and publishes international standards.
ISTQB International Software Testing Qualifications Board ‐ ISTQB is an international
software testing qualification certification organization.
ITIL IT Infrastructure Library. ITIL is a set of procedures that are used to implement
a lifecycle framework for IT Service Management.
ITSM IT Service Management ‐ A process‐based approach to align the delivery of IT
services with the needs of the organization that uses them.
KJC Kosovo Judicial Council
KPC Kosovo Prosecutorial Council
KPI Key Performance Indicator ‐ A quantifiable measures that can be used to
evaluate the performance of an activity in terms of meeting its strategic and
operational goals.
LAN Local Area Network ‐ A local area network is a telecommunication network
that interconnects computers within a small geographic area (e.g. within an
office building).
LCM Life Cycle Management ‐ The process of managing the entire lifecycle of a
product.
MPA Ministry of Public Administration
MS Microsoft Corporation
NAC Network Access Control ‐ A method of bolstering the security of a proprietary
network, by restricting the availability of network resources to endpoint
devices that comply with a defined security policy
NAS Network Access Server ‐ A server that performs authentication and
authorization functions for potential users by verifying logon information
RACI Responsible; Accountable, Consulted, Informed ‐ A responsibility assignment
matrix, also known as RACI matrix, is a way to describe the participation by the
stakeholders in completing tasks. It helps in clarifying roles and responsibilities
in cross‐functional organizations, by assigning clear ownership for each task.
RAD Rapid Application Development – An iterative approach for software
development, that relies on the concept of prototype.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 7
RAM Random Access Memory ‐ The computer storage location, allowing data to be
stored and accessed quickly.
SAN Storage Area Network ‐ A high‐speed network that interconnects storage
devices to servers.
SANE Scanner Access Now Easy ‐ An application programming interface providing
standardized access to scanner hardware.
SLA Service Level Agreement ‐ A contract between a provider of services and a
client, that specifies what services will be provided and with what level of
quality.
SOAP Simple Object Access Protocol – The communication protocol used by Web
Services
SQL Structured Query Language ‐ A specific programming language allowing to
manage data stored in a relational database management system.
SWOT Strengths, Weaknesses, Opportunities, Threats ‐ A SWOT analysis is a
structured method used allowing to evaluate the strengths, weaknesses,
opportunities and threats of an organization.
TWAIN TWAIN is an application programming interface that enables the
communication between a document management system and a scanner.
UDDI Universal Description, Discovery and Integration – A registry allowing to
publish and find Web Services
UPS Uninterrupted Power Supplies – An electrical device (battery) providing power
to IT systems when the main power source fails.
URL Uniform Resource Locator ‐ A generic term for all types of names and
addresses that refer to objects on the World Wide Web.
VOIP Voice Over IP ‐ A set of technologies allowing the delivery of telephone
calls (voice communications) over Internet – instead of using a regular, analog
line.
WAN Wide Area Network ‐ A wide area network is a geographically dispersed
telecommunication network, used to exchange data on a broad area (e.g., on a
regional, national or international level) through leased lines.
WIA Windows Image Acquisition ‐ A Microsoft application programming
interface enabling document management systems to communicate with
scanners.
WiKi A web application (web site), implemented collaboratively by a community,
which allows their members to add, modify or delete content.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 8
WSDL Web Services Description Language ‐ A XML based language, providing a
standard description of a Web Service.
XML Extensible Mark‐up Language ‐ A mark‐up language (text‐based format)
designed to describe data.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 9
Management Summary
The Kosovo Prosecutorial Council (KPC) and the Kosovo Judiciary Council (KJC) are
currently undertaking, in close co‐operation, a comprehensive reform of the prosecutorial
and juridical system of Kosovo. This reform includes the introduction of Information
Communication Technology (ICT) and the development of a Case Management Information
System (CMIS). The key objective of introduction of CMIS will be the increase of the
efficiency, accountability and transparency of courts and prosecutors.
In order to proceed in building up an ICT environment which complies with the current and
future needs of the stakeholders, as well as with the CMIS requirements, KPC has decided to
elaborate an ICT strategic plan for the period 2015‐2020. This ICT strategic plan will be used
as the basis for future ICT planning and investment, providing a sound basis for investment
decisions inside the KPC.
The accomplishment of the ʺe‐Prosecutionʺ vision that underlies this strategic plan occurs
through a complete, harmonized and coordinated realization of ten “Strategic Key Areas”,
being:
1. Strategic Key Area 1: Legal & Regulatory Framework ‐ Even though there is no
explicit indication on the usage of ICT in the law, the prescribed responsibilities of
KPC are impossible to achieve in an efficient and effective way without the
introduction of ICT. Therefore, KPC shall undertake activities related to an
appropriate change of laws, sub‐laws, and policies/procedures; as well as reach
memorandums of understanding with other institutions.
2. Strategic Key Area 2: Application Landscape ‐ The importance of CMIS and its
broad functional coverage cannot be a reason to ignore additional specific
applications, which are not in the scope of the services provided by CMIS, but are
however needed by the prosecutorʹs offices and support staff in order to effectively
and efficiently fulfil their duties. In that context, KPC shall guarantee that all its
objectives will be reached thanks to the management of a complete application
landscape.
3. Strategic Key Area 3 ‐ ICT infrastructure – The implementation of an infrastructure
that complies with international standards will represent a solid basement of modern
ICT for KPC. This basement will allow to respond efficiently to the requirements of
CMIS and to other support activities. KPC shall take the necessary actions in order to
have a customizable ICT infrastructure, capacity predictable, manageable and
allowing a full control on the data and the hardware belonging to KPC.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 10
4. Strategic Key Area 4 – Security ‐ Considering the sensitive character of the
information processed by KPC, it is obvious that a special attention must be put on
information security and data protection. By integrating a robust information security
management system, KPC shall ensure that the product reliability, safety and
integrity will be guaranteed to the highest level of the organization.
5. Strategic Key Area 5 – Collaboration Tools – The need for sharing relevant
information among the stakeholders, despite the geographically spread organization
of the prosecutorʹs offices, is a reason to implement various collaboration solutions.
To that extent, KPC shall further develop a controlled and secured usage of e‐mail,
but shall also deploy new appropriate collaboration solutions – being internal,
oriented towards other organization or the public in general.
6. Strategic Key Area 6 ‐ Implementation Methodologies – The complexity of CMIS
justifies the adoption of suitable methodologies, in order to support the execution of
the whole project lifecycle. To this end, KPC shall proceed with the choice of an
iterative approach for the implementation, develop a coherent test strategy, ensure
the coordination between the development and operation teams and carry out a
reasoned data migration activity.
7. Strategic Key Area 7 ‐ Adequate Software Platform & Tools ‐ Taking into account
the ambitions of CMIS and the other supporting systems, KPC shall deploy state‐of‐
the art technologies for their implementation. However, for the sake of minimizing
costs and efforts, the preference shall be put on solution that are compliant with the
current architectural choices already jointly made by KPC & KJC. Furthermore, the
need for interoperability with other institutions also requires the use of standard
protocols allowing the exchange of information.
8. Strategic Key Area 8 ‐ Support and Maintenance ‐ KPC shall organize support
services according to de facto recognized standards (IT Infrastructure Library ‐ITIL).
ITIL provides documented procedures in order to ensure both Service Support and
Service Delivery. Service Support focuses on the users of the IT services and is
primarily concerned with ensuring that they have access to the appropriate services
to support the business functions. The Service Delivery is the set of proactive services
that KPC shall deliver in order to provide an adequate support framework to the end‐
users.
9. Strategic Key Area 9 ‐ Human Resources ‐ KPC has already at disposal valuable ICT
resources. However, the implementation of all ambitions of this strategic plan
requires having at disposal a wide range of skilled ICT profiles. To this end, KPC
shall undertake structural measures (on the long term) in order to develop a
multiannual hiring plan and to maintain the existing competences. Meanwhile, until
the ICT staff does not include all the required resources, a partial and controlled
outsourcing of resources shall be envisaged.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 11
10. Strategic Key Area 10 ‐ Process Change Management ‐ KPC perfectly understands
that the deployment of new ICT tools affects directly the day‐to‐day activities of its
officers. Besides significant training efforts already undertaken, KPC shall also set‐up
a broader change management policy, to be implemented through a comprehensive
communication plan. Thanks to an effective application of this change management
strategy, the KPC staff will feel supported and will understand the change process
and the underlying vision.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 12
1. Introduction
1.1 Background/ History The Kosovo Prosecutorial Council (KPC) is a fully independent institution in the
performance of its function, established by regular law as of 1 January 2011. It ensures that
all persons have equal access to justice and that prosecutors exercise their function in an
independent, professional and impartial manner.
The Kosovo Prosecutorial System includes:
seven basic prosecution offices, each divided in three departments: general department;
department for juveniles, and serious crimes department;
one appeal prosecution office, divided into general and serious crimes departments;
one special prosecution office; and
The Chief State Prosecution office.
In the past, KPC was not included in the development of the ICT strategy for courts in
Kosovo. In order to remediate to this situation, KPC, in close co‐operation with the Kosovo
Judiciary Council (KJC), are currently undertaking a comprehensive reform of the
prosecutorial and juridical system of Kosovo. This reform includes the introduction of
Information Communication Technology (ICT) and the development of a Case Management
Information System (CMIS). The key objective of introduction of CMIS will be to increase the
efficiency, accountability and transparency of courts and prosecutor’s.
In this context, KPC and KJC have agreed to combine their efforts, in order to implement this
case management system that will be used both by the judiciary and prosecutorial systems of
Kosovo.
The CMIS project will have four‐year duration as per plan, and will be divided into two
major phases:
The first phase is a preparatory phase; with estimated duration of one year. The main
objective of this phase is to develop the functional specifications for the CMIS
application.
The main phase of the CMIS project should last for three years. Its main objective is to
develop and to fully introduce CMIS in all courts and prosecutorial offices in Kosovo.
In order to proceed in building up an ICT environment which complies with the current and
future needs of the stakeholders, as well as with the CMIS requirements, KPC has decided to
elaborate an ICT strategic plan for the period 2015‐2020. This activity is made possible thanks
to the support of the KPC Working Group, representatives of KPC ICT as well as
international experts.
The financial support to the ICT/CMIS project and to this ICT strategic plan is provided by
the Government of Norway.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 13
1.2 Vision Kosovo Prosecutorial Council, through Information and Communication Technologies, is
committed to create an e‐Prosecution environment which will enable the availability of
digital, online, connected and collaborative services, offered not only to KPC but to all
related stakeholders.
1.3 Mission The implementation of modern Information and Communication Technologies will provide
secure, reliable and quality services for the cases management, as a primary activity of the
Kosovo Prosecutorial Council and for other activities; this in order to contribute to the
overall increase of efficiency, accountability and transparency of the prosecutorial system.
1.4 Purpose and Scope The purpose of the KPC ICT strategic plan, which is further described in this document, is
the response to the e‐Prosecution vision. E‐Prosecution is an opportunity in making available
up to date, accurate and secured information to the prosecutors, to the prosecutor’s offices, to
the support staff as well as to the citizens. Therefore, e‐Prosecution is expected in
contributing to increase the efficiency, accountability and transparency of prosecutorʹs
activities. Eventually, the aim is to comply with European e‐Justice overall strategy.
This ICT strategic plan intends to detail the high level strategic directions and plans for the
full range of ICT for the next five years. It demonstrates the role of ICT as a powerful set of
tools enabling the achievement of the KPC vision – in particular through the implementation
of CMIS.
Moreover, this ICT strategic plan:
Shall be used as the basis for future ICT planning and investment, providing a sound
basis for investment decisions inside the KPC;
Outlines where efficiencies can be made and costs reduced through improved use of
technology, resulting in further reduction of paper, workload and travel costs; and
Shall be treated as a living document that may change depending on new requirements
or opportunities caused by the rapid evolution of new technology.
This ICT strategic plan must ensure that it is aligned with wider KPC priorities, ICT
directions and budget funding.
In addition, it has to be noticed that both KPC and KJC use the same ICT environment.
Therefore, the guidelines expressed in the KJC ICT Strategic Plan 2012‐2017 are to be used as
a framework for the elaboration of this KPC ICT Strategic Plan.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 14
1.5 ICT Strategy KPC will accomplish his vision and mission through ten main groups of activities described
in this ICT Strategic Plan. These groups of related activities are imagined and presented as
ʺStrategic Key Areasʺ and are exposed as follows:
Fig. 1: The ten Strategic Key Areas of the KPC ICT Strategic Plan
Those Strategic Key Areas are described in greater details in the remaining of this document.
