Appian provides a low-code development platform that accelerates the creation of high-impact enterprise software applications – from idea to app in 8 weeks with a guarantee.
Mention security in the local government sector and the response you get will undoubtedly use the phrase Public Sector Network (PSN). Local government is recovering from meeting the tough (and in the view of many, inappropriate) security standards as part of achieving PSN compliance. With all but a handful of councils now reaching compliance it is clear that PSN is here to stay but questions remain over its implementation and its future. Firstly, why was it such a painful process and what lessons can be learnt from this to help improve the process going forward? Secondly, now that PSN is in place has it improved the way in which local government operates and can its high security standards be turned from an onerous imposition into an advantage? And finally, what role does industry have to play in supporting the PSN agenda?
A hard road to travel
The transition to PSN was never going to be easy. After decades of a hotch potch of standards being implemented in an ad hoc manner, trying to get multiple organisations from different sectors to agree on one set of standards is a challenge in anyone’s book. But, creating one logical network on the basis of an industry standard is the right approach and one that now has considerable buy-in from local government. The PSN journey has also created a community focused around a common goal, this needs to be capitalised on so that issues can be tackled collectively going forward. Ensuring that co-design and cooperation is the spirit in which the public sector continues to work together is vital.
Security compliance in both central and local government is not a new thing – previous regimes however had taken a more ‘laissez faire’ approach to compliance which resulted in many areas being left on ‘to-do lists’ because they were perceived as being too difficult or as requiring too much resource. PSN has challenged both local and central government to tackle these areas in a time of increased service demand and decreasing budgets. This is a tough challenge and local government needs to be applauded for the work it has done in recent months to achieve the end of March deadline.
techUK is concerned however that in achieving its Code of Compliance, PSN has given security a bad name. Security should be an enabler for efficient service delivery but many council’s see it as stifling their innovation. In an effort to comply with PSN many authorities have abandoned technology initiatives that they see as vital to the ways they do business. This has left a bitter taste in the mouth of local government. Bring Your Own Device (BYOD) schemes for example, are key to enabling many mobile workers such as social workers to do their paper work on the go and to access important information about the families they meet.
This leads to more productive sessions and can free up thousands of hours a year for personal interaction and relationship building. But PSN has challenged these developments and local government have been left feeling that inappropriate levels of security have been enforced on them from a distant and disconnected central government. It is crucial that there is now dialogue between local authorities, central government and industry about the levels of security and standards of PSN. Getting this right is vital to ensuring it supports the delivery of local public services.
A consistent approach
Particular questions on the process and the approach that has been taken are now starting to be raised. Approaching each council on a case by case basis was always going to be inefficient and a more collective approach has to be the future. Inconsistency has been a major issue with some councils receiving a yes from one auditor only to receive a no from another, this needs to change. Back when PSN was being conceived it was considered that model answers for assessors would be the correct approach but this was later ditched in further of individual judgement.
This needs to be re-visited as the lack of consistency has led to confusion and frustration throughout local government and could create further bad feeling if it continues. The Local Government Association is working with central government to review this. techUK adds its voice to the call for increased consistency as the lack of it is creating a very confused market for suppliers to work with local authorities on improving the delivery of public services.
Compliance was just the first step on the PSN journey. Authorities are now expected to transition fully across from GSi and the conversation is turning from compliance to Information Assurance and Information Governance. This too creates specific challenges for local authorities as each organisation has a different approach for doing this. Ensuring a strong assurance regime is vital for creating consistency and delivering future public services where further demand for citizen data and transacting online is a trend that is set to continue.
It is important the spirit of community that PSN has created is built on so that the challenge can be tackled in a way which engages with all parties. Lessons learnt from the first phase of implementation must be used to make sure future work is conducted differently, there needs to be a two-way decision making process between local and national government and there needs to be consistent messaging and evaluation across the board.
The gain achieved
The road has been tough but there are great benefits to local authorities who have joined PSN. With PSN infrastructure in place we now have a vital piece of the jigsaw to achieve multi-agency working, with organisations able to share and join up around the needs of the citizen and not on the basis of current silos and structural constraints. Many would argue that local government was sharing information in the past but, with the police and health services planning to transition onto the network over the next few years there is real potential for a single citizen view and locally delivered and designed services. Whether this is a citizen being able to transition seamlessly between services carrying their data with them right through to a strategic level of local government being able to tap into big data to organise resources around social need – the potential is vast.
Nowhere has the profound need for systematic information sharing been demonstrated more than in the multiple cases of coordinated child sexual exploitation or ‘localised grooming’ which have been revealed across many of the UK’s towns and cities. In Oxford for example, social services, health workers and the police had each received reports about the sexual abuse of local children but, failure to properly share information led to vital links not being made and the scale of the abuse remaining uncovered for years. Of course many cultural changes are needed for effective interagency working but a common network infrastructure which enables frontline practitioners to gain a full picture of colleagues’ interactions with citizens will be an essential tool to achieve this.
Increasingly government policy requires different services to work together in a coordinated way to achieve goals. For example, the Troubled Families Initiative, which aims to help 120,000 families by 2015, focuses on working with local authorities and their partners including police, education and health to help these families tackle their problems and bring down the cost to tax payers. To date the scheme has been in use with nearly 80,000 families across 152 councils and a high success rate has been reported across the board.
As more services are delivered online public confidence about the security of personal data will be paramount to achieving take up of digital services. With a tight security and information assurance regime in place the PSN will ensure all authorities are operating to high standards and will help to build confidence that they can be trusted to keep data safe. Local authorities deliver 80 per cent of public services in Britain, without resilient security measures the hope of achieving digital government will be lost.
What role for industry?
So what does this all mean for industry? And what is our role in supporting the work of PSN? The answer is simple – we need to be considered a key part of the community as the PSN cannot be delivered without us. Suppliers need to be aware of developments so they can align their solutions and business plans accordingly, they too need to feedback on experience they have had when dealing with local government and be part of the co design of future services. Industry also needs to highlight the ways that security can be an enabler rather than a barrier. Having a seat at the table of PSN is a key aspect of the next step along the journey to establishing the future of local public services. Here at techUK we are working with suppliers and local government colleagues to ensure this is the case going forward.
Working in partnership is a message we have put out within local government for a long time and one that is recognised as vital to achieving the best results not only for councils and suppliers but for citizens. Although pockets of good practice exist in local government, PSN could potentially prove the catalyst to creating a community around a common aim to deliver better services to citizens and it is ensuring that we capitalise on this and not let the security debate cloud the potential it can provide if we work together to get it right.