Government Technology volume 9.5

FINANCE – The latest developments within financial and accountancy software

www.governmenttechnology.co.uk | VOLUME 9.5

PAYMENT SECURITY IT SERVICE MANAGEMENT

CALL CENTRES

INFORMATION ASSURANCE

Enabling efficiency through risk management at IA10 PLUS Understanding the Digital Economy Act

MRG Systems LimitedWillow Court, Beeches Green, Stroud, Gloucestershire GL5 4BJT +44 (0)1453 751871 E [email protected] W www.mrgsystems.co.uk

Rich, dynamic digital signage to keep your organisation up to date withthe latest news and information

•Welcome the public, visitors and clients

•Promote your services

•Celebrate achievements and successes

•Share departmental news

•Publicise visions and strategies

•Inform and educate

iMERGE Digital Signage

Where no newsis... just dull

To find out more about iMERGE and Digital Posters, contact MRG today:Call 01453 751 871 or email us at [email protected]

MRG Advert Full 20x307 5/7/10 15:55 Page 1

03THE BUSINESS MAGAZINE FOR GOVERNMENT TECHNOLOGY

www.governmenttechnology.co.uk

MEMBER OF THE PERIODICAL PUBLISHERS ASSOCIATION

© 2010 Public Sector Information Limited. No part of this publication can be reproduced, stored in a retrieval system or transmitted in any form or by any other means (electronic, mechanical, photocopying, recording or otherwise) without the prior written

permission of the publisher. Whilst every care has been taken to ensure the accuracy of the editorial content the publisher cannot be held responsible for errors or omissions. The views expressed are not necessarily those of the publisher. ISSN 1362 - 2541

Mind the digital gapDid you know that 10 million Britons have never used the internet? Now the government, together with Digital Champion Martha Lane Fox, is calling for action to get millions more online by the end of 2012. The manifesto for a ‘Networked Nation’ sets out plans to inspire, encourage and support everyone in the UK to enjoy the benefits of the web. As more and more services and business move online, such a sizable part of the population cannot be left behind, especially during times of savings and cuts as digital inclusion can help to make government more efficient and effective.

In this issue of Government Technology we take a look at some ways government has the opportunity to become exactly that. How is virtualisation shaping up to drive the public sector’s cloud computing strategy (page 23); can a group of local authorities reduce payroll costs by jointly tender for new HR/payroll software (p.49); and how can technology encourage location-independent working (p.52).

Enjoy the issue.

FINANCE – The latest developments within financial and accountancy software

www.governmenttechnology.co.uk | VolumE 9.5

PAYmENT SECuRITY IT SERVICE mANAGEmENT

CAll CENTRES

INFoRmATIoN ASSuRANCE

Enabling efficiency through risk management at IA10

PluS Understanding the Digital Economy Act

Government Technology Online

PUBLISHED BY PUBLIC SECTOR INFORMATION LIMITED

226 High Rd, Loughton, Essex IG10 1ET. Tel: 020 8532 0055 Fax: 020 8532 0066

EDITOR Sofie Lidefjard ASSISTANT EDITOR Angela Pisanu

PRODUCTION EDITOR Karl O’Sullivan PRODUCTION CONTROLLER Reiss Malone

PRODUCTION DESIGN Jacqueline Grist

ADVERTISEMENT SALES Justine James, Luke Humphries,

Jeff Reed, Wendy Burrows PUBLISHER John O’Leary

SALES ADMINISTRATION Jackie Carnochan, Martine Carnochan

ADMINISTRATION Charlotte Casey, Victoria Leftwich

GROUP PUBLISHER Barry Doyle REPRODUCTION & PRINT Argent Media

If you would like to subscribe to Government Technology magazine please contact Public Sector Information Limited, 226 High Road, Loughton, Essex IG10 1ET. Tel: 0208 532 0055, Fax: 0208 532 0066, or visit the Government Technology website at:

8www.governmenttechnology.co.uk

P NEWS P FEATURES P PROFILES P CASE STUDIES P EVENTS P AND MORE

[email protected]