Implementing partially only one or some of the Strategic Key Areas will not help, nor give
results and clear measurable accomplishments at the end of this ICT Strategic Plan. Only a
complete, harmonized and coordinated realization of all strategic key areas will enable KPC
to achieve his vision.
In order to efficiently implement each Strategic Key Area, the current situation of KPC
regarding ICT is described. According to this current situation several domain of activities
are described per Strategic Key Area. Those domains of activities will enable the Key
Strategic Area to be implemented as a whole.
1.6 Methodology Step 1: Analysis of the present situation: where are we, assessing strengths and
weaknesses? This process is referred to as ʺSWOTʺ: strengths, weaknesses, opportunities,
and threats. This first step is conducted through workshops with small groups (support
staff, prosecutors and ICT staff) member of the KPC Working Group dedicated to this
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 15
ICT Strategic Plan. In addition, a questionnaire is provided to the members of the
Working Group in order to express their requirements.
Step 2: Elaboration of the future: where do we want to go, what do we need: envisioned
state and choices. Make a gap analysis. Identify key issues, questions, choices and actions
to be addressed as part of this ICT Strategic Plan. The actions must be specific,
measurable, achievable, results‐oriented, and time and cost limited. The deliverable of
this step is the draft ICT Strategic Plan, which is submitted to the stakeholders for
comments and review.
Step 3: Agreement upon strategic actions to reach the goals and address key issues
identified. The deliverable of this step is the final ICT Strategic Plan approved by all
stakeholders.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 16
2. Strategic Key Area 1: Legal & Regulatory Framework
2.1 Current Position The full introduction of ICT in the KPC, as further described in this document, will represent
a major change in the working procedure undertaken by management, prosecutors and
support staff. Currently, the legislative and regulatory basis in Kosovo has in scope to
support old manual (“paper and pen” based) systems. This means that the cases are still
manually registered in a register, and this register, together with related paper documents,
are the only official documents that are considered as having force of law.
Even though there is no explicit indication on the usage of ICT in the law, it can be
reasonably assumed that the prescribed responsibilities of KPC are impossible to achieve in
an efficient and effective way without the introduction of ICT. As an independent institution,
KPC has legitimacy to claim its responsibility for introduction of ICT as an essential
precondition for fulfilment of its competences and responsibilities provided by law.
On this regard, to pave the way for introduction of the ICT in the prosecution offices, a
thorough analysis of the existing domestic legal framework (laws and by‐ laws) that is
relevant for transformation of the existing manual work into e‐work shall be conducted. An
identical assessment has been conducted for the purpose of the introduction of the ICT
solutions inside KJC, in particular for the KJC CMIS Project (cfr. RD8).
With the aim of enabling full introduction of ICT solutions in to the KPC, it will be needed
during the implementation of this ICT strategy to undertake activities related to:
Changing of laws;
Changing sub‐laws, policies/procedures; and
Reaching memorandums of understanding with other institutions.
2.2 Legislative Changes Needed for Successful Introduction of ICT in KPC
Initiation of legislative changes shall be a constant activity of KPC to monitor possible
improvements that ICT can bring to prosecution offices, support staff, citizens; as well as to
timely start with initiatives for amending respective legislation.
For the purpose of initiating legislative changes, the laws currently in force will require to be
amended through appropriate legislative procedures. To this end, KPC shall:
Submit amendments to the law in order to ensure clear authority and responsibility of
KPC for implementation, coordination and supervision of the uniform introduction of
ICT technologies;
Request authorizations to receive financing and directly manage donors for ICT projects
in judiciary;
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 17
Initiate legislative changes to the procedural laws, in order to accommodate effective and
efficient usage of ICT such as usage of electronic documents, usage of digital signature,
electronic signature and similar ICT activities, which will be further described in this
document;
Find ways of attracting and maintaining ICT specialists. This activity aims to ensure
proper human resources which can provide adequate operational support to the ICT
strategy in its future achievements.
2.3 Regulatory Changes within KPC Responsibility As previously explained, the introduction of ICT in the KPC will represent a major change in
the working procedure undertaken by management, prosecutors and support staff.
Different work processes such as data storage, archiving, backups, case flow, monitoring of
performances, assignment of tasks, hiring procedures and other activities prescribed by law
will have to be performed in a different way than in the current manual procedures.
This adaptation of working procedures needs to have a regulatory basis. Therefore, KPC
shall examine current sub‐laws, rules and procedures that regulate the work of prosecutions
offices and support staff, as well as the operations and systematization of work posts in
order to:
Make amendments to existing sub‐laws, rules or procedures;
Create new sub‐laws, rules or procedures.
These amended or new sub‐laws, rules and procedures will regulate the usage of ICT
(hardware, security, networking, internet, applications, etc.) as described in the next strategic
key areas, further in this document.
2.4 Memorandum of Understanding with other Institutions The legacy is often a burden to start from a new blank page. This is the case with all ICT
infrastructures (server rooms, routers, switches, networks) that are commonly used by both
KPC and KJC; as well as for different software licenses that are provided by the Ministry of
Public Administration (MPA).
Common usage of the same infrastructure can be a source of ambiguity in case of incidents,
maintenance and upgrade of the existing hardware. In addition, the provision of the
software licenses by the MPA is also a source of uncertainty. Indeed, the current laws
support this procurement; but there are no clear indications that KPC, as an independent
institution, will still be granted to use these licenses in the future as well.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 18
To avoid those uncertainty situations for the future, KPC shall:
1. Initiate a memorandum of understanding with KJC in order to have:
A clear separation of duties: who does what in different cases as far as the shared
infrastructure is concerned (under the form of a responsibility assignment matrix ‐
aka ʺRACIʺ matrix);
The possibility of managing in the future the routers and switches by his own KPC
ICT staff;
The possibility to order, manage and install its own hardware inside the data centres.
2. Initiate a memorandum of understanding with the MPA in order to agree that:
Software licenses provided by MPA will remain available in the future for KPC;
The usage of the current fibre network lines in different regional offices will be
guaranteed in the future;
The remaining regional offices that don’t have fibre network lines will be linked with
those lines ‐ when this will be possible by MPA;
Telephony (ʺVoice over IP [ʺVoIPʺ]) services for KPC will be provided by MPA in the
future as well.
3. Initiate a memorandum of understanding with other public or international institutions
in order to agree that:
The processing of the exchanged information (formatting, way of exchange,
periodicity,…) is correctly specified;
Non‐disclosure agreements to keep information protected are in place;
The service which is provided by KPC or other institutions will be available in the
future.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 19
3. Strategic Key Area 2 – Application Landscape
3.1 Current Position As stated in the introduction, this ICT Strategic Plan mainly focuses on key areas necessary
to respond to the CMIS requirements. CMIS is the main application that will be used by the
prosecutorʹs offices, in order to increase the efficiency, accountability and transparency of
their activities. Among others, CMIS will allow the management of electronic files (case
registration, creation and modification of registries, delivery of cases, etc.), the automation of
working processes (case analysis and processing, tracking of case status…), calendar and
scheduling activities, as well as the production of various statistics and reports.
The detailed functional specifications for CMIS will be elaborated together with the selected
software company responsible for the development of CMIS and the KPC Working Group.
The importance of CMIS and its broad functional coverage cannot be a reason to ignore
additional specific applications, which are not in the scope of the services provided by CMIS,
but are however needed by the prosecutorʹs offices and support staff in order to effectively
and efficiently fulfil their duties.
In this context, the application landscape to be considered also covers:
Specific human resources applications for prosecutors and support staff; allowing a.o.
the management of positions (application for a position), personal files management,
training management and follow‐up, evaluation of performances, holidays management,
various reporting…
The management of car pool (cars registration, parts registration, follow‐up of warranty
periods, servicing and maintenance…);
Follow‐up of entry and exit of warehouses;
An application dedicated to the protection and assistance of the victims;
Financial management (budget planning, management of invoices for external
stakeholders, …);
A comprehensive Web portal, allowing interconnections with CMIS.
3.2 Rationale Besides the implementation of CMIS, in order to guarantee that all its ambitions will be
reflected in this application landscape, KPC shall, with the support of the KPC Working
Group:
Establish a comprehensive list of new applications to be built and the current
applications to be migrated;
Merge and consolidate applications, in order to avoid having too much applications in
the landscape;
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 20
Prioritize the resulting list: essential applications must be implemented (or migrated)
first; less critical one can be postponed or omitted;
Establish the detailed functional specifications for these applications before their
implementation.
This activity will provide the basis on which:
Decisions will be made about what KPC ICT will do over the whole strategic plan
duration;
The required budget for the implementation landscape will be quantified.
3.3 Benefits An optimized and controlled application landscape; which enables:
A complete coverage of the needs;
A mitigation of the risks induced by over‐complexity; and
A corresponding reduction of costs.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 21
4. Strategic Key Area 3 - ICT infrastructure
4.1 Current Position With regard to KPC ambitions, the current ICT infrastructure that is at its disposal is quite
limited. Currently, some of that hardware is fully functional, like Wide Area Network
(WAN) and Local Area Networks (LANs); while some other pieces of equipment have
become obsolete, such as servers and workstations.
The server rooms and most of the network enclosures are out‐dated and have no standard
security. Their management is done in coordination with KJC ICT staff. There is neither
standardized patch room data center resilience and recovery plan nor physical separation of
assets between KPC and KJC. The hardware (servers) which is in place is based on dedicated
hardware platforms per application, which implies higher costs of maintenance and sub‐
optimized usage of the hardware.
Currently, the budget to manage this infrastructure is entirely dependent on the donations
made by the EU or via bilateral agreements with EU countries. In addition, a limited amount
of ICT human resources is devoted to the management of the current server rooms.
In order to respond to those challenges, KPC shall take the necessary actions concerning the
ICT infrastructure in the following fields:
Set‐up of data center according to well‐defined standards.
Establish a physical separation of the KPC assets.
Implement a disaster recovery plan.
Implement data center resilience.
Provide adequate patch rooms.
Implement virtualization of the servers.
Deploy adequate scanning devices.
Implement adequate data backups.
Implement data archiving.
Implement adequate networks.
Provide adequate desktops.
Provide telephony services.
Implement cooling and ventilation systems.
Provide uninterruptible power supplies.
Implement fire protection systems
4.2 Setting -Up Data Center According To Well-Defined Standards
4.2.1 Current Position
The primary server room which is located at the KJC Secretariat, and delocalized server
rooms in the regional offices, are out‐dated and have no security standard. These rooms are
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 22
completely unsuitable to be used as server rooms: the floors are not antistatic and are not
raised as they are supposed to be. The air condition systems exist but are not redundant. The
server rooms are installed in old buildings, and there is a big question about the fact that the
electric installation is appropriate. They are only protected by a lockable non‐security door.
There is no room security ‐ no access control system, no fire detection system and no fire
suppression system installed.
4.2.2 Standards
The standard which shall be applied in building‐up a new Data Center for KPC is the
Telecommunication Infrastructure Standard for Data Centres ANSI/TIA‐942.
The principal advantages of designing data centres in accordance with TIA‐942 include:
The definition of a standard telecommunications infrastructure for data centres:
‐ Structured cabling system for data centres using standardized architecture and
media.
‐ Accommodation of a wide range of applications (LAN, WAN, SAN, channels,
consoles).
‐ Accommodation of current and future protocols.
‐ Replacement of unstructured point‐to‐point cabling that uses different cabling for
different applications.
The specification for data center telecommunications pathways and spaces.
Recommendations on media and distance for applications over structured cabling.
The establishment of a standard for data center tiers to replace several proprietary
standards. The TIA data center tier standard is:
‐ A tool to evaluate existing data centres.
‐ A tool to communicate design requirements.
4.2.3 Rationale
4.2.3.1 Business needs
The new case management system CMIS, that will be implemented during the period of this
strategic plan, will need a solid infrastructure in place. To this end, a first prerequisite will be
the implementation of a new data center, which will fulfil all the needs of modern,
customizable, capacity predictable and manageable data center by the ICT staff of KPC.
A data center respecting these requirements will give to KPC the possibility to have a fully
customized environment, with full control over the data and the hardware.
4.2.3.2 Security needs
KPC ‐ as an independent institution ‐ has complex needs and a large landscape of
applications (cfr. Section 3, ʺStrategic Key Area 2 – Application Landscapeʺ). This context
requires implementing strict measures to control data security and a very sensitive approach
to manage the confidentiality of the data.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 23
4.2.3.3 Cost needs
Having a fully customized, controlled and up‐to‐standards data center has a cost, because
there is a need to build, to manage, maintain and administer the infrastructure related to a
data center.
