Enterprise Architecture for International Agreements

in Social Security Institutions

Salvador Otón

, Antonio Moratilla

, José Amelio Medina

, Francisco Delgado

and Raúl Ruggia

University of Alcalá, Alcalá de Henares, Spain

National Institute for Social Security, Madrid, Spain

International Social Security Association, Geneva, Switzerland

Keywords: Enterprise Architecture, ArchiMate, EIRA, Interoperability, Social Security.

Abstract: This paper analyzes the problems associated with the implementation of international agreements in social

security institutions. International social security agreements aim at protecting social rights of migrant

workers by enabling the portability of social benefits, which involve managing billions of dollars paid

worldwide by the signatory countries. This involves significant cross-border data exchange and back-office

information processing. The effective and reliable implementation of agreements, therefore, requires an

intensive application of information and communication technology (ICT) to ensure the integrity of the

process. In this paper, a series of enterprise architectures were presented that will help the designers of the

systems of social security institutions to carry out the international agreements.

1 INTRODUCTION

Social protection aims at reducing the vulnerabilities

and economic risks of individuals, households and

communities. This is done through different social

security schemes, such as old-age and retirement

pensions, family benefits, in-kind benefits for health

and medical services, occupational accidents, etc. In

order to be entitled to these benefits, people have to

contribute to the scheme or to general taxes

depending on the type of social security system. The

protection of these social rights for migrant workers

requires, among different measures, ensuring equal

treatment and maintenance of rights acquired or in the

process of being acquired with respect to local

workers in host countries.

International social security agreements constitute

a key legal instrument that enable the portability of

social rights for migrant workers by ensuring that

periods of employment are taken into account for

granting benefits in the signatory countries.

International agreements also aim at preventing the

“double contribution” of temporary workers in a host

country, enabling costs savings without reducing

social protection.

The application and operation of social security

agreements is based on the exchange of data between

the signatory institutions (e.g. information on work

periods in a country, dates of temporary relocation,

etc.) and, to a certain extent, the way in which an

international social security system operates based on

a signed agreement. While most of the international

social security agreements are bilateral – i.e.

concluded by two countries – there are multilateral

agreements allowing several countries to coordinate

parts of their social security systems.

Although the main involved technologies are well

known, especially Interoperability, the implemen-

tation of such mechanisms remains challenging and

most of the international agreements are based on

manual document paper exchange. The main

implementation complexities concern the definition

of common architectures as well as using Semantic

Interoperability to deal with conceptual and linguistic

mismatches among the signatory parties.

Furthermore, such implementation requires solving

the coordination between the internal institutional

systems from different countries without a predefined

standard.

A series of guidelines have been developed to help

social security institutions implementing the

operational aspects of international agreements by

using information technologies (ICT) (ISSA, 2016)

focusing on interoperability, data exchange processes

and related functions. Furthermore, the Semantic

Interoperability issues which have been addressed in

Otón, S., Moratilla, A., Medina, J., Delgado, F. and Ruggia, R.

Enterprise Architecture for International Agreements in Social Security Institutions.

DOI: 10.5220/0006702806570664

In Proceedings of the 20th International Conference on Enterprise Information Systems (ICEIS 2018), pages 657-664

ISBN: 978-989-758-298-1

657

(Delgado et al., 2013) and (Delgado et al., 2014).

Nevertheless, the issues of defining common

architectures for supporting international data

exchange have been less treated.

This paper addresses main issues on managing

international social security agreements and for

developing related computer systems. Concretely,

this paper proposes a series of enterprise architectures

to help developing these systems.

The rest of the paper is organized as follows.

Section 2 presents the social protection instruments

for migrant workers (i.e. the international

agreements). Section 3 describes the Interoperability

framework underlying the proposed solutions.

Section 4 presents Enterprise Architectures for

implementing the agreements. And Section 5

concludes and depicts future work.

2 INTERNATIONAL SOCIAL

PROTECTION FOR MIGRANT

WORKERS

Governments are increasingly obliged to collaborate

across organizational, sectoral and administrative

boundaries (Janowski et al., 2014). In order to protect

the social rights of migrant workers, the International

Labor Organization (ILO) has developed a set of

recommendations and standards. These

recommendations define five basic principles that

form the backbone of most bilateral and multilateral

social security agreements:

 Equal treatment.

