It struck me that using Mosaic to identify the likely households at risk and their cultural profiles with the aim of organising leaflet drops of the right multi-language/culture material would be more likely to achieve the objectives at a fraction of the cost.The approach for reaching Bangladeshi households who have turned off the smoke alarms because of their cooking habits is rather different to that for addressing afro-caribbean single mothers on an inner city sink estate or the the poor whites in rural poverty.
And a new database is unlikely to help.
]]>I wondered how many of today's market leaders are crying crocodile tears as advice that, "if it looks too good to be true - it is", causes consumers to ignore genuine innovators who can legitimately undercut mainstream business models by 80% and more.
I then had similar thoughts about to those lamenting the heartless scams on the newly unemployed or those seeking to improve themselves - as they fall foul of mule recruitment exercises or enter their details in a fake recruitment website.
The current implosion of trust and confidence benefits market leaders and crucifies ambitious small firms seeking to use the Internet to grow.
All the more credit, therefore to those who put their money where their mouth is and help support Get Safe On-line with money and links - not just fine words.
On this note I would like to give an unaccustomed note of praise to HMRC - for the "On-Line Security" guidance on their website. You might miss it - the link is bottom right - under the picture of Moira Stewart but it is well worth a read.
Then click on HMRC Scam Examples" and enjoy reading about the tax credit e-mails that you have not yet received as well as those you have. The "How to protect yourself on-line" page is succinct and clear. Then look at their list of useful external links. My personal view is that some-one enjoyed themselves doing a really good job, filtering the wheat from the chaff, listing only those most relevant and useful to the likely readership.
One of the early tasks of the new Office of Cybersecurity should be to ensure that all Government Departments and Agencies who wish their customers to transact with them on-line provide a security guidance link on their home page that is at least as good.
And if the tribes of Whitehall and Townhall, as is their wont, resist "guidance" coming from Cabinet Office, then the Public Accounts Committee (National Audit Office), the Departmental Select Committees and the Audit Commission (for Local Government) should ask why they have not done so, of their own initiative.
]]>
At the Get Safe On-line annual conference this morning it was said that the average money-laundering "mule" makes only four payments for their new "employer" before they are picked up, held liable for refunding the payments they have made and blacklisted for credit (whether on-line or off-line).
Not only was there a better turnout at the conference than last year but the discussion was much better focussed on points of leverage.
I remain a strong fan of Get Safe On-Line and plan to blog again tomorrow on some of the other points made.
]]>
The one page summary reads as follows:
From Toxic Liability to Strategic Asset: Unlocking the Value of Information
EURIM has reviewed approaches to managing and exploiting the value of information in a six page report with links to current guidance and reference material. The key points are:
1) Treat information as a valuable asset or it will become a toxic liability.
Compared to a 'security-centric' approach, an 'asset-centric' approach to information management is more likely to succeed in both protecting against abuse and realising value. A culture that sees information as the life-blood of the organisation, alongside finance, people and property, is more likely to adopt and deploy the disciplines necessary to ensure quality and security.
2) Quality of service delivery correlates with quality of information management.
Research by the Audit Commission and the private sector shows clear linkages between good information management and improved performance. Poor management leads to inferior performance, higher costs, poor reputation and even loss of life. All reports into public sector data losses and tragedies, such as Baby P, have highlighted systemic information governance deficiencies.
3) Treating information as an asset changes visibility, approach and achievable benefits.
The process of creating Information Asset Registers and valuing their content entails involving Chief Financial Officers in scrutiny, governance and benefits assessment. This commonly leads to more efficient management and use of information, including the removal of duplication and waste. There are, however, issues regarding the supply and availability of those with the necessary information management skills.
4) Parliament should require impact assessments covering the opportunities and intentions for exploiting the creation of any new information systems or the innovative use of existing ones.
Those for new systems should include clear statements as to why these would be better and less costly than extending the scope and improving the quality, security and availability of existing systems.
5) All public sector bodies with their own systems should have Information Asset Registers.
The National Audit Office and Audit Commission should define common standards for valuation, quality and performance measurement and audit, in co-operation with professional bodies, trade associations and prospective private sector partners.