With the aim of reducing the operational and maintenance costs, it has been decided to
create a common data center located in the Palace of Justice of Prishtina, for both KJC and
KPC.
In order to comply with those needs, KPC will:
Ensure that all missing equipment will be purchased and obsolete equipment will be
replaced.
Deliver the new equipment according to this strategic plan, as well as according to
technical standards or good practices.
Ensure that all security measures are taken in order to comply with the data security and
protection requirements in the data center.
Ensure that budget lines will be provided by a secured and permanent financing source,
in order to build, maintain and administer the infrastructure related to the data centers.
4.2.4 Benefits
A data center that is easily customizable, giving to KPC full control over the data and the
hardware.
A secured data center, that ensures the availability and the confidentiality of the data.
The usage of INSA/TIA‐942 international standards allows a structured system for a
management of a data center.
4.3 Establishing Physical Separation of the KPC Assets
4.3.1 Current Position
As stated in the KJS ICT Strategic plan 2012‐2017, KJC & KPC will locate and build a
common data center in the Palace of Justice. The data center will be designed to function as a
carefully controlled environment. Throughout works on design, establishment and
maintenance of the data center, all valid technical and security standards as well as good
engineering practice will be applied.
4.3.2 Rationale
Despite the shared responsibility in managing the data center, KPC and KJC are two
independent institutions and consequently have slightly different views on:
Policies concerning the ICT;
How the data needs to be managed;
Storage;
Archiving;
Confidentiality;
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 24
Integrity;
Availability;
Security.
In order to take in account those different views, there is a need for a physical and logical
separation inside this environment shared both by KPC and KJC.
KPC ICT department (section) shall be the only authority which will authorize accesses to
the assets belonging to KPC. Any other individuals, third‐party providers which are not
accredited by KPC will not be allowed to access stored applications and information inside
the data center. The only exception in favour of mutual usage of KPC &KJC assets can be
justified by a reduction of operational and support costs; mainly for facility management
systems (UPS, cooling & ventilations and fire protection).
Fig. 2: Physical separation of the Data Center Servers between KPC and KJC
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 25
To this end, KPC shall:
Implement physical walls around the ICT assets which are property of KPC.
Implement temporary authorized access to those assets by third‐providers and controlled
by the KPC ICT staff.
Have the possibility to manage its own ICT third‐party providers; given that KPC will
give them credentials, in order to access KPC assets in the data center.
Take all necessary actions to have new regulation or memorandum of understanding
with KJC, in order to take in account those requirements ‐ always having in mind the
shared responsibility between KPC and KJC.
4.3.3 Benefits
Insurance that assets and the information are physically protected.
Clear responsibility on who does what when accessing physically KPC owned assets.
The possibility for KPC to manage its own assets, according to its own the objectives.
4.4 Implementing Data Center Disaster Recovery Plan
4.4.1 Current Position
For the time being, KPC has no data center disaster recovery plan (DRP), which can ensure a
continuity of the business processes in case of disaster. The implementation of CMIS is a
major trigger to have in place a DRP, given the importance of this digital case management
information system for the prosecutors and the support staff.
4.4.2 Rationale
ʺDisaster recoveryʺ and ʺHigh availability of the systemsʺ are different concepts. Disaster
recovery is a subset, a small part of overall business continuity. It is the process of saving
data with the sole purpose of being able to recover it in the event of a disaster.
Depending on the nature of the disruption, the KPC data center overall integrity may be
untouched ‐ or it could be totally destroyed.
In order to respond to a disaster/disruption, KPC shall undertake the following activities:
Set‐up of two data centres: a ʺprimary data centerʺ, which is located in Palace of Justice in
Prishtina, and a ʺsecondary data centerʺ, that currently does not exist. The secondary
data center will serve to recover rapidly the disrupted/destroyed data, information or
system. This secondary data center needs to be physically located at some distance from
the primary one.
A DRP shall be built between KPC ICT, the facilities management of the building and the
business (working group), in order to know what are the critical systems which needs to
be recovered, how and when.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 26
4.4.3 Benefits
Ensure business continuity of the KPC business processes in case of disaster.
4.5 Implementing Data Center Resilience
4.5.1 Current Position
Currently, given the limited equipment that is used by KPC, there is no resilience
implementation in the infrastructure of the data center. However, CMIS will require a high
availability, given the importance that this application will have for the efficiency of the
overall working processes inside KPC.
4.5.2 Standards
The international standard ANSI/TIA‐942, with respect to data center resilience, defines the
“minimal uptime” (i.e., the availability that can be achieved when the corresponding controls
are implemented) and it recognizes the following tiers:
TIER I II III IV
Availability 99.671% 99,749% 99,982% 99,995%
• Tier 1 = Non‐redundant capacity components (single uplink and servers).
• Tier 2 = Tier 1 + Redundant capacity components (N+1).
• Tier 3 = Tier 1 + Tier 2 + Dual‐powered equipment and multiple uplinks.
• Tier 4 = Tier 1 + Tier 2 + Tier 3 + all components are fully fault‐tolerant including uplinks,
storage, chillers, HVAC systems, servers etc. Everything is dual‐powered.
4.5.3 Rationale
Data center resiliency is the ability of a server, network, storage system, or an entire data
center, to continue operating even when there has been an equipment failure, power outage
or other disruption.
Considering the current configuration, the goal of KPC will be to achieve the Tier 2 and use
the secondary data center for the redundant capacity components. If, for budgetary reasons,
this secondary data center cannot be implemented, then the Tier 2 objective can be achieved
in the primary data center.
N+1 redundancy typically offers the advantage of additional failover transparency in the
event of component failure.
4.5.4 Benefits Business continuity of the prosecutor’s offices, prosecutors as well as the support staff is
ensured.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 27
4.6 Providing of Adequate Patch Rooms
4.6.1 Current Position
Patch Rooms as such are partially implemented through network enclosures. For most of
them, those network enclosures are without any physical protection of the routers, switches
or local servers that are stored into.
4.6.2 Standards
The same standard ANSI/TIA‐942, that is to be followed up for the implementation of the
data center, is also applied for patch rooms and network enclosures.
4.6.3 Rationale
A patch room is essentially a small satellite room of the data center. It is located in all
delocalized offices. Firstly, it allows connecting the delocalized offices with the data center
through a router. Secondly, it offers the possibility to have all the workstations of the offices
interconnected through switches and patch panels (see figure below):
Fig. 3: Patch Room
In that regard, in order to comply with standards and have a full control of own
infrastructure, KPC will:
Ensure that there is patch room in each location where a LAN is in place.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 28
Install and locate all patch rooms in accordance with valid technical standards and
protected against unauthorized access.
Accordingly arrange and label network cables.
Provide for each patch room adequate UPS or connection to a central UPS system.
Ensure that a Life Cycle Management (LCM) for routers and switches is in place.
Provide the possibility to manage routers and switches by the ICT KPC Staff.
Find the necessary budgets lines, in order to implement in due time the LCM for the
hardware located in the patch rooms.
4.6.4 Benefits
Insurance that assets and the information are physically protected.
Clear responsibility on who does what when accessing physically KPC owned assets.
The possibility for KPC to manage its own assets, according to its own the objectives.
4.7 Implementing Virtualization of the Servers
4.7.1 Current Position
The KPC servers present in the server rooms are all dedicated servers hosting specific
applications. Several servers are in the main server room at the KJC Secretariat, while others
are in the regional offices. Regarding their operating systems as well as their life cycle, most
of those servers are out of date.
4.7.2 Rationale
Because the current servers are dedicated servers, their CPU capacity is not optimized and
the underlying cost for this usage is much too high.
The location of the servers, which are currently for some in the central server room and for
others delocalized in the regional offices, it is not following the standards of having
centralized data center; with possibility of optimization, disaster recovery plans and data
center resilience. Even more, those servers are already obsolete and do not fulfil to the
requirements of implementing the CMIS application.
In that sense, KPC shall:
Implement the virtualization of the servers in the data center(s).
Ensure a good lifecycle management, in order to keep the virtualized servers at the right
level of usability.
4.7.3 Benefits
Going towards the virtualization of the servers (vs. dedicated servers) offers significant
benefits to KPC:
Server usage optimization: the hardware is not used only by one application but by
multiple applications. Therefore, this allows cutting down the waste of serverʹs resources,
by utilizing more efficiently the physical server resources and by provisioning each
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 29
virtual machine with the exact amount of CPU, memory, and storage resources that it
needs.
Improved disaster recovery: by definition, a virtual machine can be configured on any
physical server, given that virtualization provides hardware abstraction capability.
Increased uptime: ability to quickly and easily move a virtual machine from one server to
another is perhaps one of the greatest single benefits of virtualization with far‐reaching
uses.
Faster server provisioning: KPC ICT can plan easier the needed capacity, because server
virtualization enables an ʺelasticʺ ability to provision the system and to deploy it at a
given time.
Cost reduction: Hardware is most often the highest cost in the data center. With
virtualization the amount of hardware used is reduced which means the cost is reduced
as well. But the cost goes well beyond that of hardware amount: lack of downtime, easier
maintenance, less electricity used. Over time, this all adds up to a significant cost savings.
4.8 Implementing Adequate Scanning Devices
4.8.1 Current Position
For the time being, KPC has no appropriate scanning solution. This kind of system is
required in order to digitize the paper flows (documents) processed by KPC; i.e., to scan,
organize and store these documents.
4.8.2 Rationale
In order to provide suitable scanning capabilities, not only adequate hardware for scanning
is needed, but also an increased capacity of storage.
KPC shall undertake a market study in order to determine what scanning devices will be
selected, considering the CMIS requirements. At least, the following criteria shall be
evaluated:
The estimated volume of documents to be processed is obviously a key element in order
to determine the type and required speed of the selected scanners.
The possibility of having desktop scanners (for small volume and decentralized
scanning, at departmental level) and larger, centralized devices for higher volumes –
possibly multifunctional devices. Both types shall be connected to the network.
A review of the documents to be captured shall also be performed, in order to determine
the scanners capacity (A3 or larger formats, single or double sized, type of paper, black
and white vs. colour, etc…).
KPC shall select scanners that support ʺWindows Image Acquisitionʺ (WIA), TWAIN,
ʺImage and Scanner Interface Specificationʺ (ISIS) or SANE (ʺScanner Access Now Easy ʺ)
protocol. These protocols allow the scanners to communicate with the selected scanning
software (cfr § 8, ʺStrategic Key Area 7 ‐ Adequate Software Platform & Toolsʺ). They are
supported by most of the current scanners on the market.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 30
In addition, the volume of storage will increase significantly with the use of scanning
technologies. Therefore, with the time, this storage will become a cost and performance
burden. This burden will however be solved thanks to the implementation of data archiving
systems (such as explained in §4.10, ʺImplementing Data Archivingʺ).
In that sense, KPC shall:
Analyse according to the specifications of the new CMIS applications, what are the most
adequate scanning hardware.
Foresee sufficient storage capacity in order to cope with the volume of documents to be
scanned.
4.8.3 Benefits
Quicker access to the information.
Saved time and costs associated with case management.
Increased work productivity.
Increased security of sensitive information.
Lessened reliance on paper storage, lowering space needs and costs.
Increased flexibility in distributing documents.
4.9 Implementing Adequate Data Backups
4.9.1 Current Position
The current backup solutions are quite straightforward. A full backup is done only for some
applications with a frequency of one hour and without database transaction logs; for other
systems there is no backup system.
4.9.2 Rationale
A more sophisticated backup system is an essential mean for recovering data following to
loss or destruction.
Besides the choice of the system, the frequency and nature of back up will depend, amongst
other factors, on the type of organization and the nature of data being processed. The
security standards for back‐up data are to be the same as for live data.
KPC does not implement database transaction logs. As a consequence, the data between last
backup and a database crash will be lost. In addition KPC, is doing a full back‐up every
hour, which means that one hour of data could be potentially lost if there is a disruption in
the service.
In order to avoid this kind of loss or destruction of data, KPC shall:
Implement a system which implements incremental backup: the purpose of an
incremental backup is to preserve and protect data by creating copies that are based on
the differences with the last backup.
Provide modern hardware and software in order to make possible the incremental
backup.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 31
Ensure proper life cycle management for the hardware and the software dedicated to
data backups.
