Civil servants told to destroy internal reports on billions of pounds of risky IT projects

Officials at the Treasury’s Office of Government Commerce [OGC] are ordering the destruction of “gateway review” reports into the progress or otherwise of billions of pounds worth of risky government IT projects to cut the risk of leaks.

An OGC paper tells civil servants that, in the context of the Freedom of Information Act, they should “securely dispose” immediately of final reports of gateway reviews – which are internal assessments of projects such as the £5.3bn ID cards scheme and the NHS’s £12.4bn National Programme for IT.

The paper also tells civil servants they must securely dispose immediately after delivery of the final gateway report “all supporting documents”.

The OGC oversees large IT and other projects in Whitehall and the wider public sector. Its instruction comes even though it has lost two appeals under the Freedom of Information Act to keep early “gateway review” reports on ID cards secret.

Managed by the OGC, Gateway reviews are independent assessments of high and medium-risk IT-based and other projects at various stages in their lifecycle. More than 2,000 gateway reviews have been carried out – but the OGC has published none of them.

The order for the destruction of final reports will fuel suspicion that they identify fundamental flaws in some major government IT-based projects.

Vincent Cable, Liberal Democrat Shadow Chancellor, said the OGC’s instruction to destroy gateway final reports is “shockingly arrogant behaviour by those who should know they are accountable for public money”. He said that Parliament and taxpayers have a right to see the gateway review reports.

The Information Commissioner ruled in July last year that early gateway reviews on ID cards should be published, arguing that it should be public knowledge whether the programme was feasible and being well managed. The OGC appealed – and lost. It is now to fund a third appeal hearing, this time to the High Court.

In giving advice to gateway review teams on the Freedom of Information Act, the OGC paper says: “Please be aware that, as per our guidance, you must securely dispose of the [final gateway] report and all supporting documents immediately after delivery of the final report- which should be no later than seven days after the review.”

The OGC wants to cut the risk of leaks – only two people will have copies, the OGC and a department’s “senior responsible owner”.

Nobody else has any automatic right to see the reviews. So a department or agency’s internal audit committee, MPs, the department’s IT team, computer suppliers and potential end-users may be denied access to the final report.

The OGC is also assuring departments that confidentiality over gateway reviews is “assured” – even though the High Court could rule that the reviews are published.

And the presentation paper tells review teams if asked verbally for information on the gateway reviews to include in their reply the fact that the say they are not “actively published or disclosed”.

Under the Freedom of Information Act, each request for disclosure of gateway reviews should be considered individually. But the OGC has refused every application for disclosure of the results of gateway reviews.

Two Parliamentary committees have asked the government to look favourably on publishing gateway reviews after taking in evidence from Computer Weekly. This magazine’s evidence was also cited in the ruling of the Information Tribunal that early reviews on ID cards be published.

An OGC spokesman refused to say why it has ordered the secure disposal of gateway reports. The OGC confirmed that only two copies are kept.

Civil servants who undertake gateway reviews told Computer Weekly they thought it unnecessary to destroy the final reports. They said the documents usually contained important recommendations which may not be carried out properly if people in the department or agency do not know what they are.

One gateway reviewer said the order to destroy the final reports was “odd and a little sinister”.


Civil servants told to destroy reports on risky IT


Do gateway reviews produce results?

Government hires legal experts to fight publication of ID cards reviews

Lords back CW on ID cards secrecy

Is the independence of some gateway reviews being compromised

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I am not sure that I understand this - apart from an obsession with controlling information - even to the extent, as far as I can see, of denying information to the people who need to act upon it!

If two copies of the final report - one for the OGC and one for the SRO - are to be kept, surely these are open to disclosure under FOI?

Or is there a *legal entitlement* for this department and these SROs to defy the courts if they support the Information Commissioner?

The consequences might be different: OGC is a department, the SRO is an individual. Hm. I'm a GP - maybe I should look at the penalties, both to individuals and organisations, of not obeying the courts in this matter!

Isn't there a further problem?

If neither the final reports nor the supporting documents will be kept for more than 7 days after the date of publication (or non-publication as the case may be), *and*, presumably, no summary or recommendations suitable to guide future progress are available to those charged with progressing the project, isn't the whole exercise of Gateway Reviews a total waste of taxpayers money?

Er *does* OGC have any other functions?

Mary - you make some excellent points.

a) Aren't the 2 copies kept by the OGC and the SRO subject to disclosure under the Freedom of Information [FOI] Act?

My response: Yes and no. The government has worded the FOI Act in such a way as to prevent disclosure of anything it really wants to keep secret. And the government most certainly wants to keep gateway reviews secret.

One could imagine why it requires secrecy - it's conceivable, for example, that some of the gateway reviews on the the NHS IT programme have resulted in "red" lights.

The government has lost two appeals to keep the results of early reviews on ID cards secret but it's going to the High Court as a third appeal, and if it loses, it could go to the House of Lords after that. If that fails the government could issue a ministerial veto.

So yes gateway reviews are subject to the FOI Act. But the government can - and will I am sure - ensure they are kept secret.

Are gateway reviews a waste of money if not all the parties involved in recommendations see them?

My response: This is a point well made. The SRO can share the results of reviews but the National Audit Office has found that sharing is sometimes very limited. Only half of internal audit committees are briefed on the results of reviews.

Computer Weekly regards it as ludicrous that the review reports are not automatically shared with those who are involved in carrying out its recommendations - suppliers for example.

OGC = Office of Government Coverups?

I thought they were the same people who did PRINCE2 = Projects in Controlled Environments - coming in the next version of PRINCE2: Controlling a Stage CS9 = Disposing of the Evidence.


I'm not an expert on Prince2 and I haven't even read all of it but what I have seen seems to place an emphasis on capturing and documenting lessons learned. Prince2 also seems to encourage the sharing of lessons.

Gateway reviews do not strike me as projects in their own right, which could fall under the Prince2 regime, but short (lasting about a week), independent assessments of projects.

Arguably the more the results of gateway reviews are shared with those involved with the projects and also with interested scrutineers - Parliament for example - the better.

The OGC wants to destroy all but two copies, one for the OGC and ther other for the SRO, which seems extreme and unncessary. Indeed the gateway reviewers I spoke to made exactly these points.

If you've a copy of the next version of Prince2 and can highlight the section about disposing of the evidence I'd be grateful if you'd forward it to me: - thanks Tony Collins

Quite apart from all the foot-dragging over publishing the gateway materials, shouldn't the ID card project be going back to Gate 0 or 1 for a re-assessment? Over the past two years, the specs and costings have changed quite significantly.

A Gate 1 review, in particular, is supposed to "confirm the business case is robust" and show that a project is "likely to achieve value for money".

Has any re-appraisal been made? I can find no reference to this on the OGC site.

The governments may change but these will still be our civil servants. I'm rather glad this got linked, at least someone has morals.

I really wonder about non-specialists running IT, health, environment or transport projects, theres bound to be stupid mistakes like this