6) The Knowledge Council should develop and disseminate good practice guidance.
The Council is a neutral focus for collecting and publishing good practice in information asset management. They should coordinate contributions from the National School of Government, professional bodies, trade associations, academic institutions and suppliers.
7) EURIM should work with its members and others to help educate the new intake of MPs on the critical importance of good information governance to policy formation and public service delivery.
The EURIM Press release quotes Professor Jim Norton, who chaired the group that produced the report, as saying: "Treating information as the very valuable asset it increasingly is, provides a 'win-win' situation. It helps establish a culture where information is valued and exploited appropriately and at the same time provides the incentives for a more responsible approach to security and quality."
Dave Waltho, Head of Government Affairs, Public Sector (SAS) who, with Professor Chris Higson of London Business School produced the status report and identified the material for the micro-site, is quoted as saying "What we don't value, we don't take care of. All organisations acknowledge the importance of measuring, protecting and optimising the potential value of pounds or property, yet most do not apply the same disciplines to their information - a strategic asset of at least equal importance."
This paper addresses the second of the six threads in the Information Society Alliance programme that was launched after the Director's Round table on Information Governance almost exactly a year ago:
Security by Design: the means of reducing or removing vulnerabilities and ensuring sysems and services are fitter for purpose. This sub-group group is reviewing what will hopefully be the penultimate version of its report tomorrow
]]>
I really do believe, as I told them, that good Internet governance depends on registrars and other Internet service providers making more money from helping look after the safety and security of all of us than from cutting cost to the bone. Ideally Government should confine itself to giving them the legitimate authority (within a democratically accountable partnership policing structure) to do what is necessary to help protect us, their customers, from abuse and to ensuring that we have the knowledge and ability to boycott those who do not.
Publicity for data losses has led to a collapse of confidence that government can keep our personal information secure. In parallel we have similar headlines, from Victoria Climbie, through Ian Huntley (where the records that would have indicated his track record were deleted in murky circumstances) to Baby P, on the suffering and death that results from the failure to share information when needed. Neither millions on information assurance nor billions on centralised bases will address the cultural attitudes and amateurism regarding information management and governance that lie behind such scandals.
Meanwhile we have little or no publicity for what is done differently by those organisations that have quietly and efficiently looked after the information of millions of us for decades, without a leak. Some of them providing reliable response times and resilience that are the envy of the world.
Getting the messages of good information governance across to politicians is not easy. It will be even harder to persuade them to do nothing more than remove the well-intentioned but counter-productive regulatory barriers they have erected in the way of good practice.
How can we educate the next generation of MPs on their role in ensuring our information is available to those who need to know, when and where they need it, but is protected from abuse by those who need not or should not know your details?
How can we educate the ICT industry that trust in them and their products and services is, at best, very fragile?
They have to demonstrate that the database products and services they wish to sell to both public and private sector are fit for purpose. But even if they are indeed fit for purpose they then have to be ensure that they are used and managed by staff and officials who treat our information, and that on our families, as they do that on themselves, and theirs.
That usage and management task is an even bigger cultural shift for an industry that has ceased to regard customer education as its responsibility - while bleating that it was not their fault when the customer ...
But if the ICT industry does not once again accept that responsibility (as it did in the days of the mainframe) then, their dreams of globally networked data centres (alias cloud computing) will collapse, leaving a devolved world of used-controlled, micro-centres, with local power generation capable of surviving the periodic regional and national blackouts which any rational business is now factoring into its forward plans.
I doubt, however, that the micro-centres will be any more private - because the gossip next door (eavesdropping over your insecure domestic wireless network, as they used to do through the wall or over the fence in pre-computer days) is nearly always a bigger threat to your privacy than either Government or Google.
Hence the potential importance of the Information Society Alliance Competition: "EDUCATING YOUR MP - Everything they need to know about Information Governance but were afraid to ask". The competition working group tried to capture the basic principles of Information Governance in an animated power point presentation with speaking notes and a one page summary, plus links to the most authoritative sources. The result might have been adequate for ICT professionals who should already understand the issues, but not for human beings who do not.