4.9.3 Benefits
The benefits of incremental backups can be summarized as follows:
Less costs for KPC, given that they consume minimum storage space.
More efficiency in the work, given that they are quicker to perform ‐ i.e., the amount of
time needed to perform the backup is minimized.
4.10 Implementing Data Archiving
4.10.1 Current Position
Currently, there is no data archiving solution implemented at KPC.
4.10.2 Rationale
Keeping available all the time the data and information progressively stored by a daily usage
can slow down the systems. Given the amount of cases processed by year at KPC and the
amount of information related to these cases, keeping those data for several years on line can
induce a serious impact on the efficiency of the new CMIS application.
In order to avoid any loss of performances due to this increasing amount of on‐line data,
KPC shall therefore put in place an adequate archiving system.
4.10.3 Benefits
Automating the data archiving process and using purpose‐built archive systems make
production systems run better, use less resources, and reduce overall storage costs.
Production performance is unaffected by information growth. Backup and recovery runs
faster, disaster recovery is less costly, and systems are easier to manage. Data moved into
archives is stored at much lower cost.
4.11 Implement Adequate Networks
4.11.1 Current Position
Currently, only some of the Prosecutor’s Offices are connected by optical network provided
by the MPA. The other Prosecutor’s Offices are connected to the network through different
ICT providers in Kosovo; with potential breach in security.
4.11.2 Rationale
In order to have a unified and a secured networking system, KPC shall ensure that all the
Prosecutor’s Offices are connected by optical network. The service concerning the optical
network is provided by MPA. If for any reasons MPA cannot offer anymore this service, KPC
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 32
shall make a feasibility study to connect the remaining offices with optical network and then
implement the solution accordingly.
In addition, backup connections shall be established through leased lines delivered by ICT
third providers. Potential breaches in security with lines provided by commercial companies
shall be avoided.
To this end, KPC shall:
Ensure, together with MPA, that all the regional offices will be eventually connected to
the KPC network via optical network lines, or realize feasibility study to connect the
remaining offices with optical network and then implement the solution accordingly.
Ensure that specific contracts with ICT third providers for the network are negotiated
and managed by KPC.
Provide the necessary accreditation to the ICT third providers to manage the KPC
network.
Ensure that a KPC domain/sub‐domain will be created, in order to strictly apply the own
KPC security policies.
4.11.3 Benefits
By implementing these activities, KPC will:
Contribute to increase his independency as far as ICT activities are concerned.
Ensure a better monitoring of ICT third providers.
Be able to apply his own security network policies, and therefore, to guarantee that all
necessary security requirements for CMIS (or for other KPC applications) are met.
4.12 Providing of Adequate Desktops
4.12.1 Current Position
Each year, KPC provides some new desktop equipment and computers for prosecutor’s
offices. However, the main issue resides in the fact that more and more employees need
desktop computers for their work; and this demand cannot be satisfied with the current
desktop computers capacity. Some computers are also too old and need to be replaced with
new ones.
4.12.2 Rationale
The ICT strategy will achieve its purpose only if all end users have functional and
undisrupted access to the ICT systems put at the disposal by KPC. Every end user shall have
his/her own desktop computer connected to KPC network. A suitable desktop computer
configuration is one that normally operates Windows 7 (or later), according to the support
provided by Microsoft Corporation.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 33
In that regard, KPC shall:
Perform a feasibility study to virtualize the desktops.
Implement the solution according to the results of this feasibility study.
Ensure the replacement of all old desktops which are facing performance issues due to
their non‐capacity to support new versions of operating systems.
Ensure that a life cycle management is in place for all desktops.
Implement a configuration database, to maintain up‐to‐date information about the basic
information concerning a desktop computer (the year of production, performance data
[RAM, CPU], type and version of installed operating system, location of the workstation
and any other useful information).
Implement a replacement planning (either for traditional desktops or virtual desktops)
according to the configuration database information.
Ensure that there is a budget line available for the implementation of this replacement
planning, the feasibility study and the solution to be implemented according to the
feasibility study.
4.12.3 Benefits
Efficiency planning of budgets and resources.
Efficiency in the work; hence, higher satisfaction of end users.
4.13 Providing of Telephony Services
4.13.1 Current Position
All telephonic services for KPC, based on a traditional copper‐wire system, are managed in
coordination with MPA. However in the regional offices the management of telephonic
services is done exclusively by the KPC resources.
4.13.2 Rationale
Voice over IP (VoIP) is a group of technologies allowing the delivery of audio
communications and multimedia sessions over Internet Protocol (IP) networks, such as the
Internet.
VoIP technologies are generally low‐cost and allow an efficient use of the bandwidth
available. Therefore, more and more organizations are migrating from traditional copper‐
wire telephone systems to VoIP technologies; ultimately in order to reduce their monthly
phone costs. Also, thanks to the capacity of VoIP to transport both voice and data over a
single network, infrastructure costs are also significantly reduced.
The arguments for going towards the VoIP instead of traditional copper‐wire telephone
systems are quite evident; however, this changing shall be initiated and managed by MPA.
KPC shall thus ensure that a memorandum of understanding exists between KPC and MPA;
in order to jointly agree on the possible future deployment of this technology.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 34
4.13.3 Benefits
Ensure the continuation of telephonic services.
4.14 Implementing Cooling and Ventilation Systems
4.14.1 Current Position
Currently, there are no efficient cooling and ventilation systems as required by international
standards. There are air condition systems in the rooms, but they are not redundant.
4.14.2 Rationale
Cooling of the data center and or patch rooms is one of essential elements to prevent failure
of the systems.
The area of cooling in the data center is much bigger than for example in the patch rooms, so
a more complex cooling and ventilation system shall be in place in order to ensure the
continuity of the data center. This complex solution may include additional devices which
react when the temperature is going up/down, in order to monitor at time the serious
variation of temperature.
For the patch rooms, air‐conditioning systems are sufficient.
In that regard, KPC shall ensure that there are appropriate cooling systems for both data
centers and the patch rooms.
4.14.3 Benefits
Continuity of prosecutorial activities.
Avoid the overheating of servers in the data centres, which can have impact on the
performance and premature end of life; and therefore, increases the costs for KPC.
4.15 Providing Uninterruptible Power Supplies (UPS)
4.15.1 Current Position
Currently all of the servers are connected to an UPS. UPS systems are not centralized and
most of them are out of date.
4.15.2 Rationale
To prevent single points of failure, all elements of the electrical systems, including backup
systems, shall typically be fully duplicated; and critical servers shall be connected to both the
ʺA‐sideʺ and ʺB‐sideʺ power feeds. This arrangement is often made to achieve N+1
redundancy in the systems. Static transfer switches are sometimes used to ensure
instantaneous switchover from one supply to the other, in the event of a power failure.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 35
Backup power consists of one or more:
Uninterruptible power supplies (UPS): an UPS is typically used to protect hardware such
as computers, data centres, telecommunication equipment or other electrical equipment
where an unexpected power disruption could cause injuries, fatalities, serious business
disruption or data loss.
Diesel / gas turbine generators: a diesel generator is the combination of a diesel engine
with an electric generator (often an alternator) to generate electrical energy, in case of
power disruption depending to the size of generator it can produce a power for the data
center for certain period of time.
KPC shall ensure that:
UPS are present in each data center, as well as in each patch rooms.
A study will be made in order to analyse the feasibility of installing appropriate
generators in case off power supply interruptions.
4.15.3 Benefits
Ensuring the continuity of prosecutorial activities
4.16 Implementing Fire Protection Systems
4.16.1 Current Position
There are no known fire protection alarms for the current server rooms and network
enclosures at KPC; with the exception of Palace of Justice.
4.16.2 Rationale
Data centers fire protection systems shall include passive and active design elements, as well
as the implementation of fire prevention programs. Smoke detectors are usually installed to
provide early warning of a fire at its incipient stage. This allows investigation, interruption of
power, and manual fire suppression using hand held fire extinguishers before the fire grows
to a larger size.
KPC shall investigate and put in place one or more of the following fire protection systems:
Active fire protection system, such as a fire sprinkler system or a clean agent fire
suppression gaseous system, which is provided to control a full scale fire if it develops.
Passive fire protection elements include the installation of fire walls around the data
center, so a fire can be restricted to a portion of the facility for a limited time in the event
of the failure of the active fire protection systems.
Fire wall penetrations into the data server such as cable penetrations, coolant line
penetrations and air ducts, are provided with fire rated penetration assemblies, such as
fire stopping.
4.16.3 Benefits
Ensure the continuity of prosecutorial activities.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 36
5. Strategic Key Area 4 - Security
5.1 Current Position Security measures offered by the current ICT infrastructure as well as by ICT in general, are
quite limited.
KPC will have to ensure that all missing security measures will be put in place and will be
applied according to this strategic plan. Those measures shall also respect several technical
standards or good practices. One of the standards in this domain is ISO27001 international
standard which is recognized globally for managing risks related to the security of
information.
Considering the sensitive content of the information handled by KPC, it is obvious that a
special attention must be put on information security and data protection. By integrating a
robust information security management system, KPC shall ensure that the quality, safety,
service and product reliability of the organization have been safeguarded to the highest
level.
In order to respond to those security challenges, KPC shall take the necessary actions in the
following fields:
Implementing adequate firewalls.
Establish segregation of ICT environments and duties.
Implementing network access control.
Implementing user access management.
Implementing controlled internet access.
Ensuring data encryption controls.
Implementing audit trail.
Implementing information technology risk management.
5.2 Implementing Adequate Security Zones
5.2.1 Current Position
Currently, firewalls are implemented in the KPC ICT infrastructure; but there is no clear
distinction between different possibilities of segregating information according to a specific
public.
5.2.2 Rationale
A firewall is a network security system that controls the incoming and outgoing network
traffic based on an applied set of rules. A firewall establishes a logical barrier between a
trusted, untrusted and demilitarized zone (DMZ). This will be the basis for a definition of
the security zones to be applied at KPC (cfr. picture below).
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 37
Fig. 4: Security zones
DMZ security zone
In the DMZ zone, the hardware and applications which are displaying the information on
internet reside outside the firewall and all the information is public.
Trusted security zone
Trusted Security zone is the network zone inside the firewall.
All the information dedicated for the prosecutors, prosecutor’s offices and support staff will
be available on the trusted security zone. It is obvious that the confidential information
concerning only prosecutors shall be protected via username and password. All applications
with restricted information are available through this zone.
Untrusted security zone
Untrusted security zone is the network zone that is partially accessible to authorized
outsiders of KPC e.g. availability of the information (according to the laws in place)
concerning a case accessible for a citizen which is related to that case but is still inside the
firewall.
During the period of this strategic plan, KPC shall:
Conduct technical architecture to design the three security zones.
Implement logical network segregation of three security zones.
5.2.3 Benefits
Confidentiality of the information is ensured, because KPC will filter the information
accordingly for the three different security zones.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 38
5.3 Establishing Segregation of ICT Environments and Duties
5.3.1 Current Position
Currently, KPC has at its disposal only two types of environments: a production
environment and development environment. All testing and demonstration activities are
performed at MPA environments. Often, the demonstrations, presentations or testing
activities are done directly in the production environment.
5.3.2 Standards
There are some standards which need to be followed‐up when segregating the ICT
environments:
1. Applications (CMIS or others) have to be developed on a development system. Besides
the ad‐hoc development tooling, this development environment also have only unit
testing capabilities (that means that each individual modules of the application are tested
in this environment by the developer).
2. Once the developer thinks that the particular components of an application are ready,
they are assembled and copied in a test environment; in order to verify that the
application (in a whole) works as expected. This test environment is supposedly
standardized and in close alignment with the production environment. Here as well, the
testing is done by KPC ICT testers according to the requirements of the prosecutors and
the support staff for each application.
3. If these tests are successful, the product is copied to an acceptance environment. During
the acceptance test, prosecutors or their delegates as well as representatives of the
support staff (end‐users) will test the product in this environment to verify whether it
meets their functional requirements.
4. If the end‐users accept the application, it is deployed in a production environment,
making it available to all users of the system.
5.3.3 Rationale
As indicated in the ICT/CMIS Project Proposal there will be a phase of development, test and
acceptance, pilot and model implementation.
Production systems need a stable environment to operate properly. Separating operational
environments from development, test and acceptance activities reduces the risks of
modifications to the operational system that could compromise the system’s integrity or
availability.
