Objective

The objectives of setting up a warm and hot disaster recovery (DR) site for the digital identification infrastructure in two geographical locations are as follows:

Business Continuity: The primary objective is to ensure uninterrupted availability and functionality of the digital identification infrastructure in the event of a disaster or disruptive event. By having both warm and hot DR sites in separate locations, the system can continue to operate even if one site becomes unavailable. This helps in maintaining the continuity of essential services and avoids potential disruptions to users.
Redundancy and Fault Tolerance: The warm and hot DR sites provide redundancy by replicating critical components and data of the digital identification infrastructure. The warm site typically has pre-configured servers, databases, and infrastructure that can be quickly activated in case of a disaster. The hot site, on the other hand, is fully functional and operational at all times, ready to take over the workload seamlessly. This redundancy and fault tolerance ensure that if one site fails, the other can handle the increased load and prevent any single point of failure.
Geographic Diversity: By setting up the DR sites in different geographical locations, the infrastructure gains geographic diversity. This reduces the risk of a single localized event, such as a natural disaster, power outage, or network failure, affecting both sites simultaneously. Geographic diversity increases the overall resilience of the system and enhances the chances of maintaining business continuity, even in the face of regional or localized disruptions.
Disaster Recovery Planning: The setup of warm and hot DR sites requires a comprehensive disaster recovery plan. The process involves identifying potential risks, determining recovery time objectives (RTO) and recovery point objectives (RPO), establishing data replication mechanisms, defining failover procedures, and conducting regular testing and maintenance activities. The objective is to have a well-defined and documented recovery strategy that minimizes downtime and ensures rapid recovery and restoration of the digital identification infrastructure.
Compliance and Security: Digital identification infrastructure often deals with sensitive user data and is subject to various compliance requirements and security standards. The warm and hot DR sites must comply with these regulations and ensure the security and confidentiality of the data. The objectives include maintaining data integrity, protecting against unauthorized access or data breaches, and adhering to relevant privacy and security standards.

Overall, the objectives of establishing warm and hot DR sites for the digital identification infrastructure in two geographical locations are to ensure business continuity, provide redundancy and fault tolerance, leverage geographic diversity, enable effective disaster recovery planning, and maintain compliance and security standards.

Information on Design and Implementation :

The NIMS Design comprises of:

Registration and biometric enrolment of citizens and legal residents, for the purpose of uniquely identifying the individual and thus creating a National Identity Database and through that process (on a sustainable basis);
Issue a unique National Identification Number (NIN) to the registered individuals;
Issue General Multi-purpose Cards (GMPCs) (as provided for in the NIMC Act);
Provide for identity authentication verification services;
Provide access and connectivity infrastructure between registration centers, central data processing centers, identity verification systems, and backend systems;
Provide for harmonization and integration of identity databases in government agencies, including providing the regulatory and institutional framework for an orderly development of the identity sector in Nigeria.

The registration and enrolment process which will be once in a lifetime, will result in the capture of demographic and biometric data (ten (10) fingerprints and live digital photographs and signatures), and other relevant data of citizens and legal residents. Provision is made for facial recognition while fingerprints will primarily be used for verification. Also, provision is made for future upgrades (in the fifth year of operation of the NIMS) for the inclusion of iris. Various forms of registration activities and databases that currently exist will be streamlined through a process of harmonization and integration, designed to enable the ‘reuse’ as appropriate, of existing infrastructure, optimize resources, ensure sustainability, flexibility and scalability (based on lessons of the past) and avoid a ‘single point of failure’ scenario.

