Statement of Information Services on a question from a Member of Parliament

With reference to question No 49-354-06-1099 of 05.07.2023 from a MP, forwarded by the Ministry of Electronic Governance (the question of the MP can be found in the attached file, in the link after the text*), we present the following opinion.

1. Concerning the allegation that Information Services is neither a state enterprise nor a private company".

Information Services is a commercial company, registered under the Commercial Act, in which the Bulgarian State owns 99.49% of the capital, and the remaining 0.51% of the capital is owned by 2692 shareholders - natural persons (as of 18.06.2023). The Company is a public company as defined in article 2, paragraph 1, item 1 of the Public Companies Act (PCA) in the category of 'large companies' as defined under article 4 of the PCA considered together with article 19, paragraph 5 of the Accounting Act. Information Services is not a state-owned company within the meaning of article 62, paragraph 3 of the Commercial Act.

Pursuant to § 45, paragraph 1 of the Transitional and Final Provisions to the Act on Amendments and Supplements to the Electronic Governance Act, the system integration under Chapter One "a", Section IV of the Act is carried out by Information Services. Pursuant to § 45, paragraph 2 of the Transitional and Final Provisions to the Act on Amendments and Supplements to the Electronic Governance Act, by Decision of the Council of Ministers No 727 of 5 December 2019, as subsequently amended and supplemented by Decisions of the Council of Ministers No 358 and 419 of 2020; No 203, 371, 466, 471 of 2021; No 127, 139, 447, 522, 736, 960 and. 977 of 2022 and Decisions of the Council of Ministers No 126 and 298 of 2023, the Council of Ministers has designated the administrative authorities which, in the performance of their functions related to system integration activities, shall assign the performance of these activities to the System Integrator Information Services.

In the European Union, state structures with identical functions are:

• - in Italy - Sogei - Società Generale d'Informatica S.p.A. (a commercial company owned by the Ministry of Economy and Finance, which focuses only on the public sector - for all activities related to computer technology, and acts as a central purchasing authority);
• - in Poland - the Centralny Ośrodek Informatyki (a specialised body established by the Minister of the Interior and Administration to carry out public tasks in the field of e-services, computerisation, telecommunications and ICT, and information management; provides services to the public sector and other structures);
• - in Austria - the Bundesrechenzentrum (BRZ) (a commercial company owned by the Federal Government, which can carry out all kinds of activities and IT services in the administration - the company is the most important and largest provider with a market share of around 55 %; provides services to the public sector and other structures);
• - in Croatia - APIS IT commercial company, owned by the Republic of Croatia and the City of Zagreb, which can carry out all kinds of activities with information systems, system integration, IT solutions, shared access to information resources, consultancy services, maintenance of central registries, consolidation of public information infrastructure and creation of a private cloud of public administration, etc., with a focus only on the public sector, acting as a central purchasing authority;
• - in Germany - BWI GmbH, ITZBund, IT-Systemhaus - a commercial company and specialised entities (not administrative bodies) of the ministers of defence and finance, and the employment agency – they carry out all kinds of activities and IT services, with BWI GmbH working for the Bundeswehr and ITZBund being the administration's main partner; BWI GmbH and ITZBund provide services only to the public sector, and ITSystemhaus – to other structures as well;
• - in Estonia - Riigi Infosüsteemi Amet (RIA) - a specialised entity with management and public functions, to the Minister of Economic Affairs and Communications, which develops national IT systems and ensures national cyber security and the functioning of the secure e-state; manages the state network and provides security for e-elections, digital identity, provides services to the public sector and to other structures;
• - in Portugal - Centro de Gestão da Rede Informática do Governo (Ceger) - a specialised entity (not an administrative body) to the Prime Minister or a member of the government to whom it is delegated; it ensures all necessary ICT support for government needs and provides services only to the public sector.

2. Regarding the allegation that the state "has no control over the way its service prices, which are calculated in man-hours, are formed“.