In order to fulfil these needs, KPC shall:
Ensure that the production environments are logically or physically separated from the
development, test and acceptance environments. In the production environment, only
operational data are managed. Tests or demonstration or any other non‐production
related activities in this environment will be forbidden.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 39
Ensure that the developersʹ access to the production environments is limited to
troubleshooting; and that all their interventions are recorded and monitored. Only
authorized users (ex: prosecutors, support staff) are granted to change/modify
information in the production environment.
Ensure that logon procedures and passwords shall be different for production and
development/test/acceptance environments.
Provide specific policies in order to manage user accounts on the different environments.
Provide procedures (controlled releases) for transferring software or hardware from
development, test and acceptance to production.
Ensure, when physical separation of development/test is not feasible, that the security
measures are equal to or higher than those required for the production environment.
5.3.4 Benefits
No security breach due to people who are not authorized to change the operational
information.
Deployment procedures in production environments will be controlled, and in this way,
the risk of having instable versions deployed in production is reduced; hence, this means
less work and fewer budget spent.
5.4 Implementing Network Access Control
5.4.1 Current Position
There is no network access control in the current KPC network infrastructure.
5.4.2 Rationale
Network access control (NAC), also called network admission control, is a method of
bolstering the security of a proprietary network, by restricting the availability of network
resources to endpoint devices that comply with a defined security policy.
A network access server (NAS) is a server that performs authentication and authorization
functions for potential users by verifying logon information. In addition to these functions,
NAC restricts the data that each particular user can access, as well as implements anti‐threat
applications such as firewalls, antivirus software and spyware‐detection programs. NAC
also regulates and restricts the operations that individual subscribers can do once they are
connected.
In that regard, KPC shall implement a network access control.
5.4.3 Benefits
Central policy management: the network administrators use a central policy manager to
develop, deploy and manage policies. The policy manager lets administrators use the
included tests, or customize tests to meet specific requirements.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 40
Continuous monitoring and enforcement: NAC continuously monitors, ensuring devices
remain compliant at all times. Devices that become non‐compliant are immediately
quarantined.
Automatic and manual remediation: non‐compliant devices are quickly repaired
through automated and interactive remediation options.
5.5 Implementing User Access Management
5.5.1 Current Position
The usersʹ administration and group policy are implemented at the domain level for ICT
department, in order to have automated management of users, computers and domain
controllers.
Additional organizational units to IT departments are created for managing resources and
administrative credentials of all staff members.
5.5.2 Rationale
In order to comply with the segregation of duties and to meet internal and external
standards and regulations, KPC will ensure that a user access management policy is in place,
in order to fulfil the following (non‐exhaustive) list of requirements:
There are different user accounts per environment (DTAP).
User accounts from development or test shall be prohibited in acceptance or production
environment or limited to troubleshooting and all activity recorded and monitored.
The usage of generic accounts is prohibited.
All user accounts are uniquely identified by a username.
A username is issued to an individual for the duration of that individual’s affiliation
within KPC.
A stricter password security policy is in place.
5.5.3 Benefits
Segregation of duties (confidentiality and the integrity of the data protected).
Tracing capacity of who does what.
Reduction of potential IT risks (e.g. the service desk can no longer reset passwords if
authentication is impossible).
Minimization of the password policyʹs impact on user productivity.
Minimization of help desk costs for password management.
5.6 Implementing Physical Access Control
5.6.1 Current Position
Currently, there is no system controlling the access to the ICT infrastructure facilities such as
serversʹ rooms or network enclosures.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 41
5.6.2 Rationale
Physical access to a data center is usually restricted to selected personnel, with controls
including a layered security system. This system often starts with a security check by the
guards and then with an access control vestibule (mantraps).
Video camera surveillance, alarm systems and permanent security guards are almost always
present when the data center is large and the systems within the data center contain sensitive
information.
For the patch rooms, a closed door with a badge system is sufficient.
In order to apply those security measures KPC shall:
Ensure that physical access control system is applied in the data center’s and in the
different patch rooms.
Provide a feasibility study in order to put in place video camera surveillance and alarm
systems.
5.6.3 Benefits:
Contributing to the confidentiality and integrity of the data, through a suitable access
control.
5.7 Implementing Controlled Internet Access
5.7.1 Current Position
Internet access is enabled to all employees throughout Kosovo prosecutorial offices. The
internet access is monitored and controlled by Microsoft Forefront Threat Management
Gateway (Forefront TMG). It offers a set of advanced web protection capabilities. However,
Forefront Client Security of TMG has been discontinued. Support is ending July 14th, 2015.
Antimalware and Antispyware definition updates will no longer be available after the end of
the support of this product.
5.7.2 Rationale
The usage of internet at work is nowadays generalized in all organizations and as such this is
an undeniable progress in work conditions and the performances of all employees
(prosecutors and support staff). However the non‐professional usage of the web can have
negative repercussions on the activities of the Prosecutor’s offices and support services.
In order to avoid those negative repercussions, KPC shall introduce controlling internet
access mechanisms like filtering the consulted content inside the organization as well as
internet usage policy.
KPC shall deploy three different levels of filters:
1. On URL level: forbidding access to specific web sites. E.g.: web sites with a video content
or sensitive information.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 42
2. On keywords level: defining a list of forbidden keywords, so the end user cannot access
the results if using research engines with those keywords.
3. On file type level: filter the download of certain type of files (e.g.; video, music, etc.). The
possibilities of attacks in this way are limited and the bandwidth of the ICT network is
higher.
5.7.3 Benefits
Thanks to these controls on the internet access, KPC will experiment positive impacts in the
day‐to‐day activities:
Increase of productivity.
Increase of professional usage of internet (information needed for the day to day
professional activities).
Decrease the risk of various attacks (viruses) on the ICT network.
Increase of performance on internet connections.
5.8 Ensuring Data Encryption
5.8.1 Current Position
Currently, at KPC all the traffic within the WAN is encrypted. There is no implementation of
any encryption mechanism at the data level (databases, applications).
5.8.2 Rationale
Besides the other security mechanisms, given the high confidentiality of the data managed
by KPC, the encryption of the data around all current and future systems shall be used.
Encryption is a translation of data into a secret code. Encryption is the most effective way to
achieve data security. To read an encrypted file, it is necessary to have access to a secret key
or password that enables to decrypt it. Unencrypted data is called plain text; encrypted data
is referred to as cipher text.
KPC shall put in place the following encryptions in the network in order to protect highly
confidential data’s:
Asymmetric encryption (also called public‐key encryption): this kind of system is mainly
used for transmitting information via the Internet; as well as for Digital Signatures.
Digital signature provides the added assurances of evidence to origin, identity and status
of an electronic document, transaction or message, as well as acknowledging informed
consent by the signer.
Symmetric encryption: mainly used for e‐mail messages and document files.
KPC shall ensure as well the implementation of database encryption. The database
encryption protects the stored data because they are unreadable without exact keys.
However the performance of the database can be impacted by the encryption of the stored
data: a reasoned usage of this technique will be used.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 43
5.8.3 Benefits
Data protection ‐ even if the information is stolen.
Secure transmission of data from unauthorized users.
Guarantee data integrity from manipulation.
Ensure compliance with laws and regulation on data protection.
5.9 Implementing Audit Trail (Log Management)
5.9.1 Current Position
There is no audit trail implemented at KPC, but this is a strong requirement expressed by the
prosecutors and support staff in order to comply with security challenges inside KPC.
5.9.2 Rationale
An audit trail is a process which records who has accessed a computer system and what
operations he or she has performed during a given period of time.
Considering that data integrity is a particularly sensitive topic for the prosecutors, audit trail
appears as being the best mechanism to alleviate their concerns.
KPC shall therefore implement audit trail in aggregation with appropriate tools and
procedures; not only in order to assist in detecting security violations; but also to control
performance problems, flaws in applications as well as to recover lost transactions.
This is especially a technical requirement which needs to be implemented in the CMIS
application.
5.9.3 Benefits
Individual accountability: end‐users are less likely to attempt to by‐pass security policy if
they know that their actions will be recorded in an audit log.
Reconstruction of events: when a technical problem occurs (e.g., the corruption of a data
file) audit trails can aid in the recovery process (e.g., by using the record of changes made
to reconstruct the file).
Intrusion detection: intrusion detection refers to the process of identifying attempts to
penetrate a system and gain unauthorized access. If audit trails have been designed and
implemented to record appropriate information, they can assist in intrusion detection.
Problem analysis: audit trails may also be used as on‐line tools to help identify problems
other than intrusions as they occur. This is often referred to as real‐time auditing or
monitoring.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 44
5.10 Implementing Information Technology Risk Management
5.10.1 Current Position
For the time being, information technology risk management is not implemented, given that
the data and information systems are still on manual stage processing.
5.10.2 Rationale
Information technology risk is the danger of loss of confidentiality and/or integrity and/or
availability, due to an inadequate information security.
Information and the supporting applications, IT processes, databases and underlying
infrastructure are important assets of KPC and, like other important assets, KPC shall
suitably protect them. The availability, integrity and confidentiality of information assets are
essential in maintaining the regulatory and legal compliance.
Inside KPC, an information risk management (IRM) service shall be created which will have
as a function and mission:
To use sound principles of risk management : governance, objective setting, event
identification, risk assessment, risk response, control activities, information and
communication and monitoring to ensure that the confidentiality, integrity and
availability of the information is maintained at levels that are proportionate to its value
and criticality.
To require from ICT department and the KPC end‐users to bring to light that they have
designed and implemented effective operational and technical controls for the
information they manage (daily business activities and strategic planning).
To support and advice the ICT department and the KPC end‐users in the design and the
implementation of these technical and operational controls.
To assess the vulnerability of the systems, in order to show the security issues that needs
to be addressed by KPC.
5.10.3 Benefits
Confidentiality, integrity and availability of the information are completely under control
and secured.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 45
6. Strategic Key Area 5 – Collaboration Solutions
6.1 Current Position Physical, face‐to‐face interactions remain the preferred way of collaboration between people.
However, the geographically spread organization of prosecutorʹs offices is a reason to further
implement various collaboration solutions.
KPC has already set up some collaboration tools:
The usage of e‐mail: an adequate infrastructure for e‐mail is now in place. E‐mail is used
to communicate and to exchange valuable information across the KPC organization. E‐
mail is also now considered as a ʺstandardʺ tool that is adopted by more and more
people. KPC progressively develops an E‐mail culture, through the implementation of its
own Internet domain.
The web site http://www.kpk‐rks.org. This web site has been financed thanks to donors
and uses technologies which are not maintained nor supported by KPC ICT staff. This
web site mainly makes available :
- Public information provided to all citizens: the content of this information is updated
regularly.
- Restricted information (which requires username and password): this is a shared
library provided to prosecutors in order to exchange the information concerning their
day to day business work.
Those efforts shall be pursued by KPC, in order to provide:
Controlled usage of E‐mail system.
Usage of new collaboration tools.
6.2 Controlled Usage of E-mail System
6.2.1 Rationale
The effort to develop an E‐mail culture shall be pursued by KPC. In particular, to improve
security, the usage of certificates will be encouraged. Also, the usage of private E‐mail shall
be prohibited in the professional context.
However, KPC shall avoid the pitfalls of a too extensive usage of E‐mail:
E‐mails generate chaos. When multiple people try to use E‐mail for collaboration, the
repetitive usage of ʺReply to allʺ, ʺForward” … lead to an uncontrolled explosion of the
volume of information that is exchanged.
E‐mails create silos. In addition to the previous aspect, ʺsilos of knowledgeʺ are created,
due to the fact that the users keep this information in personal or corporate mailboxes.
E‐mails are distracting. When new mails are incoming in their mailbox, people tend to
react on a responsive mode.
E‐mails do not allow filtering the information. A user can only see if an email is
important for him by reading it. Hence, time wasted for processing non‐relevant e‐mails.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 46
E‐mailing is time‐consuming. Due to the increasing volumes of E‐mails exchanged,
people spend more and more time in reading their mailboxes.
As a consequence of an uncontrolled usage of E‐mails, the productivity of the people
decreases. This loss of productivity is so high that more and more companies implement
now campaigns to restrict the usage of E‐mails.
6.2.2 Benefits
E‐mails are easy to use and fast. They allow communication with individuals or group of
people.
E‐mails can be used for exchanging various types of information: documents, pictures,
audio or video media…
Providing that an ad‐hoc infrastructure is in place, the usage of E‐mails is secure. In
addition, E‐mails can be encrypted.
Usage of E‐mail is cost‐effective compared to classical way to exchange information
(post).