IMPLEMENTATION:
An important strategic approach to facilitate the implementation of the NIMS is the conceptual distinction between two connected components, namely the ‘Front End Operations’ (FEO) and the ‘Back End Operations (BEO),

a. Front-End Operations comprising:

Registration and biometric enrolment of Citizens and legal residents (Data capture/updating);
Personalization and Issuance of Smart Cards with business applications;
Deployment of Card Acceptance/Access Devices (CADs);
Citizens and legal residents contact and support operations.

b. Back-end operations comprising:

Setup, operation, and management of the National Identity Database (NIDB)
Provide for Disaster Recovery/backup and business continuity infrastructure;
Establish and maintain secured network connectivity infrastructure and communication links with relevant identity-related agencies and end-users;
Provision of authentication and verification services. Both components will be implemented by the NIMC in collaboration with ‘Front End Partners (FEP) and approved technology service providers (designated as Back End Partners) and consultants.

c. Upon complete rollout, the infrastructure would include:

Permanent registration centers for continuous biometric and demographic data capture services;
A National Identity Database and a regime of unique national identification numbers, (NIN); Disaster Recovery Site with provision for Business Continuity;
Connectivity, Data Processing and Storage Infrastructure, Systems Integration, and software development services support and maintenance capacity;
Provision of authentication and verification infrastructure and commercial applications;
Smart Card personalization facilities and commercial applications.

Technology Architecture

The NIMS architecture is focused on the achievement of six (6) primary objectives central to the attainment of the dictum ‘enroll once and be identified for life’ and these are:

Ensure ‘clean’ and ‘correct data’ (demographic and biometric) collection from individuals;
Ensure de-duplication process to guarantee uniqueness and integrity of database;
Issuance of the NIN based on a unique non-intelligent system to every enrolment in the NIDB;
Focus on a sustainably high level of privacy and information security;
Institute a dependable clear data verification and authentication infrastructure and service scheme; and
Provide for interoperability (harmonization and integration) with other government agencies in a secure and scalable manner.

The important highlights of the technology architecture are described below:
The NIMS (backend) Servers which are at the core of the managed services will provide the processing of the enrolment, verification, and authentication services over the network of the FEPs. The Servers are in two categories:

The primary Servers at the main Data Centre and the Servers at the Disaster Recovery/ Business Continuity Sites. They are designed to meet the demand for 1:1 and 1: N biometric de-duplication and the verification and authentication service requests from end-users of the NIDB.

The Network infrastructure provides for two sets of functionality based on the enrolment process, authentication and verification process, and the Smart Card personalization process. The enrolment which will be done by the FEPs will require massive data transmittal in a single and or batched format from the IRCs where enrolments are done to the NIDB Data Centre where the de-duplication is done through Fibre Optic, VSAT/WAN, LAN, Internet, connected third party network infrastructure.

The security design to secure the various components from logical and physical attacks. The security design covers both Server security (including firewall, intrusion prevention and detection systems (IDS, IPS, etc), Network Security, Enrolment and End-User security(including PKI, encryption, etc).

Monitoring and Evaluation Metrics

Here are some key metrics used for Monitoring and evaluating the NIMS digital identity systems:

User Adoption and Enrolment Rates: These metrics measure the number of users who have adopted the digital identity system and enrolled for their digital identities. It provides insights into the system's reach and acceptance among the target population. Currently, the Enrolment Rate is over 100 Million and growing.
Service Availability and Uptime: This metric assesses the availability and uptime of the digital identity system, measuring the percentage of time the system is operational and accessible to users. It helps evaluate the system's reliability and its ability to provide uninterrupted services. The NIMS has a 99.999% uptime availability for the last 8 operational years
Authentication Success Rate: This metric measures the success rate of user authentication attempts within the digital identity system. It indicates the system's accuracy in verifying and authenticating user identities and determining whether the implemented authentication mechanisms are effective. The authentication success Rate of the NIMS is 90% successful.
Transaction Processing Time: This metric measures the time taken to process transactions or requests within the digital identity system. It helps assess the efficiency and responsiveness of the system, ensuring that transactions are processed within acceptable timeframes. The NIMS has a processing average time rate of 1 minute. With the current upgrade of the NIMS network Infrastructure using the Infiniband Network, that rate is expected to be in a fraction of a second processing time.
User Experience and Satisfaction: User experience metrics, such as user satisfaction surveys or feedback mechanisms, can provide valuable insights into users' satisfaction with the digital identity system. It helps assess user perceptions, ease of use, and overall satisfaction, which can be indicative of the system's performance and usability.
Security Incidents and Data Breaches: Monitoring security incidents and data breaches is crucial to evaluate the system's security posture. Tracking the number and severity of security incidents, unauthorized access attempts, and data breaches helps identify vulnerabilities and areas that require improvement.
Compliance with Privacy and Data Protection Regulations: This metric assesses the digital identity system's compliance with privacy and data protection regulations and standards. It involves evaluating whether the system adheres to relevant laws and regulations, and other jurisdiction-specific requirements.
Cost Efficiency: Monitoring cost-related metrics helps assess the efficiency of the digital identity system's operations and maintenance. Metrics such as cost per user, cost per transaction, or cost savings compared to traditional identity systems can provide insights into the system's financial performance.
Interoperability and Integration: This metric evaluates the system's interoperability with other systems and its ability to integrate with different platforms or services. It helps assess the system's compatibility, scalability, and potential for seamless integration into existing infrastructure.
Social and Economic Impact: Monitoring the social and economic impact of the digital identity system helps assess its broader benefits and contributions. Metrics such as increased access to services, reduced fraud rates, improved efficiency in public administration, or economic growth indicators can provide a holistic view of the system's impact.

These metrics are used individually or in combination to evaluate the performance and effectiveness of a digital identity system. The selection of metrics should align with the specific objectives, context, and stakeholders' requirements of the system being monitored and evaluated.

Capacity Building Measures

Here are some capacity building measures for the NIMS digital identity system:

Training and Education: Providing comprehensive training programs and educational resources for the stakeholders involved in the digital identity system. This includes training for system administrators, operators, support staff, and end-users. Training covers various aspects such as system functionality, security protocols, privacy considerations, data management, and user support. By improving the knowledge and skills of the workforce, the capacity of the system can be strengthened.
Technical Expertise Development: Building technical expertise through the successful implementation and maintenance of a digital identity system. This involves developing a team of skilled professionals who have knowledge in areas such as identity management, data protection, encryption, authentication mechanisms, system integration, and cyber security. Encouraging continuous professional development and providing opportunities for gaining relevant certifications will contribute to building technical expertise.
Infrastructure Development: Adequate infrastructure is essential for the smooth operation of a digital identity system. Capacity building measures focused on assessing the existing infrastructure and identifying any gaps or limitations. Upgrading hardware, network connectivity, server capacity, data storage, and backup systems to help ensure that the system can handle increasing user demands, data volumes, and potential scalability requirements.
Stakeholder Engagement: Through the engagement and involvement of relevant stakeholders crucial to the success of NIMS digital identity system. Capacity building measures also includes efforts to foster collaboration and cooperation among different stakeholders, such as government agencies, technology providers, civil society organizations, and user communities. Establishing communication channels, organizing workshops, and creating platforms for sharing knowledge and experiences to enhance stakeholder engagement and build a strong support network.
Legal and Policy Framework: Through the development of appropriate legal and policy framework is essential for a digital identity system. Capacity-building measures focused on understanding and complying with relevant laws, regulations, and international standards related to identity management, privacy protection, data governance, and security. This involves conducting legal assessments, consulting legal experts, and ensuring alignment with existing frameworks or advocating for necessary regulatory changes.
Knowledge Sharing and Collaboration: Encouraging knowledge sharing and collaboration among different stakeholders for continuous learning and improvement. Capacity-building measures also include collaboration with other countries, organizations, or experts in the field that also provide valuable insights and contribute to capacity-building efforts.
Monitoring and Evaluation: Regular monitoring and evaluation of the digital identity system's performance and impact are essential for identifying areas of improvement and ensuring ongoing capacity building. This involves establishing metrics, collecting relevant data, analyzing system performance, and seeking feedback from users and stakeholders. Monitoring and evaluation outcomes can guide future capacity-building initiatives and enable the system to adapt to changing needs and emerging challenges.