 Determination of the applicable legislation.

 Maintenance of acquired rights and the

provision of benefits abroad.

 Maintenance of the rights in course of

acquisition.

 Reciprocity.

International social security agreements establish

a legal framework to coordinate the plans of the

countries involved. Most of the agreements are

bilateral, as it is established between two countries in

order to coordinate their specific regulations.

However, there are some multilateral agreements that

allow several countries to coordinate the parts of their

social security systems. Where there is no bilateral or

multilateral agreement covering nationals of certain

countries, the host country may establish unilateral

measures to provide social protection to migrant

workers.

Agreements are documents structured generally in

sections and articles following ILO recommendations

No. 167 (ILO-R.167, 1983).

The application of social security functions

through international agreements involves the

processing of two main types of operations: (i)

requests for information from other institutions

participating in the agreement required to process a

benefit claim (i.e. other liaison bodies), (ii) claims for

benefits submitted by individuals (workers and

retirees); the latter probably requested information

from the liaison institutions of the countries in which

they worked. Therefore, the exchange of data with

other liaison bodies are key tasks in the

implementation of social security agreements.

At the global level, the overall implementation of

a social security agreement involves several steps and

different types of activities. On the one hand, dealing

with political and legal aspects involves conducting

preliminary negotiations preparing the text of the

agreement, signing and ratifying the agreement,

including administrative arrangements, and defining

when the agreement will begin to be applied (entry

into force) (Hirose et al., 2011). On the other hand,

the organizational aspects involve the establishment

of administrative procedures for the processing of

applications and related operations, as well as the

definition of roles and responsibilities related to these

tasks (ISSA, 2016).

The implementation of the agreements also

requires the definition and preparation of the

mechanisms to carry out the exchange of data with

the other liaison institutions. This includes defining

the format and semantics of the data being exchanged,

the authentication mechanism (e.g., electronic

signature), the protocol for request-response

exchange and maximum delays, etc.

The data exchanged consists mainly of the

following: (i) workers‘ personal data, (ii) the previous

worked periods grouped by employer and labor

categories relevant to the agreement, (iii) the future

work periods of detached workers as well as the

origin employers, (iv) death and family status

certificates, (v) partial or total medical records if the

agreement relates to health benefits, (vi) periods of

residence for countries with a universal social

security system where benefits’ eligibility is based on

them rather than worked periods.

Data exchanges must comply with security,

privacy and authentication rules. On the one hand,

social security agreements usually include data

protection clauses. On the other hand, the validity of

administrative procedures depends on the

authenticity of exchanges that can be made only by

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

658

authorized personnel (electronic signature of an

authorized person).

The operations of the agreements also include the

payment or entitlement of benefits to the people, as

well as the suspension or cancellation according to

personal, family or employment changes.

2.1 Managing International

Agreements: General Description

Signing an international agreement involves the

country’s institutions to comply with its terms and

conditions. This includes the implementation,

management and application of the terms of the

agreement to individual cases, which involve persons

formerly resident or workers in at least one of the

signatory countries, as well as individuals who are

going to reside or to work in them.

The type of management will depend on the

content of the text agreed by the governments of the

involved countries, although this management

usually focuses on: (i) providing information on the

personal situation of original workers who will work

or have worked in one of the signatory countries, (ii)

agree or deny benefits under the agreement, (iii)

On the other hand, each signatory institution

should define the main actors involved in the

management of international agreements, in order to

ensure that management is carried out with certain

levels of quality.

In a first level the main actors and roles identified

are: (i) the Central Government, the Ministry and

Parliament at the time of signature and ratification of

the agreement, (ii) the "liaison" institutions that carry

out the international coordination of the agreement

with their counterparts in the other signatory

countries, (iii) the "competent" institutions which are

responsible for the practical implementation of the

agreement and which will implement the

management functions and processes. These

institutions are those which administer the social

security schemes provided in the agreement, (iv)

persons requesting benefits and related information

under the agreement and (v) companies that declare

workers on a temporary regime.