6.3 Usage of New Collaboration Tools
6.3.1 Rationale
Besides E‐mail, the introduction of new collaboration ICT technologies by KPC will allow to
change the working practices of the prosecutorʹs offices, by bringing together e‐mail,
calendaring, audio/web/videoconferencing, instant messaging, files management; all
combined with the notion of ʺreal‐timeʺ presence. Collaboration tools will also offer to
groups of persons having common interest and objectives, a possibility to work together –
even when physical interactions is not an option.
Collaboration focuses on the management of unstructured information (e.g.: documents,
files…). The management of structured information is addressed by dedicated IT systems or
applications (one of those being CMIS, to support the handling of cases).
There are various general and generic scenarios, relevant for KPC, which can be identified as
good candidates for working with collaboration tools: on‐line discussions, management of
virtual meeting, comment and react on documents, find required expertise (communities),
sharing of information across borders, be alerted for updates on relevant information, etc.
In order to demonstrate there are more ways than the email driven way, and that there are
more effective and efficient paths of achieving collaboration goals, a list of ʺcollaboration
scenariosʺ shall be established by KPC. These scenarios shall be classified into three types of
collaboration:
1. ʺInternal Collaborationʺ, where collaboration takes place from inside the KPC
organization; and not accessible from the external world.
2. ʺOrganizational Collaborationʺ: where the KPC organization can collaborate with other
organizations across different sectors and geographies. Think for instance the
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 47
collaboration with KJC, or other administrations in other countries (European
institutions, judicial institutions from the Western Balkans in the field of the regional
cooperation, etc.).
3. ʺPublic collaborationʺ, where open collaboration takes place (through a web portal)
between KPC with the public or experts, possibly in other sectors. In particular, the
implementation of CMIS shall allow interactions with the web portal.
This classification is required in order to determine the appropriate collaboration tools that
are needed. A detailed assessment of the possibility of those tools shall be made in the
context of the KPC, for compliance with the general software choices, infrastructure capacity,
information security policies. This choice will also favour tools that can federate with similar
collaboration tools used by other organizations in relation with KPC. Also, those tools have
to be compliant with state and local laws.
In addition, KPC shall deploy and manage official governance. Failure to control the
diffusion of data results into a potential information leakage. The dissemination of content
also requires this governance model to monitor contributions, in order to delete
inappropriate or inaccurate information, facilitate when disagreements occur, ensure no
single voice dominates and maintain the content.
Also, the KPC shall ensure that the collaboration tools are adopted by the end‐users. It is not
because the adequate tools are made available that they will effectively use them! The KPC
will encourage the culture of openness and exchange through the usage of the new
collaboration tools. This topic is also covered in chapter 11, ʺStrategic Key Area 10 ‐ Process
Change Managementʺ.
6.3.2 Benefits
The drivers for adoption of collaboration tools for KPC are:
Increased productivity by reducing waste, improving error handling and facilitating real‐
time decision making.
Operational excellence as the quality and speed of decision making is enhanced.
Overcome time and distance constraints in an increasingly mobile and global workforce
(for instance, collaboration between the different prosecutorsʹ offices).
Traceability: a mean to audit efficiently and control the business processes according to
regulations and laws.
Sustainable know‐how management, by empowering and creating expert communities.
Partnership: a means to work in an open environment with strategic and tactical partners
to create innovative ways of performing the professional activities.
Access to new work forces that were previously inaccessible.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 48
7. Strategic Key Area 6 - Implementation Methodologies
7.1 Current Position CMIS is a large project, with several specific characteristics:
It covers a full lifecycle, from analysis to deployment into production.
It is planned to be implemented on a quite long period (four years).
It has to take into account the complexity of the processing and management of court
cases, and therefore, it is not guaranteed that all the requirements can be upfront locked.
To be effectively and efficiently implemented, it requires the active involvement and
feed‐back of users during all the project phases; in particular, during the analysis, the
development and the testing.
Therefore, KPC has to ensure that a standard set of phases composing the CMIS project
lifecycle will be carried out; and this, predictably, reliably and with focus towards
continuous improvement. To improve visibility, it is also required to foresee intermediate
results and a progressive validation of the project progress.
Hence, there is a need for suitable methodologies to support the execution of all the project
activities:
Choice of suitable implementation methodologies: iterative approaches.
Development of a coherent test strategy.
Co‐ordination between development and operation: DevOps approach.
Migration path: reuse of existing data.
Filling CMIS data.
7.2 Choice of Suitable Implementation Methodologies: Iterative Approaches
7.2.1 Rationale
In a ʺclassicalʺ methodological approach, also known as ʺWaterfall approachʺ, the project is
structured into distinct phases, with defined deliverables from each phase. Once a phase is
completed, the project proceeds to the next phase and there is no turning back. The major
drawback is that the users can only see the concrete results at the end of the project – and the
progress is hard to assess. As an additional consequence of this approach, the evolution of
the needs is difficult to take into account. This kind of approach leads to the so‐called
ʺTunnel effectʺ; when the user discovers after a quite long time an application that does not
fit (anymore) his requirements. This drawback is especially inconvenient when the
requirements are complex, not well defined upfront or frequently evolving.
Considering the characteristics of CMIS, KPC shall therefore avoid this approach and favour
an iterative approach. “To iterate” means to perform a project in multiple passes, each pass
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 49
improving progressively the result, until “finished” ‐ by adding at each pass new
functionalities.
Various declinations of iterative approaches are possible; the most suitable in the context of
CMIS being:
ʺRapid Application Developmentʺ, or RAD, is an iterative method that focuses on
developing a sequence of ʺprototypesʺ. A prototype is a ʺreducedʺ construction of what
must be built in real production; that is used to validate a solution, to prove a technical
feasibility or to explore a functional behaviour. A prototype allows having a
demonstrable, concrete system to be built in as little as one or two weeks. Since it is a
concrete and quite good image of the final result, it is considered as an effective way to
get feedback from users – and therefore, to quickly take into account their possible
requirements changes.
ʺAgileʺ approaches: Scrum. The so‐called ʺAgileʺ approaches focus on human‐ and
communication‐oriented rules and on shortening the life‐cycle of a project. Several
ʺAgileʺ approaches have been developed. Among the various Agile approaches, Scrum is
the most popular. Scrum is a framework that is used to manage complex product
development. It is a lightly controlled method, which insists on frequent updating of the
progress in work through regular meetings. Therefore, there is a clear visibility on the
project development.
Before to start the project, KPC shall assess these approaches, with the aim to decide what
method would be the more appropriated.
In addition to the iterative approach, the principle of a pilot deployment of new applications
shall also be adopted by KPC. A pilot consists into the progressive deployment of the system
from a small scale (e.g.; one or two prosecutorʹs offices) to a full‐scale. This approach allows
assessment of the new system (technical, organisational, users enthusiasm), to make a better
workload estimation and to identify a priori the difficulties related to the full‐scale
deployment.
7.2.2 Benefits
Iterative approaches are well adapted to complex IT domains. They allow a rapid
feedback from the users – they discover progressively if what it is implemented is
actually what they want.
Since many things may change along the way, these approaches offer flexibility to
address evolving requirements, which can be quickly addressed in the next iteration(s).
Also, the putting into production of the different iterations is progressive. It is therefore
easy to roll‐out new functionality in stages.
This approach allows higher motivation and greater productivity: the project
deliverables are available earlier, allowing both the business users and the project team to
regularly measure the progress of the project through concrete pieces of work.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 50
Finally, iterative approaches allow a better risk management:
‐ one can identify soon if a project is not “feasible”;
‐ design flaws are discovered quickly;
‐ they allow leveraging lessons learned, since there is little knowledge loss between
iterations and therefore, they allow to continuously improve the process.
7.3 Development of a Coherent Test Strategy Testing is obviously a mandatory activity during the implementation of CMIS and other
applications. Due to the increasing complexity of these systems (from a technical or a
functional point of view), KPC shall systematize and automate these tests. Furthermore,
testing is not only a matter of performing limited technical tests on some part of the software.
It is also a complete process, for which KPC shall guarantee that, during the development
phases, a separation is made into two distinct, mandatory phases:
Phase 1: preparation;
Phase 2: execution.
7.3.1 Standards
KPC shall foresee various tests when developing a system. Based on the ISTQB (International
Software Testing Qualifications Board), these tests are classified according to ʺtest levelsʺ and
ʺtests typesʺ.
7.3.2 Rationale
The ʺtests levelsʺ characterize the type of tests to be undertaken at each level of the project
lifecycle:
Unit tests: aim to test the smallest testable part of the system (during the development of
the system). The purpose is to ensure that the code behaves as expected – or will behave
as expected when the system is being changed.
Integration tests: allow to test the combination of several smallest testable part of the
system into an integrated aggregate.
System tests: also known as ʹFactory testsʹ: a set of qualification tests of the whole system,
before its delivery to the users.
Acceptance tests: the qualification tests performed by the users, after delivery of the
whole system.
The ʺtests typesʺ are performed at any of the test levels. There are different tests types, the
most usual being:
Functional tests: verify the functional requirements of the system;
Non‐functional tests: test the all characteristics from the system which are non‐functional,
such as performance, availability, security, production readiness…
Non‐regression tests: aim to find defects after a major change has occurred in the system;
Usability tests: assess if the user interface is easy to use and to understand.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 51
KPC shall undertake the execution of these tests levels and tests type for CMIS. The
organization of testing activities shall occur through a 2‐phases procedure:
Phase 1 – Preparation: encompasses the elaboration of:
‐ A Test Strategy Document (a high‐level document, describing the complete set of
tests activities, the roles involved in these activities, their responsibilities and the
scope of the tests activities)
‐ A Test Plan (that gives detailed information required for the practical execution of
testing).
Phase 2 – Execution: consists of the test execution according to the specifications of the
Test Strategy and the Test Plan. In the context of iterative approaches, KPC shall
automate the execution of tests campaigns; in order to:
‐ Automatically run ʺtests scriptsʺ, based on the description of the tests scenarios;
‐ Have KPIs to follow tests execution and defects: quality, progress;
7.3.3 Benefits
An accurate and detailed test preparation; allowing a straightforward test execution.
A demonstration that the business requirements are met, through the execution of
acceptance tests.
Thanks to test tools automation, tests can run fast and frequently, which is cost‐effective
for applications with a long maintenance life.
Extensive and structured testing leads to the deployment in production of a more reliable
application, hence a reduction of support and maintenance costs and an increase of end‐
users confidence.
7.4 Co-ordination between Development and Production: "DevOps" Approach
7.4.1 Rationale
DevOps is a way of working, where the Development (Dev) and Operations (Ops) teams are
working closely together as one team to deliver IT services, hence: DevOps. DevOps
encompasses the implementation of continuous delivery, continuous integration, automated
testing, application monitoring and other best practices in software development and
operations. It therefore requires a certain level of maturity in the organization of IT.
Of course, it is not only a matter of organization, but also of availability of tooling in order to
automate key‐processes in the development and operations (build, testing, quality control,
configuration management, deployment).
To start a DevOps implementation program, the KPC shall first assess the current ‘as‐is’
situation of the organization in a number of different DevOps key areas. Then, KPC shall
define a ‘to‐be’ situation based on the KPC organizations requirements and budget is
defined. This ʹAs‐Isʹ – ʹTo‐Beʹ evaluation is made using a DevOps maturity model:
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 52
Fig. 5: A proposed DevOps maturity model for KPC
Considering the current situation of KPC ICT, the Level 1 of this maturity model shall be
targeted. This level focuses on having processes documented and automated.
7.4.2 Benefits
Speed up of the production and deployment of new features and products.
Increase the reliability, stability, resilience and security of the production environment.
7.5 Migration Path: Reuse of Existing Data
7.5.1 Rationale
KPC already has at his disposal various applications or databases, containing relevant data,
or other specific, local applications developed on an ad‐hoc basis.
Whatever the new systems or applications being put in place, it would be counter‐
productive to not reuse these data. Hence, KPC shall implement a migration process; aiming
to identify the data to be migrated, to collect and to transform the existing sources and to
integrate them in the new systems.
Data migration is not only a technical process. It encompasses the following steps:
1. Identification and collection of source data, from the various existing applications ‐ or from unstructured sources, correction and enhancement (ʺdata cleansingʺ) of those
collected source data and data archiving (to reduce the amount of data that needs to be
migrated).
2. Transformation of the source data to a target compatible format.
3. Import of target data to target applications. 4. Verification that the target data conforms to business and technical constraints.
Those steps will be fully detailed by KPC during a preliminary study phase; to be
undertaken before the data migration itself.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 53
7.5.2 Benefits
The following benefits are consequent of a structured data migration strategy:
Improvement and extension of the data lifecycle; thanks to the reuse of the data.