By Decision No 481 of the Council of Ministers of 14 July 2020 were adopted the "Guidelines for unification of the practice of definition and implementation of the system integration activities under article 7c of the Electronic Governance Act", which regulate the subject scope, organization and implementation of the system integration activities. The determination of the estimated cost of system integration services and the activities that ensure their implementation is regulated in Section IV “Planning the award of the systems integration contract”, 5 of the Guidelines. The estimated value is determined by the administrative authority in conjunction with the systems integrator on the basis of previous or existing contracts for identical or similar services/activities, taking into account possible changes in market conditions. Where a particular service or activity is being procured for the first time or cannot be determined as specified, the estimated value is determined jointly by the administrative authority and the system integrator, ensuring economic, effective and efficient planning and expenditure of public funds to achieve the required quality. The determination of the estimated cost is based on specific requirements (technical parameters) for the planned Integrated Computer Systems (ICS), including functional and non-functional ones. The determination of the estimated cost of supply is based on a survey of leading manufacturers of the relevant inputs.

Information Services has implemented a Time and Attendance System for employees working on projects since the beginning of 2017, which provides the opportunity for employees to join all internal and external projects and activities carried out by them. Reporting in the system is mandatory for employees and is done on a daily basis, for every thirty minutes of time worked. At the end of the month, the reported time is verified and confirmed by each project manager.

Also, based on the information of individual employees, projects or activities, the performance of individual phases is analysed, leading to more efficient resource management. In order to determine the cost of each service, the number of man-months required for its implementation is determined by estimating the actual employment of the team of experts involved in the project, according to the proposed implementation period. For each project, a budget table is created containing detailed estimates of the resources needed to implement the project activities.

The System Integrator's pricing model includes coverage of the net cost and risk premium incurred in performing the system integration, including a reasonable conservative profit. Information Services' website, https://www.is-bg.net/bg/presentation-2021, provides information on the average revenue generated by the provision of system integration services and activities in 2021, which is 4.3% revenue to the Company (not profit). For 2022, the revenue value for the company is almost identical - 5%.

3. Regarding the allegation that "following a Decision of the Council of Ministers No 727, a large part of the administration is obliged to directly outsource all its IT software and hardware procurement to Information Services, which writes the Terms of Reference itself and sometimes also tenders the projects on behalf and at the expense of the administrations".

Pursuant to § 45, paragraph 2 of the Transitional and final Provisions to the Act on Amendments and Supplements of the Electronic Governance Act (EGA) by Decision of the Council of Ministers No 727 of 5 December 2019, with subsequent amendments and additions by Decisions of the Council of Ministers No 358 and 419 of 2020; No 203, 371, 466, 471 of 2021; No 127, 139, 447, 522, 736, 960 and Ni 977 of 2022 and Decisions of the Council of Ministers No 126 and 298 of 2023, the Council of Ministers has designated the administrative authorities which, in the performance of their functions related to system integration activities, assign the performance of these activities to the System Integrator Information Services. Pursuant to § 9 of the Transitional and Final Provisions to the Act on the Amendment and Supplement to the Bulgarian Telegraph Agency Act (BTA) (The Gazette No 20 of 2021), the system integration activities within the meaning of article 7c of the EGA in the BTA may be carried out pursuant to § 45 of the Transitional and Final Provisions to the Act on the Amendment and Supplement to the Electronic Governance Act (The Gazette No 94 of 2019; amended by The Gazette No 102 of 2019). Presently, 23 administrations fall within the scope of the system integration, representing 3.9% of the total number (583) of administrations according to the Administrative Register.

By Decision of the Council of Ministers No 203 of 11.03.2021 the National Health Insurance Fund (NHIF) was included in the list of administrative authorities which, when performing their functions related to system integration activities, outsource the performance of these activities to the System Integrator Information Services. Nearly 3 months later, by Decision of the Council of Ministers No 471 of 30.06.2021, the NHIF was excluded from the list. Subsequently, in 2022, NHIF purchased 125 desktop computer configurations with a nearly 60% higher price and worse technical parameters compared to the desktop computer configurations supplied by Information Services, which resulted in over BGN 101 thousand losses for the NHIF budget. In 2023, the NHIF is included again in the list of administrative authorities and currently has signed a master contract for system integration which is in the process of being implemented.

