QA may madden Maude

The 2011 Government ICT strategy preaches standards.   Tick box = Good.  People who bore for standards preach, ‘to do it properly you must define the standard and check later that the standard has been followed’.  This blog compares the strategy against a standard (standard with a small ‘s’) – in this case against the same set that was used to review the SOCITM ICT Strategy, released in draft last month.

The target for all public sector ICT is established in the introduction:

“6. Information and communications technology (ICT) is critical for the effective operation of government and the delivery of the services it provides to citizens and businesses. It offers key benefits by enabling:

  • access to online transactional services, which makes life simpler and more convenient for citizens and businesses; and
  • channels to collaborate and share information with citizens and business, which in turn enable the innovation of new online tools and services.”

Everybody must agree with this, and observe that sharing information across multiple agency boundaries is critical for citizens, businesses and agencies.  It has led to much discussion about shared infrastructure, shared services and the benefits this will bring.  Fortunately, we can use a standard for quality assuring the Strategy and highlighting any gaps that need to be addressed.  It has nine dimensions for assessing multi-agency information sharing partnerships.

  • Business Scope and Plans
  • Governance
  • Legal Issues, Policies, Rights and Responsibilities
  • Information Sharing
  • Identity Management
  • Federation
  • Transactions, Events and Messages
  • Infrastructure
  • Sustainability

Overall these can be summarised into Process, Governance and Technology – the Quarkside mantra.  A quick traffic light assessment against the standard dimensions is as follows:

  • Business Scope and Plans: Amber

The reasons are good and there is an aggressive, but risky timeplan.  Dependence on on word ‘Agile’, is a recipe for systemic obscuring of progress.  It provides opportunities for hiding problems that only emerge when the end-users in multiple location are expected to change time-honoured processes, and new systems are not interoperable with old systems.  The needs of 450 local authorities must not be ignored.

  • Governance:  Amber

A structure has been developed, but it omits the input of local delivery agencies, such as local authorities.

  • Legal Issues, Policies, Rights and Responsibilities: Amber

Apart from the Policy, other issues are not raised

  • Information Sharing: Amber

Use of open standards and APIs will help at a programmatic level, but additional useful services, such as Master Data Management and systems interoperability standards are not mentioned.

  • Identity Management:  Red

Avoidance of a cross public sector strategy for citizen, employee and agent identity management risks complete failure of the strategy and policy objectives will not be met.

  • Federation: Red

Federated trust by all involved agencies is vital for both accuracy and efficiency.  Nowhere is this mentioned or implied.

  • Transactions, Events and Messages:  Green

Operational systems usually find technical solution for inter-system data transfers.  The use of Web services on the Cloud should help.  Channel issues are addressed

  • Infrastructure:  Greenish

The overwhelming weight of the document is technology and infrastructure, there are eleven actions planned.  However, one suspects that the thought process has ignored local government and external agencies in the calculations.  Are local authorities expected to reduce ICT costs by 35%?

  • Sustainability:  Red

The standard means to ability to sustain a shared service for operation over many years, not reducing carbon usage.  Most shared services fail because of the inability to agree funding for operations, and all the development investment is wasted.  Central Government must agree a sustainable funding model at the very beginning of every information sharing project.  The Cabinet Office should feel responsible for the whole of the public sector, not just central government departments and agencies.

So how do you react to 3 Reds, 4 Ambers and 2 Greens?  It is low on Process and Governance and higher on Technology.  Quarkside thinks it is good enough for a first draft to get the ball rolling.  But if Francis Maude thinks this document is going to deliver all his policy objectives, then I fear that he, or his successor, is set for a big disappointment and some explaining to do.



Agile: Challenge for Universal Credits

Filed under: Governance,Risk,Strategy — lenand @ 11:28 pm
Tags: , , , ,

The PASC MPs were earballed by DWP about how Agile development would  guarantee that the Universal Credit (UC) system will deliver all that is needed within two years, without a fiasco.  This was shortly after Martin Ferguson (SOCITM) challenged the UC change process, which has not brought in the skills and experience of local authorities.  The inquisitors did not follow up this challenge and seemed to swallow the promise of technology without really understanding why agile is different.

