tashatuvango - Fotolia

GDS wants IT suppliers to use its GaaP products – but won’t offer service guarantees

The Government Digital Service encourages tech firms to adopt the platform services it has developed – but can’t offer any service or support guarantees

The Government Digital Service (GDS) is encouraging IT suppliers to use the digital services it has developed for the public sector as part of their own commercial products – but GDS won’t offer any guarantees of support or service levels.

GDS director general Kevin Cunnington and some of his team talked to tech companies at a market briefing organised by IT trade body TechUK on 25 July 2017. The aim of the event was to outline key GDS projects as part of the government transformation strategy announced in February.

One of the areas discussed was the GDS government-as-a-platform (GaaP) services – Gov.uk Verify, for identity assurance; Notify, for electronic notifications; Pay for online payments; and PaaS, a GDS-developed platform-as-a-service product.

GDS speakers at the event encouraged suppliers to use the GaaP tools in their own products, in the hope of widening their use. However, according to guests at the event that Computer Weekly talked to – who wished to remain anonymous due to their ongoing relationships with GDS – GDS was unable to give any guarantees around support or service levels.

Delegates said they were told GDS cannot enter into contractual arrangements with external suppliers wishing to use the GaaP services, and therefore cannot offer service level agreements (SLAs) to guarantee uptime or response levels in the event of problems with the GDS platforms.

As our sources pointed out, suppliers will be wary about offering SLAs to their own clients for a third-party service that has no SLA offered as part of its use. One delegate suggested it was “naive” of GDS to think suppliers would offer the GaaP products to their own clients without any commercial support arrangement.

Despite this stance, GDS highlighted the importance of the GaaP services in government, stating they would be seen as part of the UK’s critical national infrastructure, according to delegates at the event.

Quoted in a TechUK blog about the market briefing event, Cunnington said: “Business transformation is difficult and government cannot do this alone. Service teams in government want, and need, the UK tech industry’s skills and experience to help them transform. By using the GDS platforms rather than reinventing them or integrating others, you can do this more quickly, cheaply and consistently.”

IT suppliers typically use third-party tools such as Worldpay for processing online payments, or notification services such as OneSignal, which usually offer commercial support services.

Read more about GDS

Take-up of the GDS GaaP services in government has been relatively slow and GDS is keen to speed up adoption. Notify is used in 68 digital services by 32 public sector bodies; Verify is used by just 15 services and has been criticised for its poor performance levels; while Pay is seeing more success, with 378,000 payments made (as of 24 July), at an average value of £44.28.

Some suppliers are also concerned that the PaaS service runs only on the Amazon Web Services (AWS) cloud platform, fearing being locked in to one cloud provider.

At the TechUK event, GDS also demonstrated a new version of Verify that offers a lower level of identity assurance than the existing system.

One of the reasons some government departments have held back on using Verify is that it requires more data to assure a user ID than the department needs – meaning the initial registration process is too onerous. The current process is designed to offer ID assurance to a level that would hold up in court.

GDS has now developed a new feature for Verify that allows “level of assurance 1” (LOA1) – a reduced level of verification that is effectively a straightforward user login and password system, which offers “minimal confidence in the asserted identity” of users for low-risk transactions. In effect, LOA1 means the government service trusts the user to verify their own identity.

The government has committed to having 25 million users of Verify by 2020, and offering LOA1 is seen as a key step in widening the adoption of the service to meet this target.

Computer Weekly has asked the Cabinet Office for more details, but had not received a reply at the time of publication.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT for government and public sector

Join the conversation

3 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

On Verify any organisation using it will also, almost certainly, want indemnification (e.g. regarding security breaches and fraudulent transactions) as well as SLA's. LOA1 is a quite useless level of identity management and is wide open to fraud.
Cancel
“only 2,270 payments have been made using Pay (as of 24 July)”

No, you’re misreading the stats!

2,270 payments were made using Pay on 24 July.

The total number of payments ever is over 378,000.

Cancel
Ah! Yes, you're right. Apologies - my mistake, that's now been corrected. Thank you for pointing it out - much appreciated.
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close