The objective of the competition is to harness the presentation skills of the brightest of the current generation of multi-media students to encapsulate the complex balance that is good information governance, in three minutes of material, capable of being accessed over any mainstream browser. The judges already lined up include film and media professionals, as well as representatives from the worlds of ICT, Information Governance and politics.
The organising group is still welcoming additional sponsors who will support entries or help with publicity, prizes and judges. It also welcomes entries from "students" of all ages and backgrounds. E-mail eurim@eurim.org if you would like to join in.
]]>
The concept is simple: an art competition on the internet which is open to everyone and will be voted on by the general public; the works - which can be in any medium - then all being for sale through the website in aid of two small charities in
The paper raises profound issues regarding the quality of information used by Central and Local government for policy formation and resource allocation, let alone decisions affecting the lives, livelihoods, health, welfare and freedom of individuals.
The reasons why the base data is so bad include widespread and long-standing ignorance of the basic disciplines of information management not only across public and private sector but also among those selling "solutions" to them.
The disciplines appear to have been lost to sight sometime in the 1980s when Information Technology replaced Data Processing as the fashionable terminology and the study of sophisticated software replaced the study of people processes in the professional education of those entrants to the Information Systems industry who received any. Far too many of those who pass for "professionals" today have received only a hotch-potch of product or methodology focussed short courses and on-the-job training.
When I did my basic systems analysis training in the late 1960s we were taught to assume random errors rates of up to 10% on original data entry unless the material was entered and checked by those with a vested interest in its accuracy and with the knowledge and authority to ensure that errors were identified and corrected. We were also told to assume that it would subsequently degrade at about 10% per annum unless actively used and updated by those with the knowledge and ability to update the files.
Data collected for statistical returns or performance measurement was to be assumed to be random unless produced as a by product of an operational system. That assumption was confirmed for me when I saw how the "government returns" were actually made: usually same as last month with a random fudge factor, unless the person responsible had time on their hands and nothing better to do. I also saw the whole of one firm's exports for three years go through in one month when a colleague did indeed have time on his hands and got round to reading his job description. Despite the bluster over false returns, HMG could not resist the ability to have a headline in the papers about the balance of payments turning the corner.
When I looked at Local Authority rating systems and utility billing systems for the newly formed Regional Water Authorities in the mid 1970s I learned that the rate of change among those to be billed for the services delivered to properties ranged from under 2.5% in the leafy suburbs to over 400% (i.e. an average length of tenancy of under 3 months) in inner cities. Hence the reason for coin in the slot meters for gas and electricity for the landlord to collect. The churn today is no less - and may be even more. Hence the value and limitation of residents' registers and cards around the rst of the world. Hence also the widespread professional disbelief that any UK national identity system would be of any more value - "not even a lead standard" - and certainly not worth billions of new money.
Meanwhile there is a widespread view among Intenrt enthusiasts that if you mash-up garbage from a variety of sources and feed it through sophisticated software you get something other than digitised slurry.
Do read read the Audit Commission discussion paper carefully. Pick up on the snippets of detail. Follow up the references. Despite the problems, some health authorities, for example, have patient records that are remarkably accurate, because they are based on the data entered and validated by the clinicians who use it for patient care. Others record and report data that is actively fraudulent, manufactured to demonstrate progress against targets with little or no relation to underlying reality.
But, more commonly, staff under pressure to service a client will manufacture entries to get the system to do what is needed there and then. Thus some-one with poor english, no fixed address and no proof of indentity may be added several times over, under different names, even without any fraudulent intent.
The systems they use have been designed by people with little or no understanding of the needs of pressures at the point of service delivery, let alone the disciplines of information management. They are not fit for purpose. And there are far too many of them.
The Audit Commission have asked for comments on the discussion paper. Do respond.
The Information Society Alliance, EURIM plans to work with the Audit Commission to help take debate forward and identity consensus on how to address the problems raised.
The disciplines for Identity management date back to Ancient Sumeria (supposed roots of the notary and scrivener traditions). The transition to the electronic world began over 150 years ago (including the message authentication routines for East India Company telegraph system, without which the Indian Mutiny would have succeeded).
The tensions between the approaches of governments (to support taxation and military service and control dissent) and business (to support transactions between those who have never met) go back equally far.