Twelve principles underlie the Agile Manifesto:

  1. Customer satisfaction by rapid delivery of useful software
  2. Welcome changing requirements, even late in development
  3. Working software is delivered frequently (weeks rather than months)
  4. Working software is the principal measure of progress
  5. Sustainable development, able to maintain a constant pace
  6. Close, daily co-operation between business people and developers
  7. Face-to-face conversation is the best form of communication (co-location)
  8. Projects are built around motivated individuals, who should be trusted
  9. Continuous attention to technical excellence and good design
  10. Simplicity
  11. Self-organizing teams
  12. Regular adaptation to changing circumstances

It’s a superficially attractive philosophy, but endorsement by the Institute for Government would not convince many CTOs.  What is more relevant is advice from BT, who have had some success with Agile devekopment:

“To be truly effective, the agile approach needs to reach right across the business, not just the IT organisation. You might expect that the business would be excited at the prospect of having regular deliveries of valuable functionality. However, the business also needs to move away from traditional waterfall practices and change how it engages with the IT organisation.”

Knowing what we know about the risk aversion of public sector – the reliance on Agile may be ill-founded.  Many of the twelve principles run counter to decades of bureaucratic behaviour.


Shared Services says SOCITM Strategy

Filed under: Governance,Strategy — lenand @ 9:17 pm
Tags: , , , , ,

Top marks to SOCITM for developing an open consultation on an ICT strategy for local government.  “Routemap for Local Public Services reform – enabled by ICT“.  As the President of SOCITM confirmed “We have never actually had a strategy and action plan for IT-enabled local public services, let alone one conceived for a citizen-driven public sector.”  So it is long overdue and should help beleagured ICT Managers (aka CIOs) to squeeze out more from less.

The five year Vision is straightforward:

  • “pan-local/pan-public-sector” ICT provision , encompassing strategy, architecture and commissioning, to drive efficiency and reform of public services, according to the needs and preferences of people in the diverse places that make up the UK.
  • ICT footprint in terms of people, technology, process and costs to be reduced substantially from today’s level.

The way to achieve it is through sharing, re-design and innovation.  Note that Sharing must come first to achieve the economies of scale and buying power.  Sharing is dependent on partnerships and there’s already been a lot of investment in how to form, implement and sustain multi-agency, information sharing partnerships.  The research and test projects revealed nine dimensions that have to considered for successful partnerships.

  • Business Scope
  • Governance
  • Legal Issues
  • Information sharing
  • Identity Management
  • Federation
  • Transactions, Events, Messages
  • Infrastructure
  • Sustainability

The SOCITM Strategy covers most of the dimensions, but there’s one glaring omission; Identity Management.  All shared service systems WILL FAIL if identity management methods are not applied to both staff and citizens.  Both need federating across the public sector infrastructure. Identity Management cannot be tagged on at the end of a project – look how ContactPoint suffered.

Within the Governance dimension lies funding.  Believe it or not, the inability of partners to agree a funding structure is the primary reason for the failure of partnerships.  The funding formula for shared services should be agreed on Day 1.  This a CEO and CFO role, not the responsibility of the CIO.

The benefit of drafts for consultation is that improvements can be made, and there are over 400 local authorities that can contribute their knowledge and experience.




ICT Skills Shortage. Mulligatawny Message.

Jos Creese’s blog Public Service Reform and IT exposes the problem faced by non-central government:

… the opportunities are significant to use existing local IT investment, infrastructure and skills to help reduce the impact on the public of contraction across the wider public sector.

There are, in my view, huge opportunities for local public services to work together. Too often in the past, government policy has focussed on national join-up (for example the NHS, Police, etc), but this has not delivered sufficient pace at an acceptable cost. We do need national policy and vision, but we also need local implementation.

The problem lies in the skills deficit, particularly for small districts in our feudal two tier system of local government.  How can hard-pressed ICT managers (CIOs may not exist there) be expected to implement TOGAF, OpenID and EAS in a structured approach to enterprise architecture?  How will they cope with Open Source procurements for eID and Individual Voter Registration?

Just watch the space if you want to see evidence of massive duplication of effort.  ICT strategic planning and enterprise architecture skills are spread too thinly for optimum efficiency.  It’s close to a recipe for Mulligatawny Soup.

Jos is right though, the smaller agencies authorities need to work together locally, in partnerships, where they can share a bowl of scarce skills.


PASC 11: Plea for Information Governance leadership

Filed under: Governance,Policy,Politics,Privacy,Security,Standards — lenand @ 7:31 pm
Tags: , ,

The eleventh of the Public Administration Select Committee (PASC) 12 questions, asks:

11. How appropriate is the Government’s existing approach to information security, information assurance and privacy?

The question is limited to a small part of the much more comprehensive field of Information Governance. But taking them in turn:

  • Information Security: Developing federated identity management is critical to future efficiency.  Trust between all departments, agencies and local authorities should be high on the agenda. The model that links authentication, credentials, authorisation and consent is incomplete. Isolated departmental strategies should be coordinated and leadership demonstrated to synchronise disparate initiatives.
  • Information Assurance: SOCITM has a good route for assessing and promoting Information Assurance in local government. See .
  • Privacy: has many pressure groups that will no doubt respond with their own reasons.