Improvement of the data quality; thanks to cleansing activities and the validation of data
integrity.
Decrease of production incidents; thanks to a better data quality.
7.6 Filling CMIS Data
7.6.1 Rationale
The progressive introduction of CMIS in production requires to proper handling of the
processing of previous, current and new cases. The following scheme shall be followed as
soon as CMIS is operational:
Electronic data entry for new cases shall be performed by the KPC users as they are
received. No coexistence of manual processing and electronic data entry shall be
permitted.
All on‐going cases shall be scanned by an external company (to be selected). Together
with the KPC users, this company will perform the data entry of these cases in CMIS
according to their progress.
All old cases (closed) shall be scanned and entered in CMIS by this external company.
7.6.2 Benefits
A structured approach that guarantees the continuity between the current way of
working (manual) and the new one (electronic).
No loss of information due to the introduction of the new system.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 54
8. Strategic Key Area 7 - Adequate Software Platform & Tools The Software Platform & Tools activities which will be implemented during this strategic
plan are the following:
Implementing software architecture.
Use of standard protocol for information exchange.
Selection of a suitable scanning solution.
Use of adequate collaboration tools.
Implementing witness protections systems.
8.1 Implementing Software Architecture
8.1.1 Current Position
Taking into account the ambitions of CMIS, KPC needs to deploy state‐of‐the art
technologies for its implementation.
The current de‐facto standard for the software environment is the suite of Microsoft
products. Indeed, KPC takes advantage of the benefits of an Enterprise Agreement between
MPA and Microsoft, allowing for better financial conditions for the acquisition of licenses. It
is therefore reasonable to consolidate the software choices around this suite.
8.1.2 Rationale
8.1.2.1 Licenses management
As stated in § 2.4, KPC shall initiate a memorandum of understanding with the MPA in
order to agree that software licenses provided by MPA will remain available in the future for
KPC.
However, in the event that this memorandum of understanding could not be agreed, or
should be interrupted, mitigation actions must be identified, in order to allow KPC to still
have the suitable licenses at its disposal.
KPC shall therefore turn to software markets, in order to negotiate on its own the licenses
agreements with selected software providers.
8.1.2.2 Development framework
Together with the Working Group, KPC has opted for the usage of the .Net framework for
the development of CMIS and other future KPC applications.
This framework, developed by Microsoft, provides an object‐oriented programming
environment. It allows minimization of the efforts required for software deployment.
8.1.2.3 Database system
The amount and criticality of data handled by CMIS and further applications to be
developed require the use of the Database Management System (DBMS) that is centralized
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 55
(not disseminated), reliable (no failure), performant (short access times and the capacity to
process high data volumes), secure (protection of data) and scalable (able to cope with
increase of data volumes).
KPC shall put these requirements in the specification of CMIS, in order to get an adequate
proposal for a DMBS, which must also be compatible with the software architectural choices
previously described.
Also, for compliance with these architectural choices, current applications built on top of MS
Access and Excel shall be phased‐out and replaced by similar CMIS functions – or by
additional applications to be developed (see ʺStrategic Key Area 2 – Application
Landscapeʺ).
8.1.2.4 Reporting
Court and prosecutor’s office statistics and reports must be automatically generated. The
number and quality of reports will make it possible for every user to manage successfully
their work and case load. All manual entries in the registry and auxiliary books as well as on
case file folders have to be abandoned.
KPC shall investigate which is the most appropriate way to generate reports. There are in the
market easy reporting tools which can be implemented at KPC. The development of
customized reports by the ICT resources will have higher maintenance cost then the market
reporting tools packages.
8.1.2.5 Additional tools
The usage of complementary tools for improving the quality and efficiency of the
developments shall be ensured:
Software versioning: like Apache Subversion; a complete software versioning and
revision control system distributed as free software under the Apache License.
Test tool automation: like Visual Studio Test Professional, allowing to define, conduct
and automatically run test scenarios. JMeter, as free software under the Apache License,
can also be used for load testing (analysis and measure of the performance of the
developed application).
8.1.3 Benefits
The architectural choices are compliant with the current architectural choices already
jointly made by KPC & KJC.
In addition, the IT competence mastering this environment already exists inside KPC,
hence minimizing the efforts required for additional training.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 56
8.2 Use of Standard Protocol for Information Exchange
8.2.1 Current Position
The requirement for CMIS to interoperate with IT systems of other Kosovo administrations
(e.g.; policy, civil register…) or later with other EU systems, demands the adoption of open
standards allowing the electronic bi‐directional exchange of information.
A prerequisite to this interoperation is the existence of a legal framework allowing the
availability of information under an electronic form.
8.2.2 Rationale
When the interoperability criteria have a high priority, the usage of Web Services is required.
This is the case when implementing CMIS as well as other support applications at KPC. Web
Services allow interconnecting different, heterogeneous applications ‐ no matter the
operating systems or programming languages of these applications. Web Services provide a
secure access to data; since they control access to the data and services they make available to
other applications.
Also, Web Services favour the reusability and protect applications using them from further
changes (providing that the interface of the Web Service do not change).
8.2.3 Standards
The interoperability of Web Services is possible because they rely on open standards:
XML: Extensible Mark‐up Language ‐ a mark‐up language designed to describe data.
SOAP: Simple Object Access Protocol – the communication protocol used by Web
Services.
WSDL: Web Services Description Language ‐ allowing a standard description of a Web
Service.
UDDI: Universal Description, Discovery and Integration – a registry allowing to publish
and to find Web Services.
8.2.4 Benefits
Electronic exchanges of information between systems reduce the risks of poor quality of
data, due to ʹmanualʹ replication or copy of information sources.
Web Services offer a technology allowing secure interoperability, based on standards,
independent for any platform and insulated from further changes.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 57
8.3 Selection of a Suitable Scanning Solution
8.3.1 Current Position
For the time being, KPC has no appropriate scanning solution. This kind of system is
required in order to digitize the paper flows (documents) processed by KPC; i.e., to scan,
organize and store these documents.
ʺDigitizeʺ means two things:
Document scanning, which is the process of converting a paper document into an
electronic representation – or ʺimageʺ.
Data scanning, which is the ability to automatically extract and recognize specific
information in the document, in order to create indexes that will allow the further
processing of these documents by CMIS.
8.3.2 Rationale
KPC shall undertake a market analysis, in order to select an appropriate scanning solution.
The selected solution shall be able to scan both structured (like forms) and unstructured
(free‐text) documents.
Obviously, the volume of documents shall also be taken into account during the selection
process. Therefore, the proposed solution shall support both batch scanning (ʺstacksʺ of
documents for large volumes), but also the scanning of individual documents (small
volumes). The speed of scanning shall also be a key criterion, in order to provide the highest
throughput possible.
The following minimal list of requirements shall also be mentioned for the selection process:
Quality control and image optimization (ʺcleaningʺ of bad quality original documents).
Automatic recognition based on optical character recognition (OCR, printed text),
Intelligent Character Recognition (ICR handwritten text) and Optical Mark Recognition
(OMR, for among other checkboxes on pre‐printed forms).
And of course, the possibility to transfer the scanned documents and data to CMIS.
8.3.3 Benefits
A scanning solution is the cornerstone of any document management system, by allowing
the dematerialization of documents.
8.4 Use of Adequate Collaboration Tools
8.4.1 Current Position
In ʺStrategic Key Area 5 – Collaboration ʺ, the disadvantages of using only E‐mail as a
collaboration technology; as well as the need of implementing new collaboration solutions
have been detailed.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 58
In addition, the web sites http://www.kpk‐rks.org uses PHP technologies, that are not
maintained nor supported by KPC ICT staff.
8.4.2 Rationale
Two families of collaboration tools shall be considered:
Synchronous collaboration tools; allowing real‐time communication and collaboration
(e.g.: messaging, chat rooms, audio conferencing, video conferencing, on‐line meetings
capacity, screen sharing for presentations, presence indication…).
Asynchronous communication tools: allowing communication and collaboration over a
period of time (e.g.: e‐mail, discussion boards, streaming audio or video, sharing of
document libraries, Wiki facilities etc.).
KPC shall undertake a market research, in order to determine the tools (commercial or open
source) that are the most suitable for its usage.
In parallel, KPC shall ensure:
The migration of the web site http://kpk‐rks.org towards a comprehensive Web portal
structure, dedicated to all prosecutorʹs offices. The portal shall allow different levels of
access control, in order for each specific prosecutor’s office to securely publish its own
public or private information.
8.4.3 Benefits
The acquisition and deployment of those solutions will allow a cost‐effective provision of the
full range of collaboration facilities, such as presented in the ʺStrategic Key Area 5 –
Collaboration ʺ.
8.5 Witness Protections Systems
8.5.1 Current Position
There are no witness protections ICT systems, with audio and video multimedia technology,
to guarantee the confidentiality of the information.
8.5.2 Rationale
In order to ensure adequate protection for witnesses, but at the same time, to create lawful
trial environments, KPC shall invest significant efforts to design and implement witness
protection systems.
Prosecutors’ Offices will be equipped with audio and video multimedia technology. Audio
and video distortions will be used to further prevent unauthorized identity identification of
protected witnesses. Deliberate distortion or encoding of audio/video signals, is done
through an electronic device (scrambler) or /and software to prevent unauthorized reception
in ʹplainʹ or ʹreadableʹ form.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 59
Also, KPC shall install adequate video conferencing lines between prosecutor’s offices and
other institutions dealing with security, as well as with similar institutions abroad.
8.5.3 Benefits
Enabled remote testimony for witnesses.
Reliable protection systems for the witnesses.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 60
9. Strategic Key Area 8 - Support and Maintenance
9.1 Current Position The support and maintenance services are currently organized in such a way that only
responsive actions are taken by the ICT resources at KPC in case of problems – not proactive
ones.
There is a central ICT service in Prishtina which manages all aspects of ICT, and there is
decentralized ICT support staff for each regional office, which helps Prosecutor’s Offices on
and ad‐hoc basis in their daily activities.
In order to organize the support services and have more proactive vs. responsive actions,
KPC shall implement the following services:
Service Support.
Service Delivery.
9.2 Standard KPC shall organize the support services based on the IT Infrastructure Library® (ITIL). ITIL
is the most widely accepted approach to IT Service Management (ITSM) in the world. It
consists of the best practice framework that has been drawn from both public and private
sectors internationally. It describes how IT resources have to be organized to deliver business
value, by documenting the processes, functions and roles of ITSM.
9.3 Rationale Given that ITIL provides a large framework of possibilities to be used, KPC shall apply the
following services to be delivered by ICT as described in ITIL:
Service Support, and
Service Delivery.
9.3.1 Service Support
The service support focuses on the Users of the IT services and is primarily concerned with
ensuring that they have access to the appropriate services to support the business functions.
In that sense, KPC shall ensure that a service desk is in place which provides the following
services to the end‐users:
Incident Management: is about restoring the normal services in order to minimize the
adverse impact on the prosecutors and support staff activities, and to ensure that the best
possible levels of service quality and availability are maintained. In that regard, the KPC
service desk shall :
– Implement workflow process of incident management (escalation and resolution);
– Classify the incidents;
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 61
– Assess impact and urgency;
– Allocate a priority.
Problem Management: is about the investigation of an unknown underlying cause of
one or more incidents, in order to propose ‘structural changes’ and to avoid the
repetition of those incidents in the future.
Configuration Management: is about providing accurate information about the ICT
assets of KPC. In that regard, the KPC service desk shall implement and maintain a
configuration management data base (CMDB).
Deployment (release management): is a collection of authorized changes into the
production environment. It consists of a number of problem fixes and enhancements to
the service and it can include software, hardware and documentation.
Change Management: is the ability to manage the volume of changes needed by KPC,
with a minimum adverse impact on services. In that sense, the KPC service desk will:
– Ensure that impacts, costs and risks are assessed;
– Ensure that all changes are authorized;
– Provide control through a standard framework and discipline for changes.
9.3.2 Service Delivery
The Service Delivery is the set of proactive services that KPC must deliver in order to
provide an adequate support to the end‐users. To this end, KPC shall implement the
following:
Service Level Agreement (SLA): is a ʺcontractʺ between end‐users and KPC, to ensure
that all ICT services are:
– Agreed upon with the prosecutors, prosecutor’s offices and support staff;
– Actually delivered in accordance with the agreement in order to meet business needs.