Pursuant to Section VI, paragraph 1 of the Guidelines, the administrative authority awards the System Integrator a system integration contract pursuant to § 45, paragraphs 1 and 2 of the Act on Amendments and Supplements considered together with article 7c of the Electronic Governance Act. The services subject to the contract and the requirements for their performance are regulated in a document titled "Technical Parameters", which is an integral part of the system integration contract. Where a Master Contract for System Integration is implemented, the assignment of the activities provided for in the Schedule for the relevant budget year is made by means of requests with attached Technical Parameters in accordance with the terms of the Master Contract. Section V, items 4.1 and 4.2 of the Guidelines stipulates that the Technical Parameters document has to contain only technical parameters, functional and non-functional parameters (where applicable) and the desired level of service provision (where applicable). Where the Technical Parameters document is prepared by the administrative authority, it has to be agreed in advance with the System Integrator. Where the administrative authority does not have the possibility to prepare the Technical Parameters document, it shall be prepared by experts of the System Integrator, after analysis, taking into account the specifics of the activity, the needs and requirements of the administrative body. In all cases, the Technical Parameters document is to be signed by the administrative authority, which is the contracting authority for the system integration contract. The participation of Information Services’ experts in the preparation of the Technical Parameters document is dictated by the need for specific IT expertise, which the administrations do not have. The company's experts have over 3,000 certificates and attestations for training and qualification courses. Recognition and proof of the professionalism and knowledge of Information Services' experts are the awards for:

• First place in the category "Sector Project of the Year" at the annual PMAwards 2023 of the Project Management Institute Bulgaria for the project "Optimization of the Single e-Justice Portal to create conditions for increasing access to e-justice for citizens and legal entities". PMI Bulgaria Chapter is the Bulgarian division of the international organization PMI - Project Management Institute is a US-based non-profit professional project management organization;
• “Business Analysis Project of the Year 2019" of IIBA Bulgaria for the project "Unified Court Information System". IIBA Bulgaria Chapter is the Bulgarian division of the International Institute of Business Analysis (IIBA), the world's leading professional association in the field of business analysis.

According to the Master Contract concluded with the Registry Agency, the signed plan - schedule for 2022 includes the project "Implementation of the software module "Human Resources" to the unified automated filing system of the Registry Agency, digitalization, indexing and entry of the records of the employees of the Registry Agency into the module", for which, in accordance with the Guidelines, a Technical parameters document was prepared jointly with the administrative authority and, in accordance with the defined scope of the activity, was valued at BGN 21 thousand net of VAT. In August 2022, the Registry Agency announced a public procurement procedure titled "Digitization, indexing and entry of the records of the employees of the Registry Agency into a software module in accordance with the Regulation on the type and requirements for the creation and storage of electronic documents in the employment record of the employee" with an estimated cost of BGN 150 thousand, net of VAT (https://app.eop.bg/today/226701), which exceeds seven times the value of the project determined by the system integrator, i.e. the budget of the Registry Agency suffered a loss more than BGN 154 thousand.

In cases where system integration activities are procured under the Public Procurement Act (PPA), Information Services must, when drafting the Technical Specification for the procurement, comply with the requirements specified in the Technical Parameters document. In cases where the subject of the procurement is the development, upgrade or implementation of information systems or electronic services, the Technical Parameters have to be accepted for implementation after certification of compliance by the Minister of Electronic Governance pursuant to article 58b, item 1 of the Electronic Governance Act. As a System Integrator, Information Services has the possibility to define the requirements to the candidates and participants as selection criteria related to the suitability, economic and financial standing of the participants, which may limit the range of interested parties. However, this possibility is not used by the company in order to ensure a level playing field and not to restrict competition. With regard to the subject matter of the public procurement, when supplying tangible and/or intangible assets, it is a mandatory requirement that the products supplied are new, unused, in the manufacturer's current production list and complying with the Bulgarian standards for degree of protection and electromagnetic compatibility, and that the supplies are made by official representatives of the manufacturer applying certified quality management systems.