The main point, and it can be applied throughout all the PASC questions, is that Information Governance is much wider than just Security, Assurance and Privacy. The Government’s existing approach is too narrow and needs to be broadened into a policy framework that leaves no holes. Eurim attempted this approach. The Information Governance group looked at Basic Principles. This holistic approach to broad information governance can be summarised in one sentence:

“Information Governance is the setting of objectives to achieve measurable outcomes by people using information assets in a life cycle process that considers both risk and time constraints.”

Information Governance standards could be, and should be, developed by the Government CIO. Then there will be a baseline for quality assurance at all operational levels of public service.


PASC 4: Deceptive Benchmarks

Filed under: Assets,Governance,Objectives — lenand @ 8:57 am
Tags: , , , , ,

The fourth of the Public Administration Select Committee (PASC) 12 questions, asks:

4. How well is IT used in the design, delivery and improvement of public services?

IT has added value in many public services. “How well?” implies some form of performance measurement from a baseline. Most KPIs are just benchmarks against similar types of local government organisation eg those produced annually by SOCITM . These are useful figures for IT departments, but do not show a comparison with other parts of the public sector or the private sector.  Nor do they factor in any component relating to the perceived value of a service.

The ability to compare with universal best practice depends on a level of maturity that is not generally present in the public sector. See “Valuing Information as an Asset”  as an introduction to what can be achieved. There are some good public sector examples – but adoption of the techniques is not widespread. As the authors, Chris Higson and Dave Waltho, point out, it is a matter of leadership:

“As the business lead for value identification and maximisation, CFOs should take the lead role in promoting, managing and accounting for information assets. CIOs should encourage this process, because it will forge closer links with the wider business and change the perception of IT from that of a cost centre or utility to a strategic enabler.”

Evidence of quality across the UK public sector is bound to be mixed. There will be good and bad examples in every organisation. Post implementation reviews, one year after implementation, would be the best source of evidence – but almost as rare as hen’s teeth.


GB SIF supplier shines in US Cloud

Filed under: Education,Standards,Strategy,Technology — lenand @ 7:09 pm
Tags: , , ,

The US of A now offers hosted systems interoperability services via SIF.  It is interesting that a British based group is leading the way, Pearson.  They acquired one of the leading suppliers of the interoperability hub (in this world of acronymic jargon it is also called a Zone Integration Server, or a ZIS). Pearson must think that there is an economically attractive future for SIF, even though it is based on open standards. Brands like Prentice Hall, Longman, Addison Wesley, the Financial Times Group and the Penguin Group do not grow without a high level of corporate commitment.

Pearson also must believe in the GCloud strategy of the UK coalition government.  In the US they offer a choice from two hosted service options to districts (closest to UK local authorities, but not exactly equivalent).  This allow districts and schools to customize their SIF requirements while Pearson hosts it.  Isn’t this what we are trying to achieve to minimise costs? Whilst I can’t speak for SOCITM, this approach is in line with their published policy.

One of the benefits of hosted solutions is that trials and pilots can be used to help in assessing requirements with a minimum commitment of future funds.  The time can be used to build up a benefits case and demonstrate the areas of saving achievable. Even in the long term, hosted solutions are likely to prove to be most economical, with many schools, local authorities, other agencies and DfE sharing the cost of a SIF infrastructure.

Such innovative suppliers should get moral support from DfE, not risk having their business throttled.


Cabinet Office Conceals Concepts

Filed under: Governance,Local Government,Strategy — lenand @ 7:54 pm
Tags: , ,

Where is open government leading us?  Methinks, not where where open-minded people are welcome.  Tony Collins alerted us to a ban on officials at the Cabinet Office giving talks on matters relating to Government IT.   Andrew Tait (Deputy Director Data Centre Strategy, G-Cloud and Apps Store at the Office of the Government CIO, Cabinet Office) has been asked to stop further disclosures of policy.  Well at least to Pitcom, the Parliamentary IT Committee – hardly neo-terrorists.  Would he have said more than one of his quotes at the SOCITM Conference, as a strong message to local government?