Signatory organizations should identify the main

processes, responsibilities and requirements of

governance and quality. Therefore, the agreements

establish the management and decision-making

framework, establishing the "liaison" and

"competent" institutions in the signatory countries.

At the international level, management should be

based on the provisions of the agreement. For this

reason, the basic processes that ensure the exchange

of data and communication of resolutions between

different institutions and countries are defined.

Finally, the institutions should implement

auxiliary processes in which a notifications system of

changes in work and personal situation, as well as the

technological needs necessary to guarantee the

correct exchange and understanding of the

information, are established.

3 INTEROPERABILITY

In this section, we will explain the levels of

interoperability presented in the European

Interoperability Framework (EIF) (European

Commission, 2009, 2017) adapted to the international

social security agreements.

Legal: consists of the international social security

agreements themselves, as well as the relevant

legislation of the participating countries so that the

information sent has adequate recognition in the

"receiving" country. This includes definitions and

agreements designed to articulate the jurisdictions,

mandates and responsibilities of the organizations

involved in the exchange of information. Operational

(administrative) agreements that formalize the ways

in which the exchange of information will take place

are also counted.

Organizational: refers to the way in which

business processes are modelled in order to support

social security operations. Organizational

interoperability consists of specifying the processes

that involve the information exchange operations and

the connection of the participating organizations.

These processes must be compatible with

organizations and comply with legal declarations of

interoperability.

Semantics: ensures that the precise meaning of

the information exchanged is understandable for any

other application not initially developed for this

purpose. Semantic interoperability allows systems to

combine information received with information from

other sources and process it in a coherent way.

One of the main problems faced by institutions in

applying automatic data exchange between two

systems is to ensure that the receiving system will

interpret information in the same way (i.e. with the

same meaning) as the sending system. This is the

fundamental issue addressed by semantic

interoperability.

Achieving this requires agreeing, for example, on

how the data and its context are represented. This is

what will allow the automatic tools to share and

Enterprise Architecture for International Agreements in Social Security Institutions

659

process information, even when it has been registered

independently. The goal of semantic interoperability

is not only to allow the interconnection of information

resources, but also to be understood automatically

and as a consequence be reused by computer

applications that are not involved in its creation.

Given the linguistic heterogeneity between

countries participating in the exchange of social

security information, as well as the lack of

terminological standardization in the area, semantic

interoperability is the weakest dimension of social

security interoperability systems.

Technique: covers aspects of connection and

communication between software applications and

computers. These are key aspects such as open

interfaces, interconnection services, data integration

and middleware, presentation and data exchange,

resource localization and recovery, accessibility,

security and integration of applications and services.

Different standards and specifications of extended

use can be identified for different areas

(interconnection, data exchange, presentation of

information, etc.).

The maturity of the Internet and associated web-

based technologies (e.g. web services and SOA) has

made application and process construction much

more practical in recent years and allowed to cross

national boundaries.

Technical interoperability for the exchange of

social security information mainly consists of rules

on: service architectures that provide a common

interaction model for the service-oriented system,

data models that enable the parties to decrypt and use

exchanged data, interconnect And middleware

technologies that enable global interaction.

4 ENTERPRISE ARCHITECTURE

This section describes Enterprise Architectures

specifying the connections between the different

parties involved in the implementation and operation

of international social security agreements. To

represent the enterprise architecture, ArchiMate (The

Open Group, 2017) together with EIRA (European

Commission, 2017) specification have been used.

The implementation of international agreements

requires reliable mechanisms for data exchange

among the involved institutions. This includes,

among other matters, defining the data to be

exchanged, the authentication mechanism (e.g.

electronic signature), the protocol for request-

response exchanges specifying maximum delays, as

well as implementing the ICT-based systems to

support these operations.

Moreover, it also involves carrying out the daily

operation of the agreement, through automated

processes to the greatest extent possible, which

mainly consists of receiving and sending information

and notifications of changes as well as processing

benefits claims.

As the operational tasks involve cross-border data

exchange and information processing, intensive

usage of ICT is necessary to achieve effectiveness

and reliability in the application of the agreement.