There have been sporadic eruptions of extreme brutality on both sides. The botched looting of the correspondence banking systems of the Knights Templar by Philip 1V of France was the basis of the best-selling "Da Vinci Code". The revolt of the merchants and traders that annihilated the feudal hierarchy of the Duchy of Burgundy was even bloodier. Most exercises to seize banking records or destroy taxation or conscription records have been less violent.
Today we have a plethora of attempts to introduce comprehensive integrated, federated and/or inter-operable ID management systems, by a variety of players, with a variety of motivations. Few involve genuine choice or consent on the part of the "data subject": alias customer, citizen, victim, patient. "client" or "miscreant". .
Alongside the experiences of governments in trying to keep electronic track of their "subjects" (for reasons ranging from taxation and law enforcement to education, heath and welfare) there is over 25 years of private sector experience with running ID management systems in digital environments.
That experience covers many industries:
- financial services (from credit cards to correspondence banks)
- security printing (from bank-notes and bonds to embargoed reports)
- credit reference
- age cards and loyalty schemes
- payment clearing and correspondence banking
- notaries and scrivenors
- the mobile operators (from phones and messaging to payments)
- insurance (including life and healthcare)
- freight forwarding (land, sea and air: local, national and global)
and, of course,
- direct marketing: in all its forms: now including the Internet.
Central to the sustainability, not just acceptability but whether they deliver their objectives over time, of ID management systems appear to be five R's:
· Responsibility (including ownership and the duties of "agents" for the "owner"),
· Registration (including marrying biography and biometrics to electronic credentials)
· Repair (when the registration and or credentials have been compromised)
· Revocation (either full because of serious compromise or partial, e.g. moved from "good citizen" to "suspected fraudster" or "convicted criminal")
· Redress (who should bear the cost of repair and of compensating the victims in the event of compromise - whether deliberate or accidental).
Central to the Identity Governance debate that we have not yet had, despite a decade of wrangling over the value of government issued identity tokens and over philosophical questions, (such as "who owns my identity"), are five questions:
· how are the five Rs and the people processes that support them addressed (or not) by the various ID management routines already operational or proposed?
· what should be the roles of professional bodies, trade associations, politicians, regulators etc. in identifying and encouraging good practice?
· what should be the means of assessing whether the supporting technologies on offer are fit for purpose and used correctly?
· how could/should inter-operability be handled between different types of scheme (legal basis, management structure, application, ownership etc.), including internationally, across jurisdictions, not just between similar schemes using different technologies?
Structuring the Alliance Identity Governance group has not been easy because most of the willing volunteers turn out to be evangelists for specific solutions, unable to accept that they are entering a mature but evolving market. More-over many are evangelists for solutions that do not address the five R's any better than those already on the market.
But the UK has to be able to earn its way out of the current economic crisis as a globally competitive location for industries that could be located anywhere in the world. Creating governance regimes that better address business and personal needs and cause customers and consumers around the world to gravitate towards e-trading schemes policed from the UK is a key point of leverage.
Hence the priority being given to this area by the Information Society Alliance (EURIM) - despite the problems with finding those who not only understand the issues but wish to see the answers based in London rather than Zurich, Singapore, Hong Kong or Dubai.
1) An outsource supplier whose contact details to do not match the "Whois" entry for the website site or meet legal (E-Commerce and Distance Selling Directives) requirements for a physical address and phone number for contact
2) In case we need it for profiling you, or can sell it to some-one who will pay us for it.
3) Because my marketing and legal department says so
4) Only if some-one finds out and orders us to
5) You must be joking
We cannot seriously expect a rebuilding of user trust unless and until these questions are much better answered by any government department or marketing operation asking for our details.
Some suggested answers - in place of the current gobbledeygook privacy statements might be:
1) Ensure that legal requirements for physical contact details are met, with a clear routine for reporting problems - including attempts at impersonation
2) and 3) Give a reason and a benefit for any request: e.g we can contact Experian and fast track your benefit/credit/planning application because it is less likely to be fraudulent I liked the site that gave me a credit and told me they would not give my data to anyone else other than after a court order because they wanted to sell to me. It also gave me the opportunity to review my answers to individual questions when I saw where they were leading - and ended by asking what else would I be interested in buying that they did not currently offer. They got £50 of my time for their £25 voucher.