By implementing these capacity-building measures, NIMC is able to enhance the effectiveness, efficiency, and sustainability of its digital identity systems while ensuring compliance, security, and user trust.

Governance Mechanism

The National Identity Management Commission Act is the instrument that created the legal regulatory and institutional framework for the identity sector in Nigeria including the mechanism for implementing Government’s reform effort. Important sections of the Act include the following:

Section 5 of the NIMC Act vests in the Commission the power and function to create, manage, maintain, and operate an identity database
In Sections 1 – 13, the Commission’s governance structure, functions, powers and
funding mechanisms were spelled out. It includes the duty to harmonize existing identity databases in government institutions, the power to collaborate with public and or private sector institutions to achieve its objectives, etc;
Section 14- 17 established the National Identity Database, its purpose, content, and eligibility to register (section 16);
Section 18 -25 provides for the introduction of general multi-purpose Cards (GMPC) while Section 27 provides for the issuance of and mandatory use of the UNIQUE NATIONAL IDENTIFICATION NUMBERS (NIN) for transactions;
Section 28 stipulates how unauthorized access is treated, especially in relation to transactions without a national identification number. Section 30 provides for miscellaneous offences and Section 31 provides for the Commission’s power to make regulations. Section 32 repealed the National Civic Registration Act and transferred to the Commission all its assets and liabilities.

Use Cases

Digital identity has various use cases across sectoral applications. Here are some examples:

Government Services: Digital identity can streamline access to government services such as social welfare programs, healthcare, taxation, voting systems, and identity verification for official documents and licenses. It enables efficient service delivery, reduces fraud, and improves citizen convenience.
Financial Services: Digital identity is essential for digital banking, online payments, and financial transactions. It allows for secure identity verification, Know Your Customer (KYC) processes, and electronic signatures, facilitating financial inclusion and reducing fraud in the financial sector.
Healthcare: Digital identity systems can enhance patient identification, health records management, and access to telemedicine services. It enables secure sharing of medical information between healthcare providers, improves patient safety, and supports personalized healthcare delivery.
Education: Digital identity can streamline student enrolment, authentication, and access to educational resources and online learning platforms. It facilitates secure student records management, and digital certification, and helps prevent identity fraud in educational institutions.
E-Commerce and Retail: Digital identity enables secure online shopping, personalized customer experiences, and streamlined checkout processes. It assists in combating identity theft, ensuring secure transactions, and building trust between online retailers and consumers.
Travel and Transportation: Digital identity systems can simplify travel processes such as passport control, visa applications, and boarding procedures. It enables efficient identity verification, and border control, and enhances the overall travel experience.
Employment and Workforce Management: Digital identity can streamline employee onboarding, authentication, and access control in workplaces. It facilitates secure remote working, and digital signatures, and simplifies workforce management processes.
Social Services: Digital identity systems can improve access to social services like welfare programs, housing support, and disaster relief. It helps in accurate beneficiary identification, and efficient service delivery, and reduces fraud and duplication.
Online Services and Platforms: Digital identity is crucial for accessing various online services and platforms, including social media, online marketplaces, and entertainment platforms. It helps in user authentication, personalized experiences, and protecting users from identity theft or unauthorized access.
Smart Cities: Digital identity plays a role in smart city initiatives, enabling access to smart infrastructure, and personalized services, and secures interactions in areas such as transportation, energy management, public safety, and citizen engagement.

These are just a few examples of how digital identity can be applied across different sectors. The versatility of digital identity makes it a fundamental enabler for a wide range of applications, supporting efficiency, security, and personalized experiences in various sectors.