© K

odak

20

10. K

odak

is a

trad

emar

k of

Kod

ak

48_10_Ad_i4000_blizzard_EN.indd 1 12.03.10 11:15

7


CONTENTSGOVERNMENT TECHNOLOGY 9.5

11

Visit the website to view the categorised product finder www.governmenttechnology.co.uk

45

52

59

28

18

38

46

49

23

69

76

NEWS

STORAGEThe Green Grid has published guidelines and a required process for organisations to follow when determining the PUE score for their data centres

We take a look at how you can make sure information flows with a data and information management strategy

The new 360°IT event offers the public sector a new perspective on IT infrastructure

CLOUD COMPUTINGIs cloud computing taking the public sector by storm? Microsoft’s Mark Taylor investigates

VIRTUALISATIONHow is virtualisation shaping up to drive the public sector’s cloud computing strategy?

Virtualisation has become highly visible in the last few years because of its perceived benefits in reducing costs, enabling rapid deployment, and improving system availability

INFORMATION ASSURANCECESG’s Candida Hinks previews IA10, the government’s Information Assurance flagship event

A look at what CESG’s Good Practice Guide 13 (GPG 13) really entails

Focusing your efforts on the right firewall at the right time allows you to mitigate risk before it becomes a problem, says Tufin

David Lozdan highlights what the Digital Economy Act means for internet users

PAYMENT SECURITYWhat does PCI compliance mean for the public sector? Jeremy King from the PCI Security Standards Council explains

We take a look at how to achieve secure payment processing for the public sector

CONTENT MANAGEMENTOrganisations that consider the broader implications of an ECM investment will reap the benefits, advises The Content Group

OPEN DATAWhat are the challenges and benefits of opening up data?

FINANCEIs a joint venture between local authorities when it comes to payroll services the way forward, asks the Institute of Payroll Professionals

The Business Application Software Developers Association looks at

developments within financial and accountancy software for the public sector

MOBILE WORKINGThe Telework Association looks at the implications of mobile and flexible working for organisations, managers and the IT function

How has the government’s investment in police mobile systems panned out?

IT SERVICE MANAGEMENTKevin Holland explains the true potential of ITIL to improve all areas of government IT

We preview Service Management Expo, a must attend event for professionals across service management

Industry came together to celebrate the stars of IT service and support at this year’s IT Service Excellence Awards

CALL CENTRESCall Centre & Customer Management Expo 2010 will help you keep at the forefront of the contact centre industry

LEARNING & DEVELOPMENTVisitors to World of Learning 2010 will find extensive advice and the latest thinking on e-learning from exhibitors, seminars and conference speakers

EMC2, EMC, EMC SourceOne, and where information lives are registered trademarks or trademarks of EMC Corporation in the United States and other countries. © Copyright 2009 EMC Corporation. All rights reserved.

eGovernment initiatives not only facilitate enhanced services and cost savings, but also open the door to new challenges – from navigating paper-based processes to securing digital records.

Learn more about how EMC can help: http://uk.emc.com/government – Download our white paper “Solutions for National and Local Government”

A practical strategy for transforming paper processes into connected government

to effective eGovernment

Your roadmap

Digital Economy Act challengedBT and TalkTalk have filed papers with the High Court asking for a judicial review with regards to the Digital Economy Act. The two companies believe that provisions in the Act, aimed at the prevention of online copyright infringement, received insufficient scrutiny before being rushed through into law at the tail end of the last Parliament. The companies also believe the measures proposed to try to prevent online copyright infringement could harm citizens as well as impact both businesses. As a result, they are seeking clarity from the Court before they and others are asked to implement the Act. The companies are concerned that obligations imposed by the Act may not be compatible with important European rules that are designed to ensure that national laws are proportionate, protect users’ privacy, restrict the role of ISPs in policing the internet and maintain a single market.

NHS spent £1.6bn on ICT last yearNHS ICT spending topped £1.6bn in 2008-9, according to new figures. Of the £1.62bn spent on ICT projects in the NHS, £27m went on strategic health trusts, £682m on primary care trusts and £915m on NHS trusts. In total, capital expenditure amounted to £261m while revenue expenditure accounted for £1.36bn. The bulk of the spending over the year – £1.06bn – went to the National Programme for IT (NPfIT). Health minister Simon Burns disclosed the information in response to a written parliamentary question from Conservative MP Mike Weatherly.

