Your shout: SLAs must focus on business, data protection, agile methods could boost NHS IT scheme

Computer Weekly's readers give their views on the weeks news

SLAs must focus on business value, not IT

Failures in service level agreements are not a new problem, and not one that is confined to outsourcing. Far too often people use SLAs as a tool to measure and report meaningless technical metrics rather than as a mechanism for ensuring the service provided is delivering real value.

The SLA attached to an IT-based business service is too often focused on the performance of the technology itself. When I walk up to a cash machine, I expect to get my money in a sensible amount of time. I am not interested in the components required to deliver my money. The SLAs provided by suppliers associated with this process should be able to show that they are working to ensure that the bank's customers are receiving the right money in a timely way.

The key issue here is that SLAs are being agreed by silos within IT departments whose interaction with the business is technology driven, rather than being driven by the impact of their technology on the wider business environment. This is part of a more fundamental problem - the lack of integration between business and technology.

As long as firms continue to view IT as a necessary evil rather than as a business enabler, IT departments will continue to operate in the dark, with little understanding of business needs. It is unfair to expect an IT department to implement SLAs that will deliver business value when there are conflicting views about what "value" means.

Mark Newton, BMC Software

Be clear about data protection requirements

Further to your article "Deadline for digitising paper records looms," I would like to clarify certain issues surrounding the expiry of the final "transitional relief" period of the Data Protection Act 1998.

This period was included in the legislation to ensure a smooth transition from the original requirements of the Data Protection Act 1984 to the additional requirements of the 1998 Act.

The Data Protection Act currently gives some limited exemptions for manual records created prior to 24 October 1998 which are held in structured filing systems. At the moment, a data controller who processes such data is not bound by most of the requirements of the first five principles of the 1998 Act. These exemptions will end at midnight on 23 October 2007.  

Your article stated that this will mean that organisations will have to computerise or digitise that information. The Act does not require this. What it does mean is that the Act will apply in full to the manual records that are affected. Data controllers must take reasonable steps to ensure that such records are accurate and must be ready to draw on this information when responding to subject access requests.

David Smith, Deputy commissioner, Information Commissioner's Office

More information >>

Agile methods could boost delivery of NHS IT scheme

Much has been made about overspend and late delivery of the NHS National Programme for IT but, as your article highlights, the overriding problem is that the scheme may fail to deliver what is required.

Underpinning this failure is the delivery approach taken, and not the number of suppliers or complexity of the systems involved.

From my experience of similar projects, failure is caused by two inherent weaknesses in the approach taken: fixing requirements upfront without allowing room for change, and a lack of user involvement throughout the life of the project.

An agile approach to software development ensures users have the opportunity to make changes along the way. The cost and benefit of each feature is assessed repeatedly and managed within the budget to ensure that what is delivered meets business needs and optimises value.

Until public sector IT embraces agile development methods, these high-profile examples will continue to hit the headlines, and the taxpayer will keep on paying for the mistakes of the government and the IT industry.

Phil Hall, Head of public sector practice, Valtech

Banks may choose to ignore interoperability

In your article, "Barclays readers welcome but no cure-all," Sophos' Graham Cluley says that a lack of interoperability is a "huge" issue for consumers. In fact, the card readers to be issued by Barclays and other banks will be interoperable, as per the card reader standard agreed by Apacs.

That banks may choose not to market their card readers as interoperable is a separate point. The real challenge is to introduce the card readers without affecting the online customer experience.

Nicholas Flook, Managing Consultant, UMT

Tony Collins' IT projects blog
Against the current: exploring the challenges of complex IT projects

Answer back
Do you have a fresh take on someone's opinion on this page, or something to say about a Computer Weekly article? E-mail [email protected]. Please include a daytime phone number.

Read more on Privacy and data protection