In spite of the increasing application of ICT in

social security, the ICT-based implementation of

international agreements remains challenging. The

lack of standards on data and processes is the main

reason. In addition, the complexity of developing

inter-institutional and cross-border systems constitute

a barrier for implementing ICT-based systems

supporting international agreements.

The overall implementation of international social

security agreements involves stakeholders whose

roles are usually mentioned in the texts of the

agreements. The following definitions provide the

context in which they are used:

 Competent authorities refers to the ministries

authorized under the social security legislation

of a party participating in the agreement to

administer that legislation.

 Liaison agencies (or liaison institutions) refers

to the organizations that ensure the

coordination and exchange of information

between the institutions of the parties

participating in the agreement. Countries may

define one or more liaison agency for all the

different matters covered by an agreement.

 Competent institutions refers to the

institution(s) responsible for administering the

legislation to which the agreement applies,

particularly social security schemes. Many

agreements use the generic phrases “the

competent authority” and “the institution

which is competent according to the legislation

applicable”.

This section addresses the definition of

architectures, specifying the main ICT components

that enable the implementation of interaction between

institutions putting into practice international social

security agreements.

The implementation of agreements involves three

levels of architecture (fig.1):

 International architecture, which addresses

interaction at the international level between

liaison agencies of different countries;

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

660

 National architecture, which addresses

interaction at the national level between the

liaison agency and competent institutions in the

same country;

 Institutional architecture, which addresses the

interaction of institutions’ internal ICT systems

with the other entities at the international and

national levels.

Figure 1: Architecture overview.

The architecture applies to specific agreements

and depends on the characteristics of the agreement.

While the international architecture of multilateral

agreements requires common services and a “trusted

third organization”, bilateral agreements could be

based on point-to-point connections between the

liaison agencies (e.g. using Web Services protocols).

In turn, the national architecture applies only

when there are several national institutions

coordinating with each other; it is not necessary when

there is only one institution involved in the

agreement, which is a very frequent scenario.

4.1 International Architecture

At the international level, agreements must carry out

a systematic, standardized and secure exchange of

data between the institutions of the different

participating countries.

Likewise, it is a question of providing a repository

where the parties can maintain information of

common interest on the development of the

agreement.

The use of this repository in multilateral

agreements is recommended, and may be

administered by a trust entity of the participating

institutions. In the case of bilateral agreements, this

information may be administered by the two

participating institutions or countries. They could also

follow a similar model to multilateral agreements

with a trust entity to administer the repository

corresponding to several bilateral agreements.

Therefore, at an international level, an

architecture with Common Reference Services (CRS)

is proposed to maintain the basic elements for

institutions to interact in compliance with safety

parameters, interoperability agreements and services

under an international agreement with a single

structure:

 The agreements define a common service

model for the different parties to coordinate

their work and efforts in their implementation,

embodied in the Common Reference Services -

CRS.

 The institution will appoint a Responsible

Technical Committee (RTC) to oversee,

maintain and manage international agreements.

 The RTC coordinates the operation of the

agreements of the institution with the liaison

agencies, establishing the specific model of the

interoperability admitted in the agreement.

 The architecture should provide security

features, authorization and non-repudiation of

operations, and maintaining traceability

services.

Figure 2: International architecture overview.

The main resources to be administered at the

international level are:

 Log of operations, which provide traceability to

operations.

 Deposit of certificates and digital signatures,

which allow to authenticate the operations

carried out.

 Semantic resources and Metadata, which

facilitate the correct interpretation of the data

exchanged.

 Process Library, which defines the processes to

be developed.

The objective to be achieved with semantic

resources is to describe the information that is

Enterprise Architecture for International Agreements in Social Security Institutions

661

exchanged, in terms of concepts, their properties and

the relationships between these concepts. To achieve

this, a common metadata scheme must be established.

Since the properties of a concept may have different

values, it is convenient to use controlled vocabularies.

If you want to achieve richer semantic levels you can

use taxonomies and ontologies, which define the

concepts of a given domain as well as its

relationships.

Also, to implement Organizational

Interoperability (at the process level), it is necessary

to have the Shared Process Library in the CRS at the

international level.