London Mayor wants internet undergroundLondon Mayor Boris Johnson has given his support to plans to install Wi-Fi hotspots and mobile phone base stations in London Underground stations. Johnson said he was willing to consider any ideas that would help London become one of the most technologically advanced cities in the world, as long as they are financially viable: “The truth is that I’m on the side of progress if we possibly can do it. We could do it because I do think people want the facility of looking at their BlackBerrys,” he said. However, he did concede: “There are big technical difficulties. It’s very expensive.” Johnson has made no secret of his desire to give all of London wireless internet access, and last month told a Google conference that he had approached Europe’s largest broadband provider The Cloud, which already covers the City of London, to extend the coverage across the capital in time for the 2012 Olympics. Plans would include installing wireless hotspots in streetlights and bus stops.

NEWSINBRIEF consortium has been created to research new cloud computing

models to reduce the cost of hosting and maintaining internet-based services. The consortium comprising the European Union, universities and IBM, will undertake research that could lead to the development of new computer science models that bring together managed internet-based services from diverse hardware and software environments in a flexible cloud environment. The new design and deployment models could help cut costs compared with conventional models, which are complex and require significant time and cost to maintain. The current systems are not flexible and need to be manually customised for services to communicate and work together. The researchers hope to establish a framework to cut down the design and deployment time for such services by hosting them in a central cloud environment. The researchers will undertake a project called Artefact-Centric Service Interoperation (ACSI), which is based on a concept of interoperation hubs,

which was introduced by IBM Research last year. These hubs provide cloud-based environments in which flexible internet-based software and services can easily be created and deployed. Customers would pay for service integration and pay for the hosted services depending on data stored and transactions completed. Consortium partners will develop services and applications for the project.

A

Cloud computing research consortium set up

Over 9,000 child details put at risk by councils

he Information Commissioner’s Office

(ICO) has taken action against the London Borough of Barnet, West Sussex County Council and Buckinghamshire County Council for breaching the Data Protection Act. A systemic lack of staff training on how to handle personal information has led to the loss of sensitive personal information relating to thousands of children. Sally-Anne Poole, Enforcement Group manager at the ICO, said: “These three councils have shown a poor regard for the importance of protecting children’s personal information. It is essential that councils ensure the correct preventative safeguards are in place when storing and transferring personal information, especially when it concerns sensitive information relating to children. A lack of awareness and training in data protection requirements can lead to personal information falling into the wrong hands.” The London Borough of Barnet, West Sussex County Council and

Buckinghamshire County Council have signed formal Undertakings to ensure staff will be made fully aware of the policies of their council for the storage and use of personal data. The London Borough of Barnet and West Sussex County Council will also provide appropriate training on data protection and IT security, and ensure portable and mobile devices used to store and transmit personal data are encrypted. A further audit by the ICO will be carried out on the London Borough of Barnet within the current financial year to monitor the previous recommendations made to it.

T


www.governmenttechnology.co.ukGovernment Technology | Volume 9.5

Unique Touchstone Microsoft Dynamics CRM Solutions

• FreedomofInformation • ComplaintsManagement • BusinessInformation • CaseManagement

• ContactCentre • ConstituentManagement • FieldInspection • FundsManagement

As organisations strive to meet the broad modernisation agenda for e-Government, managing customer relationships is vital. CRM solutions empower your staff to maximise their potential and ultimately to deliver better services to citizens.Touchstone’s unique Microsoft Dynamics CRM Solution can help deliver operational efficiencies and improve access to front-line services through integration to Back Office systems. We have worked with over 1200 clients, including Basingstoke & Deane Borough Council, London Borough of Hackney, London Borough of Lewisham, London Borough of Merton and Royal Borough of Kensington and Chelsea.

w: www.touchstone.co.uk e: [email protected] t: 0800 0345 424

• GrantsManagement • PersonnelManagement • TaskManagement • CorrespondenceManagement

