National Audit Office finds UK government IT merger delayed national security vetting

As a result of IT failings, it took 15 months for the formation of the UKSV

London Thames

The National Audit Office (NAO) has revealed that an IT upgrade stalled national security vetting and is still costing the government significant money because the system is so inefficient.

The NAO looked into how the government was running security checks after it received numerous complaints from people using the government's UK Security Vetting (UKSV) following the merger of the Defence Business Services National Security Vetting (DBS) and Foreign & Commonwealth Services National Security Vetting (FCOS) - the two bodies previously responsible for checking the security credentials of individuals.

Following the merger of the two organisations, work was still split between the public sector services and the confusion meant checks were delayed. 

This was made worse by the introduction of the National Security Vetting Solution (NSVS), which was not ready to be launched when it did. In fact, the programme board responsible for making decisions around the merger warned that the launch shouldn't go ahead, describing it as "under-resourced, under-planned and underfunded."

The original plan was to launch the new systems on the two separate platforms before the organisations merged. The DBS deployed the system first, in October 2016 and, at that time between 10 and 13 of its essential functions didn't work as they should. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"In October 2016, DBS upgraded to NSVS at a cost of 14 million. In the first week following the implementation of the IT upgrade, 10 out of 13 of NSVS's essential functions were having consistent or sporadic issues, some of which were having a major impact on UKSV's normal operations. In its first four weeks, NSVS failed to store information and run automated checks correctly. At one point, 8,500 files containing personal data attached to cases were unreadable when accessed. Most of these files were recovered, of which 3,400 had to be manually reattached to their respective cases. In addition, 93% of automated checks against the police national computer failed," the NAO report stated. 

It continued: "As a consequence of NSVS failures, officials had to re-process failed security checks manually, reload files, recover data, and conduct additional assurance checks. Between July and September 2016, DBS completed an average of 516 cases per day. DBS had planned a two-week IT outage, which ended in October 2016, while it implemented NSVS. Taking this into account, the number of cases DBS completed dropped 39% to an average of 313 cases per day between October and December. DBS returned to its pre-NSVS rate of cases completed in January 2017. By this time, the number of cases waiting to be completed had increased from around 17,600 in September 2016 to almost 22,000 (a 25% increase)."

This meant that checks couldn't be fulfilled by DBS because it had software that didn't work, as well as resulting in the two organisations becoming even further fragmented than they previously were. As such, they weren't able to switch to the unified UKSV until 15 months after they were supposed to.

The problems are still continuing and now the cabinet has started developing an alternative solution that it anticipates will launch at the beginning of 2020. This hiccup led to higher operating overheads than the DBS and FCOS cost as separate entities, as the government had to invest in extra staff.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/security/cyber-security/354468/if-not-passwords-then-what
cyber security

If not passwords then what?

8 Jan 2020
Visit/policy-legislation/31772/gdpr-and-brexit-how-will-one-affect-the-other
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020