The information commissioner has ordered the opening of
confidential files on a wide range of high-risk IT projects,
including the ID cards scheme, joined up police intelligence
systems and the NHS National Programme for IT (NPfIT).
It is the most far-reaching decision under the Freedom of
Information Act for government IT.
It is also a victory for
Computer Weekly’s campaign for the release of the results of
Gateway reviews on the progress of major IT-based projects.
MPs have complained that the first they knew of problems on
projects such as the IT to support tax credit and child support
payments was when constituents contacted them.
Our campaign has been aimed at persuading government to release
information about projects in time for MPs and others to ask
informed questions, and possibly avert a failure.
Government CIO
John Suffolk and former government CIO
Ian Watmore backed the publication of the results of Gateway
reviews, as has the Public Accounts Committee.
Gateway reviews are mini-audits at critical stages in projects.
The reports in question gave a red, amber or green status at each
stage to help the project’s senior responsible owner decide whether
to move to the next phase.
The government’s policy on Gateway reviews is to keep them
confidential.
All copies of a review are shredded, with the supporting
material, to ensure only two reports remain – one for the
Treasury’s Office of Government Commerce (OGC) and the other for
the project’s senior responsible owner.
As the owner of the Gateway review scheme, the OGC had only ever
published two initial reports on the ID cards scheme, and then
after a three-year legal battle which involved a hearing at the
High Court.
Now Richard Thomas, the information commissioner, has ordered the
release of the results and recommendations of 23 Gateway reviews,
including some on projects that the government says are in a “state
of ongoing policy development”.
The results of the reviews would give an insight into the
problems, challenges and progress on the government’s most
important IT-based projects, and would allow checks to be made on
the completeness of ministerial statements and assurances on the
feasibility of the schemes.
Computer Weekly had asked the OGC for the results of all Gateway
reviews on IT-related projects at the Home Office, Department for
Work and Pensions and Department of Health.
The reviews cover NHS Connecting for Health’s e-booking system,
the NPfIT Care Records Service, ID cards, the single non-emergency
number and the Bichard implementation programme to join up police
IT.
The OGC twice rejected our request, so we appealed to the
information commissioner. In a 17-page ruling on 10 June 2009,
Thomas found that the public interest in disclosure was greater
than the need for continued confidentiality.
Thomas said he was mindful of the OGC’s argument that disclosure
would make future prospective interviewees less willing to
participate in the Gateway process, or less candid or frank with
their comments.
But he was “not persuaded by this argument” because interviewees
should meet the “high standards of professionalism that their
positions demand”. It is up to organisations to ensure that
interviewees give the quality of advice expected of them.
As Computer Weekly went to press the Department of Health
decided to take the initiative by publishing 31 Gateway reviews on
the NPfIT. But the OGC has not announced whether it will release
the Gateway reviews we requested on projects at the Home Office and
the DWP.
In ruling that the OGC should release all of the reviews we had
requested, the commissioner said, “The [projects discussed in]
these reports will have a significant impact on the lives of
individuals and their relationship with the state. The commissioner
considers that this in itself presents a very strong argument in
favour of disclosure.
“The public should therefore be kept informed… as to how the
programmes are progressing and what impact any of the projects will
have on them.”
He added, “Disclosure is likely to enhance public debate of issues
such as various projects’ feasibility and how they are being
managed.”
In this last point, Thomas has explained one of the main reasons
for Computer Weekly’s campaign.
Office of Government Commerce’s key arguments against
publishing the results of Gateway reviews:
- It would prevent policy formulation or development taking place
in the self-contained space needed to ensure it was done well.
- It would make policy development less effective because
departments’ attention would be focused on obtaining a “green
light”.
- It would cause reports to become bland and anodyne, defeating
their purpose.
- It would make interviewees, senior responsible owners and the
private sector less willing to participate in reviews or co-operate
with interviewers.
- It would cause delays in the completion of reports as words and
phrases would be argued over.
- It is unnecessary. The public interest is already met by the
information about the programme in the public domain combined with
parliamentary scrutiny.
- It is unnecessary. The public interest is already met by the
information about the programme in the public domain combined with
parliamentary scrutiny.
Information commissioner’s key arguments for publishing
the results of Gateway reviews:
- It would allow the public a better understanding of the
development of the programmes which are the subject of Gateway
reviews.
- It would allow project risks and concerns to be
identified.
- It would not damage the Gateway process in the way the OGC has
suggested.
- The public scrutiny of projects by the National Audit Office
and Public Accounts Committee involve largely historical and
retrospective analyses. Gateway reviews “would provide a level of
public scrutiny of current projects”.
- It would inform the debate as to the merits of the schemes, the
practicalities involved and the feasibility.
- It would ensure that “schemes as complex as these are properly
scrutinised and implemented”.
- It is unrealistic to imagine that civil servants will not
participate if reviews are to be published. In accordance with the
Civil Service Code, “civil servants must fulfil their duties and
obligations responsibly.”
Something must be done to break cycle of IT failure - Computer
Weekly’s article in The Times >>