National Audit Office finds UK government IT merger delayed national security vetting

As a result of IT failings, it took 15 months for the formation of the UKSV

London Thames

The National Audit Office (NAO) has revealed that an IT upgrade stalled national security vetting and is still costing the government significant money because the system is so inefficient.

The NAO looked into how the government was running security checks after it received numerous complaints from people using the government's UK Security Vetting (UKSV) following the merger of the Defence Business Services National Security Vetting (DBS) and Foreign & Commonwealth Services National Security Vetting (FCOS) - the two bodies previously responsible for checking the security credentials of individuals.

Following the merger of the two organisations, work was still split between the public sector services and the confusion meant checks were delayed. 

This was made worse by the introduction of the National Security Vetting Solution (NSVS), which was not ready to be launched when it did. In fact, the programme board responsible for making decisions around the merger warned that the launch shouldn't go ahead, describing it as "under-resourced, under-planned and underfunded."

The original plan was to launch the new systems on the two separate platforms before the organisations merged. The DBS deployed the system first, in October 2016 and, at that time between 10 and 13 of its essential functions didn't work as they should. 

"In October 2016, DBS upgraded to NSVS at a cost of 14 million. In the first week following the implementation of the IT upgrade, 10 out of 13 of NSVS's essential functions were having consistent or sporadic issues, some of which were having a major impact on UKSV's normal operations. In its first four weeks, NSVS failed to store information and run automated checks correctly. At one point, 8,500 files containing personal data attached to cases were unreadable when accessed. Most of these files were recovered, of which 3,400 had to be manually reattached to their respective cases. In addition, 93% of automated checks against the police national computer failed," the NAO report stated. 

It continued: "As a consequence of NSVS failures, officials had to re-process failed security checks manually, reload files, recover data, and conduct additional assurance checks. Between July and September 2016, DBS completed an average of 516 cases per day. DBS had planned a two-week IT outage, which ended in October 2016, while it implemented NSVS. Taking this into account, the number of cases DBS completed dropped 39% to an average of 313 cases per day between October and December. DBS returned to its pre-NSVS rate of cases completed in January 2017. By this time, the number of cases waiting to be completed had increased from around 17,600 in September 2016 to almost 22,000 (a 25% increase)."

This meant that checks couldn't be fulfilled by DBS because it had software that didn't work, as well as resulting in the two organisations becoming even further fragmented than they previously were. As such, they weren't able to switch to the unified UKSV until 15 months after they were supposed to.

The problems are still continuing and now the cabinet has started developing an alternative solution that it anticipates will launch at the beginning of 2020. This hiccup led to higher operating overheads than the DBS and FCOS cost as separate entities, as the government had to invest in extra staff.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020