08 THE BUSINESS MAGAZINE FOR GOVERNMENT TECHNOLOGY

www.governmenttechnology.co.uk Visit the website to view the categorised product finder

QUANET IS ONE OF THE UK’S largest Buying Solutions accredited IT reseller with specialist teams dedicated

to serving the public sector. We have over 20 years of experience in dealing with local and national government bodies and in that time we have developed a wealth of experience that makes us unique. Not only do we provide a wide range of technology products, we also offer sector specific solutions and consultation that can really benefit your department. As a public sector partner, you will have access to a dedicated account team to ensure Equanet delivers on its promises, as well as full online support where you can place orders and monitor your account with ease. Through this close working relationship we have become the partner of choice and more than just a supplier of IT equipment to over 25,000 local and national government authorities, departments and agencies across the UK. At Equanet we work with manufacturers and service providers to give our customers access to the products and services that are the mainstays of successful IT implementation in the public sector. Our team deal solely with similar customers and therefore has the necessary expertise and understanding to ensure that working with us is easy and stress free.

Equanet can:• Identify and procure the most suitable and cost-effective IT equipment for your requirements• Configure and deploy any kit, integrating within existing IT systems • Seamlessly integrate Mac and PC environments • Work in a consultative nature to help future-proof your technology requirements, helping you to save money in the long run• Offer full support for any and all IT equipment you purchase.In fact, from understanding what your IT requirements are, to helping you identify the IT equipment you need, installing and providing full support, Equanet is with you every step of the way.

We pride ourselves in working jointly with you to understand your needs for IT equipment and develop the best IT solution for unique requirements that many public sector bodies face. We are also an Apple Solution Expert, making us masters of integration for Mac and PC. Visit our site at www.equanet.co.uk to see our range of services that we can provide at special prices for the public sector. Or call our Public Sector team on 0844 871 2409, Monday to Friday to discuss your technology requirements and how we can help you and your department deliver the IT solutions that can make a real difference.

FOR MORE INFORMATION

Contact a member of the team today on 0844 871 2409 or visit www.equanet.co.uk

IT equipment budgets being squeezed? At Equanet we can make them reach further

E

rganisations that flout privacy online risk a double

whammy of enforcement action by the Information Commissioner’s Office and the loss of trust from customers. In a speech on privacy protection, Christopher Graham, the Information Commissioner, appealed to businesses, charities and public bodies to be straight with consumers so that people know why their personal information is being collected, how it will be used and who else may end up seeing it. Launching the ‘Personal information online code of practice’ – the first guidance document of its kind – Christopher Graham said: “The benefits of the internet age are clear: the chance to make more contacts, quicker transactions and greater convenience. But there are risks too. A record of our online activity can reveal our most personal interests. Get privacy right and you will retain the trust and confidence of your customers and users; mislead consumers or collect information you don’t need and you are likely to diminish customer trust and face enforcement action from the ICO.”

Organisations that adhere to the good practice tips in the Code of Practice will enable consumers to make an informed choice about whether they sign up for a particular online service. Keeping out of date records or not holding personal information securely help nobody and could result in enforcement action. A guide for consumers is published alongside the Code giving advice on avoiding online scams, the importance of being cautious about who you are disclosing information to and using privacy settings effectively.

elford and Wrekin Council has launched a new customer

driven website that delivers a more “personalised experience for anyone making online contact”. The new site aims to deliver on several objectives for the Council’s ambitions for web services, including the provision of access to services at a time and place convenient to the customer – with the objective of moving to 24x7 service access. The website also makes it easier for customers to find what they are looking for by delivering a “one council-

one source” approach to services delivery. The flexible nature of the framework put in place has already seen positive results for the Council, including increased user ownership. As a result, over 90 “virtual authors” are now in place across the council and 20 Team Champions have been established to promote the change in approach being adopted. The number of web pages has been slashed by over a third (35 per cent) since the new platform was adopted. Telford and Wrekin also claims to be achieving better compliance with web standards and government legislation.