In the performance of its functions as a system integrator under article 7c of the Electronic Governance Act (EGA), in cases where it cannot perform the assigned works with its own resources, as well as for the supply of tangible and/or intangible assets, the company has to assign them to third parties as a public contracting authority under the Public Procurement Act in strict compliance with the applicable laws. All procurement documents announced by the Company are publicly available on the information system CAIS EOP managed by the Public Procurement Agency, at: https://app.eop.bg/today (for the procurements announced after 13.06.2020) and on the Buyer's Profile on the Company's official website and on the Public Procurement Register at https://www.aop.bg/ (for the procurements announced up to and including 13.06.2020). The Company shall award public contracts in its own name and on its own account, and the results of their execution shall be provided to the relevant administration in accordance with the concluded system integration contract.

Out of the public contracts announced by the company so far, 99% have been awarded with the "lowest" price criterion. As a result of this approach to the procurement of hardware (equipment) and standard software in 2021, we have achieved the provision of optimal computer configurations to the administration at the best uniform prices for all, with a saving of BGN 8.7 million for the administrative authorities (compared to the planned budget expenditure for the same equipment). One administrative authority has realized alone a saving of more than BGN 1.9 million (45% of its estimated cost) for 2200 workstations, but at a later stage the same administrative authority was removed from the list of administrative authorities contracting their system integration activities to Information Services. The technical and financial parameters of the computer configurations supplied by Information Services to the administrative authorities are significantly better than those supplied by the Central Purchasing Authority in Bulgaria, with the same companies participating in the procurement.

As a contracting authority under the Public Procurement Act, the company monitors the performance of public procurement contracts and imposes sanctions when warranted. Penalties have been calculated and collected under 10 public procurement contracts in the total amount of BGN 96 thousand.

4. Regarding the allegations that "there is a closed circle of irresponsible and uncontrolled spending of budget funds and essentially in-house procurement"; "violation of the principle of competition in the implementation of public procurement and / or restriction of market freedom, or at least giving a competitive advantage to Information Services.“

Information Services operates in a fiercely competitive environment. The company does not enjoy any market privileges arising from the dominant state ownership of its capital and does not fall within the categories of legal entities to which direct (in-house) outsourcing can be made. With regard to system integration contracts between the administrative bodies and the company, the exception in article 14, paragraph 1, item 5 of the Public Procurement Act (PPA) - the so called “in-house contracting” - is not applicable as the cumulative preconditions set by the law are not available: the contracting authority must exercise over the legal entity control similar to that which it exercises over its own structural units; more than 80 per cent of the legal entity's activity must be formed by the performance of works contracted by the contracting authority or its separate structures or by other legal entities controlled by the contracting authority and there must be no direct private equity participation in the legal entity - contractor (by way of exception, direct private equity participation is allowed, when such participation is required by the provisions of the national laws pursuant to the EU treaty and the Treaty on the functioning of the EU, and it is not connected to control or blocking powers and does not exercise decisive influence on the business of the legal entity). When concluding contracts for system integration, the administrations and Information Services strictly comply with the Public Procurement Act, the Electronic Governance Act, their implementing regulations, as well as the Guidelines for unification of the practice of definition and implementation of the system integration activities under article 7c of the Public Procurement Act, approved by Decision No 481 of the Council of Ministers of 14 July 2020.

5. Regarding the allegation that the company "adversely affects the budget of the State through the non-transparent pricing of its services“

In the period since its designation as a National Systems Integrator, the company has achieved a number of measurable beneficial effects for the administrative bodies included in the scope of systems integration. Significant financial savings have been realized in the procurement of hardware (equipment) and system software as well as in the provision of specific IT services. Significant improvements in prices and terms of supply have been achieved for IT hardware and software resources compared to procurements of the same subject matter carried out independently by administrative authorities under the PPA, including through centralised contracting mechanisms, e.g.:

Administrative body	Product/service	Budget savings
Ministry of Finance, all 265 municipalities, the Council of Minister’s administration and all second-tier budget administrators	SAP licenses and maintenance	Almost BGN 30 million
Ministry of Electronic Governance	Technical solution for the provision of real-time video surveillance and video recording after the end of the election day in the polling station commissions during the counting of votes and the compilation of the minutes, in accordance with the Electoral Code	Almost BGN 12 million
All within the scope of the system integration as an average in 2020 - 2023	24 800 desktop computers and laptops	Over BGN 8 million
Ministry of Finance	Post-warranty maintenance of computer equipment	Over BGN 6 million.
National Health Insurance Fund	Purchase of software licenses for Oracle products	Almost BGN 6,4 million
Ministry of Interior	Purchase of software licenses for Oracle products	Almost BGN 4.5 million
Ministry of Interior	Delivery of printers and multi-function units	Almost BGN 760 thousand

For the period 2020-2023, Information Services, as a National Systems Integrator, delivered and replaced over 20% of all the state administration's computer equipment, with significant real savings in public financial resources compared to other centralised supplies with the same subject matter.

