National Audit Office finds UK government IT merger delayed national security vetting

As a result of IT failings, it took 15 months for the formation of the UKSV

London Thames

The National Audit Office (NAO) has revealed that an IT upgrade stalled national security vetting and is still costing the government significant money because the system is so inefficient.

The NAO looked into how the government was running security checks after it received numerous complaints from people using the government's UK Security Vetting (UKSV) following the merger of the Defence Business Services National Security Vetting (DBS) and Foreign & Commonwealth Services National Security Vetting (FCOS) - the two bodies previously responsible for checking the security credentials of individuals.

Following the merger of the two organisations, work was still split between the public sector services and the confusion meant checks were delayed. 

This was made worse by the introduction of the National Security Vetting Solution (NSVS), which was not ready to be launched when it did. In fact, the programme board responsible for making decisions around the merger warned that the launch shouldn't go ahead, describing it as "under-resourced, under-planned and underfunded."

The original plan was to launch the new systems on the two separate platforms before the organisations merged. The DBS deployed the system first, in October 2016 and, at that time between 10 and 13 of its essential functions didn't work as they should. 

Advertisement
Advertisement - Article continues below

"In October 2016, DBS upgraded to NSVS at a cost of 14 million. In the first week following the implementation of the IT upgrade, 10 out of 13 of NSVS's essential functions were having consistent or sporadic issues, some of which were having a major impact on UKSV's normal operations. In its first four weeks, NSVS failed to store information and run automated checks correctly. At one point, 8,500 files containing personal data attached to cases were unreadable when accessed. Most of these files were recovered, of which 3,400 had to be manually reattached to their respective cases. In addition, 93% of automated checks against the police national computer failed," the NAO report stated. 

It continued: "As a consequence of NSVS failures, officials had to re-process failed security checks manually, reload files, recover data, and conduct additional assurance checks. Between July and September 2016, DBS completed an average of 516 cases per day. DBS had planned a two-week IT outage, which ended in October 2016, while it implemented NSVS. Taking this into account, the number of cases DBS completed dropped 39% to an average of 313 cases per day between October and December. DBS returned to its pre-NSVS rate of cases completed in January 2017. By this time, the number of cases waiting to be completed had increased from around 17,600 in September 2016 to almost 22,000 (a 25% increase)."

This meant that checks couldn't be fulfilled by DBS because it had software that didn't work, as well as resulting in the two organisations becoming even further fragmented than they previously were. As such, they weren't able to switch to the unified UKSV until 15 months after they were supposed to.

The problems are still continuing and now the cabinet has started developing an alternative solution that it anticipates will launch at the beginning of 2020. This hiccup led to higher operating overheads than the DBS and FCOS cost as separate entities, as the government had to invest in extra staff.

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019