B

Council launches customer-driven website

O

New online privacy rules

IT efficiencies to help save police £1bnThe National Policing Improvement Agency (NPIA) will save the police service £150m in 2010/11 and is on course to help the service save at least £1bn by 2015, through improvements to its IT infrastructure and procurement decisions. Chief executive Peter Neyroud has outlined savings the NPIA will help the service to achieve this year, including £25m cash-saving improvements for the service through better use of technology and procurement, as part of a broader scheme to save £200m on police IT by 2015, and £10m of savings from helping police forces to share back-office functions, such as finance and HR as part of a plan to save £75m by 2015.

Broadband legal right for FinnsFinland has become the first country in the world to make broadband a legal right for every citizen. New universal service obligations for telecom operators have taken effect meaning that broadband access will be included in basic communications services like telephone or postal services. Telecom operators must be able to provide every permanent residence and business office with access to a reasonably priced and high-quality connection with a downstream rate of at least 1 Mbps.

1.9 million more Britons using the InternetThe size of the UK internet audience grew by five per cent from 36.9 million people in May 2009 to 38.8 million people in May 2010. Of the 1.9 million new Britons using the Internet, 1.0 million (53 per cent) were at least 50 years old. Men over 50 were responsible for most of this growth, accounting for 722,000 (38 per cent) new British internet users followed by women over 50 who accounted for 284,000 (15 per cent) new users, according to figures from UKOM (The UK Online Measurement Company powered by Nielsen).

NEWSINBRIEF



Rural broadband in Wales gets £2m support

roadband will be brought to some of Wales’ rural areas

with the help of a £2m support scheme. A maximum of £1,000 will be available per individual application when the project starts this summer. Deputy First Minister Ieuan Wyn Jones, who launched the project in the village of Blaenplwyf, near Aberystwyth, explained how it will work: “People will be able to

make an application for the grant. That grant will be processed, an agreement will be made for somebody to make that connection for them. The cost will be paid for under the grant and of course people will then make their own arrangements with the provider.” Initial funding of about £2m has been allocated, with discussions under way to access European money from the Rural Development Plan.

B

Socomec UPS · Units 7A-9A Lakeside Business Park · South Cerncey · Cirencester · GL7 5XL · Fax 01285 862304 · www.socomec-ups.co.uk

GREEN POWER UPSUninterruptible Power Supply systems:• 96 % certifi ed effi cient – even at low loads• True-online, double conversion• 12 % more active power• 0.99 input power factor• Extended battery performance• Flywheel compatible

ECA Approved for government paybackEnhanced Capital Allowances scheme:• Claim TAX back on new purchases• Meets government energy effi ciency criteria• Listed on energy technology product list (ETPL)• Find out more on www.eca.gov.uk/etl

Contact us now on:

01285 [email protected]

The highest efficiency performance on the market

The Green Power efficiencyis certified by TÜV SÜD

FlywheelCOMPATIBLE B U R E A U

V E R I T A S

Invest in energy-saving equipment today to improve your bottom line and PUE as well as help your carbon footprint.

pub_620013_178x125.indd 1 16/06/10 9:41:58

Under normal circumstances, your security management system helps you regulate and monitor employee and visitor traffi c. In an emergency, you want to retain the same level of control. With Nedap AEOS Security Levels, you keep full control of access to your prem-ises, even in a crisis. Authorizations can be changed or revoked at the click of a button, thanks to the security levels which can be pre-defi ned in AEOS. AEOS Security Levels al-lows you to react rapidly to circumstances that could seriously affect your security. Take no chances. Nedap AEOS.

Is your Security Management system prepared for a crisis?

For more information, please contact Nedap Security Management at +31 (0)544 471 111, [email protected] or visit our

website www.nedap-aeos.com

IT RECRUITMENT FOR THE PUBLIC SECTOR In the current financial climate, IT recruitment has become even more important to the public sector.

P.S.E Solutions prides itself on a cost effective recruitment process that will be beneficial to their clients. Paul Prince, Director (REC/FIRP) qualified has over 20 years experience in IT recruitment and has recruited for many blue chip organisations.