As a National System Integrator, Information Services is actively involved in the development of the e-governance in the country. The company assists government authorities in the planning and development of information resources to achieve effects of scale, consolidation of technical and information infrastructure, integration of work processes, unification and standardisation of procedures and technical requirements. These are implemented in line with government policies on administrative reform, e-governance and digitisation.

In the last 3-4 years, by means of its unified professional approach, Information Services has solved over 20 years of problems of the administrative structures in the state, some of which:

• Judiciary - developed and implemented the Unified Court Information System (UCIS) and optimized the Unified e-Justice Portal to ensure transparency and access to e-justice for citizens and legal entities;
• Health system - developed, implemented and is continuously developing the National Health Information System (NHIS), which laid the foundations for e-health in Bulgaria (e-prescriptions, e-referrals, e-patient record, e-reviews, integrated with NHIF systems). To date, over 33 million e-prescriptions, over 27 million e-referrals, over 47 million e-examinations, over 2 million e-hospitalizations have been issued through NHIS. Over 21.5 thousand physicians, over 6.4 thousand dentists, over 4.3 thousand pharmacists and over one thousand laboratory technicians work with the NHIS.
• Financial System - developed, implemented and is continuously developing a system-wide Financial Management System for the Ministry of Finance, the Administration of the Council of Ministers, including all regional governors, all municipalities and the administrators of municipal budgets. The system provides full transparency of the timing of financial activities, timely, reliable, complete and up-to-date information for an optimal level of efficient management and use of resources..
• Infrastructure system - since 2020, Information Services has been implementing multiple projects to upgrade its information and communications infrastructure. Key administrative authorities of public importance and identified as strategic sites for the state have not invested in infrastructure for more than 10 years, and as a result have been subject to serious cyber threats and breaches. After 2 years of hard collaborative work between the team of one of these key administrative authorities and the team of Information Services, the infrastructure has not only been upgraded and modernized, but experts from the administration have been trained to handle the latest technologies and the administration has successfully passed an international audit by the EC. As a result, the access that was withdrawn after a security breach has been restored and the international exchange of information - resumed.
• Electoral system - Information Services has been a partner of the CEC since 2003 and so far in 88 elections, national, local and referenda, the company has shown outstanding performance which is proved by the unanimous acceptance of its work by the various CEC Boards and the lack of appeal by any participant from alliances of political parties to individual candidates.

The above described projects implemented by Information Services are only part of the many works that the company implements for the benefit of the administration and the society. For the first time in the country, projects have been implemented that have a real dimension and everyone can "touch" them.

6. On the question of whether to provide for "additional measures for control of the company".

The operations of Information Services are subject to control under the effective laws on various grounds. As a commercial company, Information Services is subject to control by all state control authorities (NRA, NSSI, General Labour Inspectorate), as a public enterprise - to control by the Ministry of Electronic Governance pursuant to the Public Companies Act and its implementing regulations and pursuant to the Public Sector Internal Audit Act, the Public Sector Financial Management and Control Act, the State Financial Inspection Act, the Court of Auditors Act and the Independent Financial Audit Act, and as a contracting authority under the Public Procurement Act - by the Public Procurement Agency, and as a structure having access to classified information – by the National Security Agency (DANS). In 2021, the Company was audited by the NRA, Large Taxpayers and Social Security Contributors Directorate for the period 2015 - 2020, which also included audits of procurement contracts. During the audit no violations of tax legislation were found.