4) Yes but the laptop was encrypted to level X so the thieves cannot use it
5) A voucher for X% off (including off my tax/fees if it was HMRC or a Regulator who lost it).
]]>
This caused me to look up a paper I wrote five years ago on the politics of personal identity. That paper in turn harked back to work I did for IMIS, the UK-based but international professional body for Information Systems Mangers on a submission to Michael Howard's consultation on proposals to introduce a voluntary national ID card. They thought ID cards were no big deal provided no-one assumed they were anything more than a low credibility residents' card.
The world may have "changed" on 9/11 when the United States discovered global terrorism in the most horribly public way. But the politics of personal identity did not: only the arguments used by those who view us a subjects, not citizens. Now that balance is swinging back.
We still have growing pressures from those who want us to transact on-line for forms of identity that meet their needs. We are ourselves demanding more efficient joined-up services from the public sector. Meanwhile we see ever more evidence that centrally held files of personal information, whether public or private, will be systematically raided or abused unless well managed.
But the fundamental arguments go back millennia, not just years or decades.
The new means of recording identity may, or may not, work but they have to be operated by analogue mammals whose standards of behaviour have changed little since writing first evolved in the deltas of the Euphrates (Iraq) and Yangtse (China), over five millennia ago. The oldest known writing looks suspiciously like a tax tariff for dealings in a cattle and grain market. The holy books of the monotheistic religions (Judaism, Christianity and Islam) contain many references to censuses, taxes and the means of identifying those who are to be respected. The teachings of Buddha and Confucius build on the wisdom of even older civilisations that nothing was inevitable save death and taxes. Even the most primitive tribes have the wisdom to distrust strangers who take their picture or ask their name.
Today the first priority of our rulers is still to record their subjects and tax anything (or anyone) that moves or dies in their realm. Meanwhile the only identity tokens their subjects value and respect are those which give credit in the market place. That market place is, however, increasingly international and electronic with ordinary citizens, not just merchants and their agents, expecting to transact with strangers on the far side of the world.
In consequence we have a tension between rulers, seeking to create and control local, national and regional identity tokens and their subjects who want a variety of tokens according to whether they wish to obtain products and services locally or internationally without paying cash. We also have a tension between those who want high reliability (to prevent possible terrorists boarding an airliner) and those frightened of being mugged on the way to the library or post office and having their identity stolen. From Brixton (South London) to Bogota (Colombia) no ordinary citizen carries more cash or ID than they really need.
We have public debates in the United Kingdom (over ID cards), in Europe (over an EU-wide health card) and in the United States (over the identification of airline passengers and Federal access to nationally collated identity and transaction files). All assume that technologies will work and inter-operate. Meanwhile we have a long trail of failed systems, fraud and lack of operational inter-operability. And there is no sign that the current generation of systems developers, let alone the public servants and outsource contractors who are to operate and use the new systems, is any more (or less) competent and honest than those who went before.
I blogged on Liam Maxwell's paper, "It's Ours: why we not government must own our data" when it first came out. It is a great read but begs the question as to why we should trust Google or Microsoft any more than Central Government - other than that their motives are more honest: they "only" want to know about us so as to better target advertising spend money. They don't want to tax us or take our children to fight for them.
No wonder Central Government and its would-be suppliers, many of whom also wish to sell to Google, find it so difficult to engage in debate with those who see no need to be electronically tagged at all, let alone for those tags to be centrally indexed.
Our policy makers appear to have learned little and forgotten much. On Toesday I aim to revisit these issues in a more positive light - how do we find a win-win way forward
all need 8 - 10 megs symetric
In every senses they are on far side of the planet from the Ofcom "vision" of policing the cybercrud, as our teenagers down load material from around the world because they cannot themselves upload anything bigger than a Youtube clip, before they die of boredom waiting.
I think the chair of the session got the alternative "vision". My co-panelist from Google was certainly delighted that it was me, not him, who was challenging the audience to raise their sights.
