Council IT chiefs aim to avoid repeat of PSN compliance debacle

Socitm president Nick Roberts reveals how public sector IT chiefs hope to avoid a repeat of PSN compliance problems

Local authorities have moved on from last year’s Public Services Network (PSN) compliance problems, and are resolving “unfinished business” as a result, say council IT leaders.

At the PSN Summit in London, Nick Roberts, Surrey County Council IT group manager and president of public sector IT body Socitm, set out the steps the organisation is taking to avoid a repeat of the compliance debacle that dogged the Public Services Network last year.

On the day after England’s exit from the 2014 World Cup, Roberts’ football analogies came thick and fast. However, unlike England’s performance in the tournament, there was more to be positive about, he said.

“We have had a defensive first half and haven’t scored the goals we wanted. We’re keen to move on and meet business demands, so half time is about regrouping, team building, and creating a strategy for the second half. We’re in a position where, whether you’re local or central government or supply side, we’re all on the same side and want the same thing. The second half is looking more promising,” said Roberts.

His remarks reflected comments made to Computer Weekly this week by Andy Beale, common technology services director at the Government Digital Service (GDS), which recently took on ownership of the PSN programme. Beale said that, while there had been compliance problems, they were very much “last year’s story".

With very few local authorities now in a position where they have not met PSN compliance requirements, Roberts reflected on the work that has gone on in the past six months to reverse the situation that saw at least one council coming close to being shut out of PSN altogether, and set out how Socitm plans to keep that process of reconciliation going.

“An unfortunate consequence of meeting compliance was that we had to stop doing a bunch of things - projects in progress that were transformative and cross-sector weren’t really able to be undertaken, so there’s a whole chunk of unfinished business, and we want to get that back on the agenda,” said Roberts.

“To do that we need a new phase – I’m very pleased to see some work undertaken by the LGA [Local Government Association] and [LGA CEO] Carolyn Downs put together a statement of where we are across local public services in terms of what has been achieved - but also to identify the job isn’t done. We shared that with [Cabinet Office COO] Stephen Kelly and I’m pleased to see there is support to bring resources together to begin to address those issues.”

Socitm has pulled together key stakeholders from parties including LGA, the Cabinet Office, government IT security group CESG, the Information Commissioner’s Office, and senior government risk owners, to form a group which held its first meeting last week.

“The objectives agreed were to create a fit-for-purpose information assurance model for local public service delivery, and focus on maximising opportunities from PSN to create effective delivery for joined-up services across the public sector,” said Roberts.

“The board’s role is to begin by developing the case for PSN, being clear about the benefits and the power of the infrastructure, then to focus on what is holding us back. ‘Task’ and ‘Finish’ groups will look at each issue to identify and share best practice already in place across local and central government. 

"The board will also take a role on behalf of councils to oversee and monitor the compliance process, and probably the most important thing for the board is to act as a communications conduit to share learning and best practice across the sector.”

The Task and Finish groups will focus on issues such as unmanaged endpoints and bring your own device (BYOD), shared services and physical accommodation, baseline security checks and overall IT health checks around areas, such as Windows XP. Socitm will also be reaching out to local authorities to identify further issues the community wants addressed.

“We’ll use the Task and Finish groups to review guidelines and advice, identify best practice to meet guidelines, and bring in expertise to develop it where best practice doesn’t yet exist,” said Roberts.

He urged local authorities to get over some of the distractions. “We’re on a level playing field and we trust each other as users of the PSN to share data,” he said. “If we don’t have that trust in place we can’t do business differently…. It’s up to us to tell the story of what we want to do.”

Phil Gibson, chairman of trade association PSNGB, also urged greater collaboration between the various PSN stakeholders: “We have to get around the fortress walls and start thinking about how we make those connections work.”

In a few years, Gibson argued, PSN would “just be there”, as an underlying infrastructure, and the focus needed to be increasingly on what it could be used for.

GDS’s Beale conceded that the Cabinet Office had done a bad job of handling PSN compliance issues and went so far as to apologise to the audience of local government IT chiefs at the summit on its behalf.

Beale, too, urged collaboration: “We need to work together as a community on this, particularly while making it better, but also how as a community we meet today’s cyber threats and data protection challenges.

“While it was badly handled, people do recognise good work was done in terms of improving our stance against cyber threats,” he said.

Read more on Network security strategy