Government Compliancy in the IT Sector

Compliance is paramount to government IT installations; Max Cooter explains why.

Despite the reputation for easy money, selling to government is not necessarily an easy task. There are several hoops to jump through, with some strict guidelines laid down political, financial and technical as public sector bodies strive to show value for money.

It's hasn't always been the case, though. Liam Maxwell, the government chief technology officer and the Cabinet Office's fixer-in-chief, is fond of talking about the lack of clarity in government contracts, expressing his exasperation at the impossibility of keeping track of government hosting costs. There's been a long history of inappropriate long-term contracts, many of which have made for provocative newspaper headlines.

It's because of this that ICT deals are under scrutiny as never before. In the last year, there's been a furore over the Birmingham City Council contract with Capita, a deal that has costed the council's website at 2m and has forced the council to reveal details of the contract. The brouhaha has demonstrated how unlikely it is that public sector deals can be shuffled to the sidelines. Birmingham has been left struggling to justify its heavy expenditure and already we're seeing how deals are going to be scrutinised ever more carefully.

Compliance with public sector procurement cuts several ways and is not always related to technology. For a start, the Bribery Act came into effect in 2011. While this was aimed at cutting out payments to officials, there are also clear guidelines set on what hospitality can be offered to managers within the public sector.

Advertisement - Article continues below
Advertisement - Article continues below

While no-one is pretending that there was any degree of corruption within the civil service but its very existence is an indication of how wary government departments have to be when it comes to IT contracts. There's been a regrettable history of ill-advised IT projects and governments are now taking greater steps to ensure that government contracts are more rigorous.

Part of the process adopted by the government is the production of the so-called Green Book; a set of guidelines aimed at public sector employees. Procedures were very much tightened after the financial crash of 2008 and greatly accelerated when the coalition came to power in 2010. What the process means is that every spending decision has to be justified thoroughly with precise and accurate details of how the expenditure has been costed. As the guidelines state:  "It is vital that capital spending decisions are taken on the basis of highly competent professionally developed spending proposals. This Treasury guidance which has been refined and tested over many years provides a clear framework for thinking about spending proposals and a  structured process for appraising, developing and planning to deliver best  public value."

To that end, the government has been looking at several ways to make public sector IT more efficient: there are three areas that the government has been concentrating on:  networking, security and through the provision of cloud computing.

The improvements in networking have been facilitated by the introduction of the Public Services Network (PSN), an initiative that has been designed to substantially reduce the cost of communication services across UK government, replacing the existing hotch-potch of networks.

The concept of PSN is the development of one logical network available to all local authorities. It will greatly improve the way that organisations can communicate with each other so they can find ways to share services and co-operate more effectively. In particular, it will allow local authorities to communicate with bodies outside their geographic area getting more up-to-date data and perhaps even more importantly, improving communication with citizens.

Obviously, one of the major changes to come into effect in the past few years has been the emergence of the G Cloud initiative, a way for government departments to buy cloud services. But while this has been designed to make life as easy as possible for public sector bodies, there's been a huge amount of confusion as to whether opting for cloud in this way is infringing departmental responsibilities on tendering practice.

Advertisement - Article continues below

Part of the problem here is that the government has been reluctant to give any recommendation as to the suitability of products.  Bodies don't know whether the products they're buying are suitable as there's no equivalent of a kitemark; i.e. something that's akin to a recommendation. There are still concerns from some local authorities that cloud is somehow illegal and there's a requirement to go through a tender process. It's clearly an area where there's a requirement for a good deal of guidance.

The other concern is with security.  The government has recently overhauled its security classification to streamline the way that security has been handled, improving the old system of classifications.

One of the concerns faced by the public sector is the issue of confidentiality. By definition, there is a lot of personal data held by public bodies tax returns, medical records, child protection cases etc and there's not always the greatest level of security expertise within public sector bodies.

The government has launched its own cyber-security initiative, looking to provide guidance to bodies about how to ensure that data is secure. HP has seized the initiative here and is looking to help local authorities. Two years ago, the company launched its HP Security Operations Consulting Services initiative, which is designed to help the public sector establish its own in-house cybersecurity units, claiming that it would enable public sector organisations to improve their own security, getting the best use out of their existing set-ups. Councils are well aware of their own limitations.

Advertisement - Article continues below

The introduction of new security levels and the new public sector network have added a new dimension to public procurement.

It's a delicate balancing act: on one hand, there's the desire to be flexible and open, yet on the other, there's the requirement to keep an eye on the public purse. At the back of their minds, government CIOs are always going to be fearing the headlines when a project goes horribly wrong and their names are splattered over the papers.

Advertisement - Article continues below

One of the reasons that government bodies have played safe in the past, is this need to have their IT decisions validated. By passing the buck to the likes of outsourcing companies, the CIO can say that he or she has played safe just like the old saying that no-one gets fired for buying IBM, no-one is going to be in hot water for outsourcing to a well-respected IT provider, particularly with millions of pounds of government contracts already.

The question is whether playing safe is going to cut it any more: that drive for flexibility is going to get stronger and government departments are going to choose a partner who can help them manage that transformation more effectively.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

HP Elite Dragonfly hands-on review: A potential XPS killer

9 Oct 2019

HP EliteBook x360 830 G6 review: Above the fold

26 Sep 2019

HP Elite X2 1013 G3 review: Elite in name but not in nature

13 Aug 2019

Most Popular

data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
cyber security

If not passwords then what?

8 Jan 2020
Policy & legislation

GDPR and Brexit: How will one affect the other?

9 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020