As the only person in the room with a bus pass, I also enjoyed pointing out that I was using electronic messaging over forty years ago - albeit most radio hams, whose ranks I was encouraged to join for practice, still used morse.
I began my challenge to the Government 2010 audience with some "alternative" definitions of the Internet:
1) A marvel of engineering simplicity, with governance routines designed by Californian Hippies (class of '67, still stoned), overlaid with layers of lawyer-driven liability-avoidance contracts and land grabs for rights over innovation and content
2) A cartel masquerading as anarchy, with everything that makes money controlled by a handful of global corporations: Cisco on routers, Microsoft on Browsers, Google on search engines and so on
3) The current state of the world's largest machine: the world telecommunications network, evolving over time from telegraph, telephone and telex onwards - with thought leadership for the drive into IPV6 based, visual multi-media passed to China - while the UK and EU are stuck on the sidelines, arguing among ourselves over regulations that will be obsolete before they are agreed.
My message was that unless we escape from Fantasy Island, the Chinese and Indian players, from Huaewei to the myriad suppliers of language independent multi-media systems and search engines, will dominate the on-line world, including our domestic market, just as the Japanese car makers did until overtaken in turn by their neighbours.
On that note I remind you that the Department for Business Innovation and Skills consultation on implemting the proposed duties for Ofcom to report on UK's communication infrastructure http://www.berr.gov.uk/consultations/page52743.html. closes on 30th October.
I have just been contacted by one of the team offering the opportunity to raise any particular issues of concern covered. I will raise this offer when the Information Society Alliance (EURIM) communications group meets on Monday to review at its forward programme for 2010.
It is one thing to enjoy venting one's spleen as an individual - it is another to work as part of team to make a difference.
Do join the team, either via your employer (although EURIM does now have individual as well as Corpoate membership) or their trade association (e.g. Intellect) or via your professional body (e.g. BCS, IET, IMIS, ISACA, ISC2, ISSA etc) - especially if you disagree with what I have said above.
Part of my role is that of the small boy in the tale of the Emperor's new clothes. But the other part is bringing together those who will provide him with new clothes that are fit for purpose - including maintaining his credibility as a ruler.
In that context who do you trust to rule the Internet?
Global corporations whose objective is to make money, including to pay the pension funds who are their biggest investors?
Governments whose objective is ... (I leave you to complete this sentance as you wish)?
or
Organised Crime (currently exploiting the vacuum)?
Remember that if you want it be run by a partnership of the good guys, it is up to you to support the Internet Governance Forum, including via ICANN and Nominet. The next meeting of the EURIM E-Crime group will be a report back from Sharm El Sheik and a review of current plans to help the launch of the Tripartite E-Crime Reduction Partnership - as announced in the Digital Britain report.
]]>
The second is that around 20% of its "customers", including those in most need or most likely to attend MPs surgeries, live lives of unpredictable chaos, with multiple inter-linked problems, lurching from crisis to crisis.
Systems based on comprehensive rule-books, however complex, are doomed to "fail".
Perceived "success" depends on designing simple systems for the 80% whose needs are straightforward or predictable, with authority devolved to human beings to handle the rest.
This approach raises all the issues of accountability for public money that the current centralised silos were designed to handle. But the world has moved on since 1917, when Loyd George's war time government decided that the land fit for heroes would be built on nationally standardised schemes rather than local choice.
The time has come to adopt approaches that are fit for the 21st Century.
Perhaps a wholesale change of MPs, bringing in recent experience from business and from local government, will help those within the Civil Service who have long been only too well aware of the need for change.
I should perhaps add that the insights on which this entry is based were recenlty expressed forcefully and eloquently by a retired senior civil servant who was almost in despair (or should I have said incandescent with rage) at the mess made by those who succeeded him as they tried to implement the over-ambitious wet dreams of well-intentioned ministers and policy advisors, aided and abetted by less well-intentioned consultants and technology salesmen.
I very much hope that the way forward will include rebuilding the skills and professionalism of the Civil Service as well as devolving authority and accountability to those in the front line of service delivery who are best positioned to understand the needs of those with whom they dealing. The latter will indeed need much better information systems, but designed for decision support, not automaton control.
