Government Compliancy in the IT Sector
Compliance is paramount to government IT installations; Max Cooter explains why.
Despite the reputation for easy money, selling to government is not necessarily an easy task. There are several hoops to jump through, with some strict guidelines laid down political, financial and technical as public sector bodies strive to show value for money.
It's hasn't always been the case, though. Liam Maxwell, the government chief technology officer and the Cabinet Office's fixer-in-chief, is fond of talking about the lack of clarity in government contracts, expressing his exasperation at the impossibility of keeping track of government hosting costs. There's been a long history of inappropriate long-term contracts, many of which have made for provocative newspaper headlines.
It's because of this that ICT deals are under scrutiny as never before. In the last year, there's been a furore over the Birmingham City Council contract with Capita, a deal that has costed the council's website at 2m and has forced the council to reveal details of the contract. The brouhaha has demonstrated how unlikely it is that public sector deals can be shuffled to the sidelines. Birmingham has been left struggling to justify its heavy expenditure and already we're seeing how deals are going to be scrutinised ever more carefully.
Compliance with public sector procurement cuts several ways and is not always related to technology. For a start, the Bribery Act came into effect in 2011. While this was aimed at cutting out payments to officials, there are also clear guidelines set on what hospitality can be offered to managers within the public sector.
While no-one is pretending that there was any degree of corruption within the civil service but its very existence is an indication of how wary government departments have to be when it comes to IT contracts. There's been a regrettable history of ill-advised IT projects and governments are now taking greater steps to ensure that government contracts are more rigorous.
Part of the process adopted by the government is the production of the so-called Green Book; a set of guidelines aimed at public sector employees. Procedures were very much tightened after the financial crash of 2008 and greatly accelerated when the coalition came to power in 2010. What the process means is that every spending decision has to be justified thoroughly with precise and accurate details of how the expenditure has been costed. As the guidelines state: "It is vital that capital spending decisions are taken on the basis of highly competent professionally developed spending proposals. This Treasury guidance which has been refined and tested over many years provides a clear framework for thinking about spending proposals and a structured process for appraising, developing and planning to deliver best public value."
To that end, the government has been looking at several ways to make public sector IT more efficient: there are three areas that the government has been concentrating on: networking, security and through the provision of cloud computing.
The improvements in networking have been facilitated by the introduction of the Public Services Network (PSN), an initiative that has been designed to substantially reduce the cost of communication services across UK government, replacing the existing hotch-potch of networks.
The concept of PSN is the development of one logical network available to all local authorities. It will greatly improve the way that organisations can communicate with each other so they can find ways to share services and co-operate more effectively. In particular, it will allow local authorities to communicate with bodies outside their geographic area getting more up-to-date data and perhaps even more importantly, improving communication with citizens.
Obviously, one of the major changes to come into effect in the past few years has been the emergence of the G Cloud initiative, a way for government departments to buy cloud services. But while this has been designed to make life as easy as possible for public sector bodies, there's been a huge amount of confusion as to whether opting for cloud in this way is infringing departmental responsibilities on tendering practice.
Part of the problem here is that the government has been reluctant to give any recommendation as to the suitability of products. Bodies don't know whether the products they're buying are suitable as there's no equivalent of a kitemark; i.e. something that's akin to a recommendation. There are still concerns from some local authorities that cloud is somehow illegal and there's a requirement to go through a tender process. It's clearly an area where there's a requirement for a good deal of guidance.
The other concern is with security. The government has recently overhauled its security classification to streamline the way that security has been handled, improving the old system of classifications.
One of the concerns faced by the public sector is the issue of confidentiality. By definition, there is a lot of personal data held by public bodies tax returns, medical records, child protection cases etc and there's not always the greatest level of security expertise within public sector bodies.
The government has launched its own cyber-security initiative, looking to provide guidance to bodies about how to ensure that data is secure. HP has seized the initiative here and is looking to help local authorities. Two years ago, the company launched its HP Security Operations Consulting Services initiative, which is designed to help the public sector establish its own in-house cybersecurity units, claiming that it would enable public sector organisations to improve their own security, getting the best use out of their existing set-ups. Councils are well aware of their own limitations.
The introduction of new security levels and the new public sector network have added a new dimension to public procurement.
It's a delicate balancing act: on one hand, there's the desire to be flexible and open, yet on the other, there's the requirement to keep an eye on the public purse. At the back of their minds, government CIOs are always going to be fearing the headlines when a project goes horribly wrong and their names are splattered over the papers.
One of the reasons that government bodies have played safe in the past, is this need to have their IT decisions validated. By passing the buck to the likes of outsourcing companies, the CIO can say that he or she has played safe just like the old saying that no-one gets fired for buying IBM, no-one is going to be in hot water for outsourcing to a well-respected IT provider, particularly with millions of pounds of government contracts already.
The question is whether playing safe is going to cut it any more: that drive for flexibility is going to get stronger and government departments are going to choose a partner who can help them manage that transformation more effectively.
The essential guide to cloud-based backup and disaster recovery
Support business continuity by building a holistic emergency planDownload now
Trends in modern data protection
A comprehensive view of the data protection landscapeDownload now
How do vulnerabilities get into software?
90% of security incidents result from exploits against defects in softwareDownload now
Delivering the future of work - now
The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.Download now