Figure 3 shows the architecture at the

international level using the ArchiMate and EIRA

specifications.

Figure 3: International Enterprise Architecture with

ArchiMate and EIRA.

At the international level, a series of business

processes must be carried out, which could be divided

into a set of business functions. Business processes

will use business objects such as logs, certificates,

digital signatures and semantic resources.

Responsible for managing these business processes

will be the Responsible Technical Committee.

The business processes will be executed through

a series of services reflected in the Common

Reference Services (CRS). These services will

expose their functionality through interfaces and will

use a series of business objects such as requests

(requests received), responses (to such requests) and

SLAs.

In addition to the ArchiMate elements explained,

a number of EIRA elements have been used. First of

all, it is understood that CRS are public services, so

we have a relationship of inheritance between them.

Subsequently, the CRS SLAs will be a specialization

of interoperability agreements agreed between the

different countries involved in the agreement. Finally,

international processes will use a legislative catalog.

4.2 National Architecture

The national level corresponds to the coordination of

multiple institutions from the same country

participating in an international social security

agreement. Therefore, when you have a single

participating institution in a country, this level tends

to merge with the institutional level.

At the national level, the technological

infrastructure should be compatible with an

architecture of communication between the liaison

body of international agreements and specialized

national agencies or institutions, with the structure

shown in Figure 4.

Figure 4: National architecture overview.

The main features are:

 The institution, through the Responsible

Technical Committee (RTC), defines access

methods and queries based on an SOA

architecture for communication with other

liaison agencies.

 The RTC defines service level controls (SLAs)

to provide agreement and establish control

mechanisms over the architecture.

 The national process request architecture will

receive multiple requests adapted to the

national structure of the local Social Security

system. The installation of the access point is

named National Exchange System (NES).

 The national architecture must construct an

adequate response based on the responses of

the information system of the local institution.

 The national architecture should provide a

method for creating requests to other liaison

bodies within the framework of the

international agreement.

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

662

 The national architecture can integrate some

functions of international scope in the bilateral

agreements.

Figure 5: National Enterprise Architecture with ArchiMate

and EIRA.

At the national level, a series of business

processes must be carried out, divided into two main

business functions, such as the generation of requests

and the composition of responses. Business processes

will use business objects such as logs and semantic

resources. Responsible for managing these business

processes will be the Responsible Technical

Committee.

The business processes will be executed through

a series of services reflected in the National Business

Services. These services will expose their

functionality through interfaces (External Service

Interface) and will use a series of business objects like

requests (requests received), answers (to such

requests) and SLA.

The processes at the national level will be carried

out by various institutions of the country (will be

explained in the next level). These institutions have to

collaborate to be able to carry out the business

processes. For this reason, it has been represented by

the element "Institutional Collaboration" which

represents the collaboration between different

technical teams of the Institutional Technical Team.

These collaborations are represented by the "National

Interaction" element that represents their

collaborative behavior at the business level.

4.3 Institutional Architecture

At the institutional level, the architecture should serve

as an adapter for acceptance and, with corresponding

authorization, the processing of requests for

information covered under the international

agreement (Figure 6).

Figure 6: Institutional architecture overview.

The proposed architecture integrates operations at

the international level with the institution's internal

systems not directly, but through mechanisms that

allow the institution to control the incoming flow of

requests from other institutions as well as the outflow

of information.

The main features are:

 Each Institution making up the National Social

Security Systems should have its own

Institutional Exchange System (IES) for the

reception, authorization, management and

response of requests for information received

from the NES (National Exchange System),

and sending requests for information to other

liaison agencies.

 The Institution must appoint a validation team

(VT) for the authorization and control of the

applications received through the IES. The VT,

using the data received from the IES, adapts the

requests to the local data structure so that the

institution only provides adequate data as

specified by the data established in the

international agreements.

Figure 7: Institutional Enterprise Architecture with

ArchiMate and EIRA.

At the institutional level, a series of business

processes must be carried out, which will be divided

into main business functions such as the processing of

Enterprise Architecture for International Agreements in Social Security Institutions

663

requests, their authorization, management and

response. Business processes will use business objects

such as logs, semantic resources, and a series of data to

complete the requests. The Validation Team will be

responsible for managing these business processes.