]]>
Commending the summary to MPs and to Parliamentary Candidates, Stephen Timms, Financial Secretary to the Treasury as well as Digital Britain Minster, said:
"I welcome EURIM's brave attempt to summarise thousands of pages of reports and guidance into a simple crib sheet for politicians. I hope it will cause those responsible for policy planning, procurement and implementation to follow up the references to the Audit Commission, BCS, Intellect, NAO and OGC material on which it is based. It is a useful aide memoire for us all, as well as a succinct summary of what the next generation needs to learn, to avoid repeating the mistakes of the past."
A key message is that the degree of clarity over objectives and candour over the risks to be managed usually determines success or failure before the start of the procurement process.
The full text is below:
===========================================
Good Practice in Procurement
"We know why projects fail, we know how to prevent their failure - so why do they still fail?" Martin Cobb, Treasury Board of
EURIM has distilled the reports and guidance on procurement produced by the Office of Government Commerce, the National Audit Office, the Audit Commission, Intellect (the Technology Trade Association), the British Computer Society into 4 pages, including links to the sources. www.eurim.org.uk/activities/pubproc/0909-Good_Practice_in_Procurement.pdf.
The key points are:
1. Agree clear business outcomes before you start
Procurement should not start until those at the top have set clear, achievable, objectives - including what "success" means and how it will be measured. It is lack of clarity and consistency with regard to objectives, not size or complexity, that makes public sector projects riskier than those in private sector
2. Be realistic and candid about risk, especially politically related risk, at all stages
The cost of public service contracts reflects the risk of changing political objectives and priorities in the face of external pressures. The transfer of unmanageable risk increases cost. Risk is best managed by those in a position to take timely and effective action.
3. Avoid inventing new wheels: reduce risk by recycling and adapting where possible
Most public sector projects can be delivered using technologies that have been tried and tested elsewhere. The bigger challenge is the need for changed ways of working on the part of those using the new systems. Management and staff need to be motivated to welcome change that enables them to deliver tangible benefits, rather than for its own sake.
4. Do not over-emphasise price: lowest cost is rarely best value or service
Pressing suppliers too far on price is counter-productive. They will ultimately have no choice but to cut quality by, for example, using cheaper, less experienced staff. Best value also requires looking at the solution proposed, relationship, delivery approach and behaviour.
5. Focus on rewarding achievements, not on penalising failure
Incentives need to be thought through: time to answer calls, for example, should not become more important than providing a satisfactory answer. Shared programmes to develop skills in relationship management and disputes avoidance can help cement co-operation.
6. Regularly monitor performance and continued relevance of outcomes
It is good practice to agree a Joint Statement of Intent between senior executives in the customer and supplier organisations, in parallel with awarding the contract. This should then be communicated to all involved as the basis for ongoing review of delivery, including whether the outcomes are still relevant and achievable.
7. Do not skimp on testing, including of security, resilience and people processes
Additional testing cannot make up for deficiencies in specifications but it is essential that projects under time or cost pressure do not economise on planned acceptance testing, particularly with regard to periods of use under working conditions by typical operations staff before going live.
Why does each generation of technology devotees feel compelled to repeat the mistakes of the last one - like teenagers discovering sex?
]]> The Internet is over forty years old. Its transition from laboratory to mass market took about the same time as the Motor Car or Radio. Its impact is no more and no less.Meanwhile its devotees commonly display all the maturity of Patsy Stone and Edina Monsoon in Absolutely Fabulous
Almost exactly nine years ago, in an article published after the burst of the Dotcom Bubble, I commented on the need to re-learn some of the business principles of the early part of the last century and quoted Henry Ford's four business principles.
My conclusion was "The New Economy is not new. A 1000 year old Gaelic Proverb loosely translates as: "Wealth is created when one man produces what another wants, whether it be a sword or a song", Recovery from the tech stock market crash ... depends on packaging technology to meet customer needs, not aksing customers to adapt to technology."
P.S. While hunting the link for that article I googled myself and Henry Ford and came across one of the sites carrying essays for students to copy and found that another of the articles I wrote for the IMIS journal was the basis for their model essay on E-Commerce. Be very afraid of what the next generation is reading.
]]>