At P.S.E Solutions we pride ourselves on long term relationships with clients and have been supplying the same clients with employees for over 10 years UK wide. We feel that it is important to understand your clients needs fully and therefore providing an efficient and cost effective recruitment process. We are a REC member and adhere to their strict recruitment policies and procedures. Call now for an informative discussion on how our services can benefit you. Telephone: 0844 4780067 Mobile: 07810 201167Email: [email protected]


POWER EFFICIENT METRICS

AN INCREASING NUMBER of organisations are using The Green Grid’s PUE metric to promote the efficiency of their data centres. In general, this is a very positive trend, as it demonstrates that the industry is willing to put forth a level of effort to improve on energy efficiency and challenge others to do the same. Interpreting results from individual data centres can, however, be confusing and at times misleading, and comparing different data centres has become challenging. Creating and promoting the PUE measurement information, while a great first step, actually falls short of what data centre managers need, because there are various ways to calculate results, and too much weight can be put on one-off circumstances. For example, the number doesn’t address when measurements were taken, where they were taken, or how often they were taken.

COMMUNICATING THE INFORMATIONConsidering each data centre is different, and because the ability to take ongoing accurate measurements inside each data centre varies so dramatically, The Green Grid has published guidelines and a required process for organisations to follow when determining the PUE score for their data centres. This includes a standard nomenclature that will enable organisations to communicate more specific and relevant information about their scores. As a result, the “absolute” reported PUE number will change, but the granularity will result in a more accurate “apples-to-apples” comparison across different facilities.

To provide a meaningful report of PUE, the reporting organisation should provide additional information about the data collection process. The Green Grid has outlined four specific types of information: the manner in which the data was collected, the type of equipment from which the data was collected, the timeframe covered by the reported value, and the frequency with which individual data points were collected. This data falls into three levels:• Level 1 (Basic): The IT equipment is measured at the UPS, total facility power measured at the data centre input, and minimum measurement interval is monthly or weekly• Level 2 (Intermediate): The IT equipment is measured at the PDU, total facility power measured at the data centre input except for the HVAC, and minimal measurement interval is daily• Level 3 (Advanced): The IT equipment is measured at the device (server, switch, etc.), total facility power is measured at the data centre input less shared HVAC plus building lighting, security, etc., and measurements are taken continuously.Organisations can provide this additional information by adding a subscript to the name of the metric being reported. For example, PUE would be reported and formatted as PUE

a,b,

where “a” describes the metering placement level and “b” describes the measurement frequency and averaging period. For example, 1.8 PUE

L2,WC would mean: weekly average

PUE score of 1.8, using data points gathered continuously with a Level 2 meter placement.

REVIEWING RESULTSOnce end-users start to use these guidelines, The Green Grid plans to review results that end-users want to communicate to the public by categorising these results into four groups: Unrecognised: This category appears when the reporting organisation does not provide any additional detail as to the means or manner through which the data was collected, the timeframe covered by the result, or the granularity with which individual data points in the result were collected. While The Green Grid applauds any attempt to measure or calculate results, it will not comment on unrecognised, publicly reported figures. Accordingly, The Green Grid places no requirements on, nor has any specific recommendations for, unrecognised results. Reported: The second class of results appears when the reporting organisation has submitted data using the proper nomenclature from The Green Grid and has self-certified using the measurement methodology defined for PUE.