The business processes will be executed through a

series of services reflected in the Institutional Business

Services. These services will expose their functionality

through interfaces (Institutional Service Interface).

The business processes will be developed in each

institution with a number of elements at the

application level. The institutions have a set of

applications that will offer a series of functions and

they will be accessible through services with their

corresponding interfaces. These applications will use

data for processing.

5 CONCLUSIONS

The implementation of international social security

agreements requires an intensive use of ICT at

different levels: international, national and

institutional. Furthermore, it is imperative that the

information exchange between social security

institutions is carried out in a secure and coordinated

manner. While each institution has their own

information processing systems and business

procedures, the interoperability mechanisms play a

key role to interconnect them in order the

international agreements.

This paper addresses the involved issues,

particularly the interoperability ones, and proposes a

general enterprise architecture that allows the

development of interoperable systems at the interna-

tional, national and institutional levels. Through these

architecture levels, it is a matter of guiding the

designers of the computer systems in charge of

carrying out the international agreements. The

architecture levels provide a series of basic elements

that will be part of these systems but without going

into specific details related to the internal processes

to be applied. It has been presented in a general way

to make it easier to implement or adapt to the different

technologies used by social security institutions.

The main contributions of the paper are the

specification of these three architectures in

coordinated way tacking into account characteristics

of the social security area. In addition, the use of

ArchiMate has allowed to formalize the enterprise

architecture and together with EIRA, elements of

interoperability between public administrations can

be represented.

Future work would consist of more detailed

specifications, formalization and prototyping.

ACKNOWLEDGEMENTS

This research is funded by the University of Alcalá

(grant UAH19/2015). Authors also want to

acknowledge support from the Master in Software

Engineering for the Web and the TIFyC research

group.

REFERENCES

Delgado, F., Hilera, J. R., & Ruggia, R., 2013. Proposal of

a controlled vocabulary to solve semantic

interoperability problems in social security information

exchanges. Library Hi Tech, 31(4), 602-619.

Delgado F., Otón S., Ruggia R., Hilera J.R., Barchino R.,

2014. Improving Information System Interoperability in

Social Sector Through Advanced Metadata. In: José

Escalona M., Aragón G., Linger H., Lang M., Barry C.,

Schneider C. (eds) Information System Development.

Springer, Cham.

European Commission, 2009. Supporting the European

Interoperability: Strategy Elaboration. https://joinup.

ec.europa.eu/community/epractice/document/eu-

supporting-european-interoperability-strategy-eis-

elaboration-prelim, last accessed 2017/10/01.

European Commission, 2017. European Interoperability

Framework (EIF) - Implementation Strategy. https://ec.

europa.eu/isa2/eif_en, last accessed 2017/10/01.

European Commission, 2017. European Interoperability

Reference Architecture (EIRA). http://joinup.ec.europa.

eu/asset/eia/description, last accessed 2017/06/01.

Hirose, Kenich, Milos Nikac, & Edward Tamagno, 2011.

Social security for migrant workers: a rights-based

approach. International Labour Organization, Decent

Work Technical Support Team and Country Office for

Central and Eastern Europe. ILO, Budapest. ISBN:

9789221255208; 9789221255215.

ILO - R167, 1983. Maintenance of Social Security Rights

Recommendation, (No. 167). http://www.ilo.org/dyn/

normlex/en/f?p=NORMLEXPUB:12100:0::NO::P121

00_INSTRUMENT_ID:312505, last accessed

2017/10/01.

ISSA (International Social Security Association), 2016.

ISSA Guidelines on Information and Communication

Technology. ISBN 978-92-843-1201-6. ISSA, Geneva.

Janowski, T, Pardo, T.A., Davies, J., 2012. Government

Information Networks – Mapping Governance cases

through Public Administration concepts. Government

Information Quarterly, 29, S1-S10.

The Open Group. The ArchiMate Enterprise Architecture

Modeling Language. http://www.opengroup.org/

subjectareas/enterprise/archimate-overview, last

accessed 2017/10/01.

ICEIS 2018 - 20th International Conference on Enterprise Information Systems

664