“We will have to have tough talks with chief executives. They are not going to be able to have bespoke systems – they will have to live with 80%-90% of functionality they want at 20% of cost, and we are going to have to adapt our business processes to fit the software that all our peers are using.”

This is really cage rattling stuff.  Just “not British” and no wonder he has been gagged for telling it how it ought to be.  SOCITM Policy is to encourage these sorts of thoughts.  I suppose Pitcom are too close to Politicians.  It is rumoured that civil servants are not supposed to utter opinions to MPs without ministerial approval.  Is this true?

It sounds as though Andrew has some good concepts in mind; GCloud and App Store.  Will they ever emerge from the Cabinet Office cocoon?  They had some good ideas four years ago; do you remember the “Enterprise Architecture for UK Government“.  Has anybody seen the output, how much money was spent?

I don’t actually want to know the answer, because I had no faith in the techniques they adopted.  What concerns me is that the same obfuscating processes are still in place.  Will innovation will be incapacitated by a lethal combination of dithering and despotic decisions?


Poverty prohibits £100 bn progress

Is old news important?  Yes, when we should be thinking about how the  Treasury says it can save £100bn by ending duplication of local services – as reported in the Independent.  It started a thread in the Kingston University Public Sector IMKS Forum, Linked in.  Stuart Mitchenall,  Head of Business Support Services at Tandridge District Council, made these points:

  • Local Governments transactions with the Public remain hugely less expensive than Central Government.
  • Central Government is likely to focus on the Civil Service and national systems, not locally centralised systems.
  • A solution is one data governance regime for personal data (as per the DPA) with individual details of a citizen.  This would allow purchase of common systems across local authorities – and lower costs.
  • Unfortunately this is not in the commercial interests of local government suppliers.  Almost without exception, suppliers see input data as part of their systems. They also claim outputs as theirs (try using an unsupported print rationalisation utility).

Stuart believes that the answer lies in adopting a different commercial model and abstracting a data model for management. He recognises it as “a big problem, with no simple resolution. Professional campaigning for abstraction of data is clouded in discussions about silos and system ownership, which are symptoms of the problem. Achieving data abstracted, and creating systems which truly allow interchangeability of commercial solutions, will drive costs down hugely. It will also cause the collapse of the current pyramids the suppliers have built and move us to the apps environment that the Gov ICT Strategy claims can happen (when it won’t).” How do voices like this get a hearing?  District Councils are at the bottom of the funding chain, but are in the best position to see huge inefficiencies in the system. The ideas for innovation are there – but no obvious means of execution.  Small, local partnerships are not the answer; some consolidated thinking is needed.  I am bound to say that leadership should come from SOCITM, but there aren’t the resources to initiate a programme, let alone deliver it.


Cyber security slaughter

Filed under: Local Government,Policy,Security,Technology — lenand @ 8:41 am
Tags: ,

The launch of “Security by Design, not Security by Afterthought” was educational for me.  One of the speakers gave an example where security by afterthought delayed a project by 12 months and doubled the cost.  It wasn’t just the pre-prepared speeches, it was the surrounding chatter – which had better remain anonymous.

  • CLAS consultants themselves recognise the problem of differing opinions.  There may be need for specialists.
  • All PCs incorporate a hardware security chip to be certified by Wintel.  It’s just that nobody seems to activate it.  A open door for conspiracy theorists.
  • Cyber warfare isn’t the sole prerogative of the baddies.  Obviously deniable.

There was a plea for spreading the message around government circles.  Yet, again, there was no attempt in the speeches, nor the document about bringing local government into the fold.  Perhaps selling stuff into local government is just too hard.  Apart from that gripe, the full document is stuffed with good advice and guidance.  Here are three examples:

  • consumer surveys indicate that nearly half the public now depends on their broadband connection, more expect to be victims of online crime than of theft from their home or car.
  • offer informed choice between “cheap and cheerful” and “secure and reliable” products and services.
  • in the absence of shared identity management systems, the need to authenticate each and every time for each of the thousands of services, leads rapidly to a complexity that is antithetical to the intended good practice of access control and authentication. This has been one of the compelling reasons for federated identity systems.

Eurim recognises that MPs are short of time, and the one-pager stress top-down leadership, common terminology and “Policies must be linked to processes for turning principles into practice”.  The MPs present certainly appreciate this approach to spreading technical information this way.

There was lots of food for thought, and I departed resolving to promote the messages through the SOCITM network.   This should bring in other organisations, such as local government, the voluntary sector, fire and rescue, who also need to understand the importance of design and procurement with security as a primary requirement.

« Previous Page

Create a free website or blog at WordPress.com.