In performing its functions as a system integrator under article 7c of the Electronic Governance Act (EGA), when outsourcing system integration works to third parties, Information Services acts as a public contracting authority under the Public Procurement Act in strict compliance with the applicable laws. All procurement documents announced by the company are publicly available in the information system CAIS EOP managed by the Public Procurement Agency, at: https://app.eop.bg/today (for the procurements announced after 13.06.2020) and on the Buyer's Profile on the official website of the company and in the Public Procurement Register at https://www.aop.bg/ (for the procurements announced up to and including 13.06.2020). Decisions on public procurement announced by the company are subject to appeal to the Commission on Protection of Competition (CPC) under the Public Procurement Act. So far, out of the more than 900 decisions issued on open public procurements, two have been appealed, and in both cases the proceedings before the CPC have been terminated (in one case - due to the termination of the procedure following an internal company error, and in the other - due to the withdrawal of the appeal). There have been no reports to the judicial authorities concerning the public procurement contracts announced by us and the decisions adopted in relation thereto.

The Integrated Quality, Information Security and IT Services Management System of Information Services implemented in the company is certified according to the international standards ISO 9001:2015, ISO 27001:2013 and ISO 20000-1:2018 and is subject to audits performed by the internal auditors of the Internal Control and Standards Department (according to an approved annual plan) and by internationally certified external auditors of the German company TÜV NORD SERV GmbH (within the framework of annual audits - control or recertification audits).

As a provider of qualified certification services in accordance with Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and authentication services for electronic transactions in the internal market and repealing Directive 1999/93/EC, and the applicable European standards, Information Services is subject to annual compliance audits by internationally certified external auditors from the French company LSTI and is subject to inspections by the Communications Regulation Commission. Information on the internationally certified systems maintained and the certificates held is publicly available at https://www.is-bg.net/bg/about, under "Quality" tag.

According to the Public Sector Financial Management and Control Act, the Company's operations are subject to audit by both the Internal Audit Department and the Internal Audit Unit of the Ministry managed by the Principal - until 30.12.2021, we were subject to audit by the Internal Audit Unit of the Ministry of Transport, Information Technology and Communications, after which date audits by the Principal are the responsibility of the Ministry of Electronic Governance. The operations of Information Services as a national systems integrator and public contracting authority under the Public Procurement Act were subject to two audits by the internal audit unit of the MEG.

Any state controlling institution, with respect to the company's activities and in accordance with Bulgarian law, has the rights/opportunity to audit the company.

The Company complies with all legal requirements for publication and disclosure of information. The information about the Company's operations and financial position (Annual Financial Report, Directors' Report and Independent Auditor's Report) including for the year 2022 has been duly disclosed in the Company's account with the Trade Register and Register of Non-Profit Legal Entities, in the e-Information System for Public Companies maintained by the Public Companies and Control Agency and on our official website.       

Information Services performs the functions of a systems integrator mandated by the Electronic Governance Act and the strategic decisions of the Government in strict compliance with the principles of publicity and transparency, aiming to protect the public interest first and foremost and to ensure the highest quality at the best price conditions and guaranteed compliance with international security standards for the services provided. The company executes the projects in full: from the preparation of the technical specifications to the delivery and maintenance of the final product, thus taking full responsibility for the execution and ensuring the achievement of a final working result. Sustainability and development are achieved by means of long-term plans, professionalism and responsibility, and not with piecemeal activities and ad-hoc solutions.

Over the past two years there has been significant interest in the company's activities as a national systems integrator. We provide full cooperation and are available to provide detailed information in cases where information is requested under the statutory procedure - through questions from MPs, hearings in the National Assembly, numerous requests for access to public information under the Access to Public Information Act, and questions from journalists. In cases where slander is spread in paid social media posts aimed at discrediting both the company and its management and the Minister of Electronic Governance as the principal, this is clearly a campaign that is directed against the system integration under article 7c of the Electronic Governance Act and aims to restore the previous situation of decentralised implementation of these activities at a significantly higher cost and lower quality. We believe that the negative campaign undertaken against the company by individuals, including former MPs and representatives of political cabinets in previous governments, is precisely the result of the significant successes we have achieved, which have disrupted financial and business interests, not only in the field of ICT, but also in the areas of healthcare, the judiciary, timber sales, public procurements, etc. Information Services is guided by the principle of full transparency of its processes and operations and achieving tangible positive results from systems integration.

*Question from Ivan Petkov, Member of Parliament from the Bulgarian BSP for Bulgaria Group, regarding the management of the budget of Information Services.