Your shout! On designing an IT system for the NHS

Have your say at


Have your say at





On designing an IT system for the NHS

In response to reader comment on the government's IT programme for the NHS (Your Shout, 22 February)

Alan Rommel suggested that proper training and effective communication was required for the national programme for IT in the NHS.

He is not wrong, but it is striking to see that as the details of the Choose and Book system were communicated to GPs, their initial lukewarm reception froze rapidly.

Communication about plans is not the answer, much as government departments and their IT partners might wish it so. The answer is to design systems that are useful to users.

Only then does communication become a factor, and given useful products, GPs can find out about them quite well themselves.

Adrian Midgley, GP, Exeter

On the future of security based on passwords

In response to an editorial comment on the need to balance access to systems with reliable security (Computer Weekly, 22 February)

It seems that no matter how much progress is made in securing technology, the end-user will always be the weakest link.

Lapses will happen, with suspect e-mail messages being opened and malicious code such as spyware being introduced to a company system.

However, a closer examination of the practical steps an enterprise can take to put in place a comprehensive security strategy is rarely to be found in the IT press.

The current reactive approach by anti-virus suppliers, among others, serves only to perpetuate their own business model of updates and patches.

This is confusing and not at all useful for an enterprise looking for peace of mind that its computers have been secured well into the future.

The speed of propagation of viruses and the sophistication and ever-expanding nature of the malware stable means that any security product that attempts to block rogue software once it is already in circulation is ultimately doomed to failure.

The logical approach would be based on a proactive measure such as whitelisting.

This can be applied to hardware and software to ensure that only the applications expressly allowed to run on the enterprise network can do so.

Whitelisting makes no assumptions about whether a piece of code is good or bad - merely whether it has permission to execute or not.

The most recent security scare story, spyware, is just another piece of code, and it can just as easily be eliminated from the enterprise environment, as can Trojans and viruses.

Louis Oley,UK managing director,SecureWare

On the impact of the FOI Act on data retrieval

In response to the feature concerning the introduction of the Freedom of Information Act (FOI)and the systems required to provide full data retrieval (Computer Weekly, 22 February).

The Act will impact significantly on those businesses that don't take it seriously.

A large proportion of public bodies and their suppliers remain unprepared and don't have the appropriate measures in place to retain, store and retrieve the right information and records.

In the run-up to the FOI deadline the Cabinet Office reportedly made the decision to delete all e-mails more than three months old.

Whitehall departments were then alleged to be shredding an unusually large number of documents, destroying records pertaining to defence, environment and trade departments, among others.

Central government has clearly failed to appreciate the role that technology could play in the battle to manage ever-increasing volumes of information.

I only hope that other public bodies don't follow by example and put themselves in a better position to answer requests and manage information - and that they do so immediately.

Liz Maloney, Hummingbird

CIOs need to leave the number crunching alone

At a recent conference, Computacenter chief executive Mike Norris said that IT directors are prepared to accept a reduced quality of service from suppliers if it means getting a lower price (Computer Weekly,15 February).

To some suppliers this view would appear to justify cutting corners in pursuit of a "quick fix" offering. I believe this way of conducting business to be misguided, at best.

The belief that end-user CIOs are happy to put cost before quality seems to be proliferating. Since CIOs have made an appearance at board level, they have been lambasted for being too operational, bogged down in the problems and budgetary issues that affect IT departments, rather than strategically thinking about the business.

Until they start realising IT is central to the success of the business and there should not be a quality/cost compromise, they will struggle to get out of this rut. CIOs need to consider the long-term and strategic side of IT investment, and leave number crunching to the chief financial officer.

George Masoura, Plexus

Modernisation is best solution to legacy crisis

Bill Goodwin's warning that IT departments face a war of talent as firms vie for scarce skills (Computer Weekly, 1 February) raises the important issue of the shrinking pool of people able to understand and manage legacy applications.

The answer to this legacy problem is not to "hand management and operation of these legacy systems to third-party suppliers while they gradually migrate to more up-to-date systems".

If there are decreasing amounts of relevant skill-setsin-house to manage these systems, which are often running business-critical applications, there will be the same shortages outside of the organisation among outsourcing suppliers.

A far better solution to the staffing problem, irrespective of who is maintaining the applications, is to migrate and modernise the applications.

Although many companies are looking to move away from legacy platforms, they do not all want to embrace the high level of risk and cost involved in replacing these systems.

Many organisations prefer the option of first migrating to a modern platform and then building on what they have.

With this approach comes the added benefits of reduction in the costs of managing and supporting legacy systems, plus improvements in the way they integrate with modern business applications.

The roadmap of migrate, modernise and integrate with new technologies is usually the most effective route to meet evolving business needs, and it solves the legacy skills issue in a way outsourcing does not.

Geoff Baker, Transoft

Security remains the users' responsibility

The US government is to be applauded for its desire to force software suppliers to fix their dodgy code - perhaps it could also pass legislation to eradicate global disease and poverty as well? (Computer Weekly, 22 February.)

If government attempts to tackle spam, viruses and spyware at the ISP level have failed, it is naive to presume that the software behemoths will sit back and watch the US legal machine grind into action. Such a move is likely to prompt one of the most intense and protracted lobbying campaigns of recent history.

Until such a giddy nirvana is reached, users will have to take responsibility for their own networks by investing in their own security solutions, unfair as that may seem.

John Tomlinson, EMEA managing director, St Bernard Software UK

Carrots and sticks are the cure for spam

Regarding your report on the US call for legislation to force ISPs to control spam, spyware and viruses (Computer Weekly, 22 February), clean e-mail in my view is a critical and necessary part of ensuring our electronic security as a nation.

But legislation - the 'stick' approach to spam and virus filtering control - is not enough.

Despite the pressure to take on the ownership of filtering, market forces have failed so far because filtering is not a viable business opportunity for ISPs.

ISPs have neither the 'stick' through legislation nor the 'carrot' through commercial viability.

A carrot and stick approach is what's required.

At the moment ISPs see e-mail filtering as a burden. In-house systems aren't economic to build or maintain, and all bar one of the managed services at present on offer are geared to selling direct to corporates, not to the ISPs' specific needs.

To be attractive to an ISP, the outsourced filtering service must be priced for profit as well as being easy for them to integrate into existing infrastructure.

With the right supplier I see managed filtering as the 'carrot' to positively affect the bottom line. Profit is the best market mover of all.

John Turley, Checkbridge

There is no escaping from the need for skills

We were interested to read the article on small firms outsourcing network management (Computer Weekly, 22 February).

Actually, the cost of network management packages is an issue for many enterprises, not just SMEs, and outsourcing network management is an option many are also considering.

However, we do not agree that outsourcing network and system management has been too expensive for most companies to date. We know of dozens of companies, some with small but critical networks plus a dozen servers, who are doing this successfully.

There are limitations to using an India-based service. Network support is like emergency services - it requires a skilled person on-site with a range of specialist tools.

When the network is down and things get really difficult, no one can get a qualified network engineer on site for £19.95 a month.

Stuart Muirhead, Trend Network Services

Read more on IT for small and medium-sized enterprises (SME)