Financial Management of ICT services: the objective of this service is to manage the:
– Budgeting: predict and control the spending of money, and
– Accounting: identify and monitor the actual costs of ICT services.
Capacity Management: is about having the right capacity at the right place at the right
time at the right cost. The scope of capacity management mainly includes the hardware,
the software, the networks and, potentially, the people.
Continuity Management: is about the prevention and recovery, in order to reduce risks
through counter measures, to evaluate recovery options and to select the suitable
recovery options.
Availability Management: the percentage of the agreed service hours for which the
component or the service is available. The objective is to optimize the capability of the
ICT to deliver cost effective and sustained level of availability that enables the end‐users
to satisfy their business objectives.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 62
9.4 Benefits ITIL will provide to KPC a systematic and professional approach for the management of IT
service provision and will offer to the users a huge range of benefits:
Reduced costs.
Improved IT services through the use of proven ʺBest Practiceʺ processes.
Improved customer satisfaction through a more professional approach to service
delivery.
Standards and guidance.
Improved productivity.
Improved use of skills and experience. Improved delivery of third party services through
the specification of ITIL or ISO 20000 as the standard for service delivery in services
procurements.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 63
10. Strategic Key Area 9 - Human Resources
10.1 Current Position Even if KPC has already at disposal a valuable pool of IT competences, the implementation
and maintenance of CMIS (and other applications) require having at disposal a wide range of
skilled ICT profiles.
However, skilled ICT profiles remain difficult to hire and to retain. This situation is due to
one side, to the increasing demand for these competences in Kosovo; and on the other side,
to the relative high market salary applicable in this professional sector. Furthermore, salaries
are fixed in the public sector: this situation makes the difficulty even higher for KPC to have
at disposal the required human resource basis.
In addition, all the current hiring procedures and management of the information concerning
civil servants are centrally managed by the MPA. Moreover, the procedures which needs to
be followed up concerning the hiring of new people provided by the MPA are very heavy
and restricted and not adapted to the requirements of KPC.
Therefore, both ad‐hoc and structural measures (on the long term) must be taken to remedy
this situation. In that sense the following will be ensured by KPC during this strategic plan:
Implement Regulatory Changes.
Development of multiannual hiring plan.
Maintaining existing competences.
Outsourcing of resources.
Organization of the support team.
End‐Users training: Training Officers.
10.2 Rationale
10.2.1 Implement Regulatory Changes
As described in the §2.3 Regulatory Changes within KPC’s responsibility, KPC shall adapt
the working procedures which needs to have a regulatory basis.
10.2.2 Development of the Multiannual Hiring Plan
KPC shall re‐enforce a strong in‐house competence team, made of various profiles that are
needed for the implementation of this strategic plan. At least, for the first year of the strategic
plan, the list of profiles to be found includes (but not limited to):
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 64
Fig. 6: ICT human resources organization
The Infrastructure and Software Units are operating under the leading of the Head of ICT.
The IRM Security Officer is a specialized profile in Information Risk Management, such as
explained in § 5.10, ʺImplementing Information Technology Risk Managementʺ.
The description of these profiles, their priority, the process of selection of experts and their
required amount shall be detailed in a hiring plan, which is to be revised on an annual basis.
This review aims to assess if the hiring goals are attained for the year and to update further
objectives.
KPC shall ensure that sufficient budget is provided for hiring ICT specialist.
10.2.3 Maintaining Existing Competences
In order to maintain and achieve the objectives of this strategic plan, only a hiring plan is not
sufficient. KPC shall maintain and re‐enforce the competences, and shall also establish
training programs for the existing ICT staff. These programs focus on the existing (or future)
technologies used by KPC, on the methodologies (e.g., ITIL, Scrum…), on the business and
legal aspects required for a reasoned implementation, and on additional soft skills that could
be required. Preferably, those programs shall be accompanied by a certification, in order to
demonstrate the value of the learning. Attendance to these trainings shall be defined as a
professional objective for each team member; possibly together with incentives.
The training programs shall be established on a yearly basis for the whole staff; by defining
the nature of the training, certifications according to the needs of the ICT staff members. The
annual review of this plan will allow to evaluate if the training objectives are attained and to
update the goals for the next years.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 65
10.2.4 Outsourcing of Resources
Hiring and training are to be considered as quite long‐term objectives – but limited to the
period of this strategic plan. Meanwhile, until the ICT staff does not include all the required
resources, the implementation of CMIS or other projects will be partially outsourced.
ʺPartiallyʺ means that critical resources mean to be insourced, while specialized technical
competencies may be momentary outsourced to private companies to develop, maintain and
operate the KPC ICT environment.
However, to avoid the pitfalls of an uncontrolled outsourcing, the awarded company for the
development of CMIS (or other companies for other applications) shall include in his
proposal a knowledge transfer activity, toward the existing KPC ICT team. This activity
should include two components:
The organization of an extensive training activity, which will address all the details of the
proposed technical architecture. This training shall be given to the existing KPC ICT staff
involved in the development of CMIS.
The organization of a ʺmixed‐teamʺ during the implementation project. Here, the KPC
ICT resources will work together with the external companyʹs team; in order to
effectively involve these resources in the development of CMIS (or other applications).
To this end, the selected provider shall provide KPC with a detailed project organization
scheme, including a clear description of the shared responsibilities for the production of
the project deliverables.
By doing so, KPC will have the guarantee to become the ʺfull ownerʺ of the solution that will
be developed.
10.2.5 Organization of the Support Team
Considering the scope of CMIS, the end‐users will be fully dependent on an effectively
functioning ICT environment. Therefore, the organization of a dedicated Support Team is
necessary to guarantee a sufficient level of permanent ICT support at the level of the
prosecutorʹs offices.
This team shall deliver the services such as described in ʺStrategic Key Area 8 ‐ Support and
Maintenanceʺ; mainly:
Service support, and
Service delivery.
These services shall be organized trough a ʺ3‐levelsʺ organization:
Level 1: is performed by the Regional Support Officers, present in the different
prosecutorʹs offices, under the leading of a Support Officer. The Regional Support
Officers are the single point of contact for the collection and first analysis of incidents (or
problems, or questions) reported by the end‐users. Eventually, a central help desk for the
end‐users advanced support needs will be established at KPC level. If the required
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 66
service cannot be delivered by the Regional Support Officers; it is reported to the second
level.
Level 2 is composed by the KPC ICT profiles either member of the Infrastructure Unit, or
the Software Unit. They proceed with the analysis of the reported issue; possibly in
collaboration with other KPC officers. If the required service cannot be delivered by the
second line of support, it is reported to the third level.
Level 3 is generally outside the KPC organization; and provided by third‐parties, such as
the software editors (for problems related to the commercial software used by the KPC),
or the external companies involved in the development of the application.
The Support Team shall be placed under the supervision of a ʺService Delivery Managerʺ,
who is the primary responsible for ensuring the smooth running of the KPCʹs ICT systems,
ensuring the end‐users get maximum benefits from them. He also has to establish policies in
order to reach the targets defined in the service level agreement; he monitors the Support
Team members and evaluates the end‐users feedback to develop quality improvement
processes.
10.2.6 End-Users Training: Training Officers
Training officers are responsible for identifying end‐users training needs, and for planning,
organizing and overseeing adequate training for everyday and undisrupted usage of KPC’s
systems. KPC will take the required measures making the training mandatory for all users in
need of it. If felt necessary, adequate measures should be taken in order to overcome
unexpected resistance (through change management or more coercive actions).
Training shall cover various aspects:
Basic ICT training for end‐users (prosecutors and support staff).
Use of the applications put at the disposal of end‐users: CMIS, collaboration tools…
Security education and awareness.
The organization of these training activities shall be detailed in a multi‐year training plan;
which is regularly reviewed in order to evaluate if the training objectives are attained and to
update the goals for the next years.
10.3 Benefits The required variety of skills and profiles available for the implementation, maintenance
and support of CMIS and future applications.
Reduced dependency vis‐à‐vis external providers.
A controlled management of the future needs, thanks to the establishment of hiring and
training plans.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 67
11. Strategic Key Area 10 - Process Change Management
11.1 Current Position One of the main obstacles to the adoption of new ICT systems is the lack of knowledge on
the information technology topics by the users.
KPC has already undertaken significant efforts in terms of training to assist prosecutors,
prosecutorsʹ offices and administrative units in the introduction of new ICT tools. These
efforts are fostered by the highest level of the hierarchy.
KPC perfectly understands that the deployment of new ICT tools affects directly the day‐to‐
day activities of its officers, and must therefore be monitored and supervised in order to
facilitate change management and to guarantee the support of the majority. User training is a
crucial condition for success of this type of deployment.
To be fully effective, these training efforts should be supplemented through a broader
change management policy. KPC shall also foresee wider communication and information
channels, adapted to the need of support and coaching – as well as specific activities linked
to the implementation of these changes.
11.2 Rationale When introducing a new system, a new application…, change management aims to create a
climate of understanding, participation and enthusiasm from all those are impacted in their
daily work by this change. It is a key factor in the success and effectiveness of the
introduction of a change – as the deployment of a new IT system.
Various methods are possible to achieve this goal, in that regard KPC will refer to the
ADKAR model. This model has been formalized by Prosci, based on psychological studies
on individual behaviour in relation to the change.
Briefly, this model considers that for an individual to actually adopt a change, it must go
through five phases, namely:
Awareness: this phase aims to make the concerned users aware of the changes that will
happen.
Desire: this change process aims to create a positive attitude towards the change and to
appease the concerns.
Knowledge: this phase of the change process aims to create an understanding about the
impact of the new way of working.
Ability: this phase of the change process intends to facilitate the rapid and effective
adoption of the new system
Reinforcement: It is not only a phase, but a complete process to set up in order to
strengthen the individuals in their new way of working, to sustain the change and to
help to grow thanks to feedback.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 68
The following picture depicts the appropriate accompanying activities for each of these
phases:
Fig. 7: Accompanying activities for the five phases of change management
Obviously, the communication is the leitmotiv through all the phases of change. KPC shall
establish a communication plan with the project managers, an appointed communication
team and the management. This communication plan is made of 7 steps, as depicted in the
figure below:
Fig. 8: A 7‐steps communication strategy
The goal of these steps is to define, for each ADKAR phase:
1. The communication objectives.
2. The target groups to be addressed.
3. The organizational aspects needed for the performance of the communication plan.
4. The key messages to convey.
5. The communication media to be used (mail, newsletter, seminars, intranet…).
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 69
6. The communication actions and their timing.
7. The evaluation of communication actions, in order to refine the following additional
actions or to define new ones.
11.3 Benefits Thanks to an effective application of a change management strategy, the KPC staff feels
supported and understands the change process and the underlying vision. Therefore, he
is placed in a better position to be ready to accept the change.
Change management builds commitment to work together and to develop more for the
future.
By creating a communication plan that considers all the individuals and teams involved
in the change, KPC will increase the success rate and the efficiency of any ICT project.
With the right people involved, inefficiencies and waste are reduced, and costly projects
that do not reach their ultimate goals are avoided.
Kosovo Prosecutorial Council ICT Strategic Plan 2015‐2020
Page 70
Annexes
KPC ICT Strategic Plan - Working Group
Participants Position
Sylë Hoxha Acting Chief State Prosecutor – State Prosecution
Jetish Maloku Chief prosecutor ‐ Basic Prosecution – Gjilan
Shpresa Bakija Chief prosecutor ‐ Basic Prosecution – Gjakovë
Shkëlzen Maliqi General Director – Office of Secretariat Director
Zana Imami Head of registers office – Basic Prosecution Pejë
Nexhat Haziri Head of ICT section KPC
Naser Hasani Head of Statistical Office
Lulzim Sylejmani Prosecutor –Prosecution Appeal – Prishtinë
Valdet Gashi Prosecutor – Basic Prosecution – Prishtinë
Naim Beka Prosecutor – Basic Prosecution – Mitrovicë
Ariana Shajkovci Prosecutor – Basic Prosecution – Prizren
Burim Qerkini Prosecutor – Basic Prosecution – Ferizaj
Ardian Bajoku Manager of General Services Office
Sadri Krasniqi Manager of Human Resources Office
Basri Kastrati Manager of Protection & Assistance to victims Office
Fatmir Rexhepi Head of ICT section KJC
Ilir Hetemi Database Administrator ‐ ICT section KPC
Fidaim Beka Network administrator ‐ ICT section KPC
Agron Osmani IT officer ‐ ICT section KPC
Jean‐Louis Bottiau ICT expert
Bashkim Bitiki ICT expert
Top Related