The Green Grid will not recognise these results and will not provide any additional comment, and reported results that are not “Registered” (see below) will also not be specifically referenced within The Green Grid’s website. Registered: The third class of results falls under the category of “Registered”. To register a result with The Green Grid, the reporting organisation must provide additional data about the result and provide contextual data from The Green Grid’s database. This helps by providing key additional data that The Green Grid will use in commenting on and analysing overall industry performance and data centre energy efficiency trends. One key benefit in registering results is that the reporting organisation will receive a registration number if they meet the requirements, and this registration number may be used in any public document to verify that the organisation has met The Green Grid’s requirements. The Green Grid is working to provide a way for reporting organisations to record this data with The Green Grid – most likely a page on The Green Grid’s website. In the meantime, The Green Grid’s site will have the most up-to-date information on specific data elements, which will be refined over time. Certified: The fourth class of results, “Certified”, has the most stringent data reporting requirements. In addition to those items required for a result to be “Registered”, the reporting organisation will provide contextual data, and any additional data, for third-party validation or certification of results. This additional data will allow organisations to qualify for inclusion in future award or recognition programs created by The Green Grid. The Green Grid will accept any original source materials or publications necessary to validate the claim. It’s also important to note that due to the limits of physics, any reports to The Green Grid with PUE measurements less than 1.0 will automatically be rejected. It’s impossible for an organisation to be more than 100 per cent efficient using today’s metrics. Whether an organisation wants to report their PUE results to The Green Grid according to the Reported, Registered or Certified classifications, this is a step forward for the industry. It provides consistent, apples-to-apples reporting, allows the industry to identify and promote exceptional results, and provides a level of quality assurance for all data centre managers.


Web: www.thegreengrid.org

The Green Grid has introduced a new free online tool for data centre managers to record their power usage effectiveness scores


STORAGE


RADICAL OR BACK-TO-BASICS?

YOU MAY HAVE ISSUES with your data system and, with budgets tight, you might not be faulted for opting to build a new one with just a few improvements, using for instance a different product that performs broadly the same task, but without the issues the prior system. This can be flawed thinking though as the new product will undoubtedly have different challenges that you just have to hope are not as bad as the last. Such changes also can only ever deliver purely incremental change, never provide something fundamentally different. You could propose then that this is an argument against doing anything, but of course it isn’t. For example, replacing a server with a virtual one leaves you with pretty much the same server functionality but operational benefits and efficiencies come in droves. Transformational changes like this cost money but they save much more in terms of utilisation or even provide possibilities that were just not open before. Unfortunately, if you talk to anyone with responsibility for Information and Communications Technology (ICT) in the public sector today you will get a worried frown – where will the money even for cost savings come from? Where will the cuts in spending and staff fall?

FINDING THE SAVINGSWith the spectre of cuts almost everywhere, only the IT projects with the best justification will get a nod – and these will often be the ones that will also deliver assured savings. This is what leads us back to where we began – if you make incremental changes the savings are incremental too. However, big changes to infrastructure and different approaches can yield huge savings and deliver services once thought too expensive. There are a few key methods and initiatives that are effective on their own, but combined can be even more worthwhile, such as data management and shared services. The first of these is to implement a data and information management strategy. This may sound very basic to some or a massive job to others, but very few see data as a river running through the organisation, it’s usually seen as “piles of stuff” scattered around and categorised by owner or function and treated accordingly. This scattered approach often suits the data management vendors as they like to sell lots of products to deal with these “piles” of data all over the place. Stepping back and taking the “river” view allows you to plot where data should be throughout its life, automating its travel and protection along the way. Combined backup, disaster recovery and archive strategies can significantly reduce the amount of tier-one

storage required as well as massively cut the cost of Disaster Recovery (DR) without necessary pooling resource. Another advantage of handing control of data management over to a software layer is that it breaks the link between features and hardware, allowing any choice of disk with a number of knock-on effects. Firstly, disk prices drop when you are not tied to a specific vendor and it means that innovation such as drives that spin-down can be introduced to help achieve other key initiatives such as carbon reduction without continually pumping more disk into tier-one arrays. Secondly, having a single point of control drastically reduces integration and reporting headaches, with much less time spent on customisation or what should be simple configuration changes.

AVOIDING BLACK HOLESThe other key change that comes about when you treat information as something that flows is that you have an opportunity to dip into one place and see everything that runs past. Right now many organisations in the public sector struggle with freedom of information (FOI) requests or can see the benefit of something like the Local Government Classification Scheme, but can’t see a way to implement it in a cost effective way. Even those that introduce Enterprise Search Technology often find gaps in coverage and end up with two or more search tools – one for the compliance archive and one for live data for example. Combining and correlating results from two or more systems can be a tiresome task and worst of all, there will still be huge “black holes” where key information can hide. Having one place to search live data, archive and backup provides real benefits and once in place it is possible to design automated searched so that data required on a regular basis can be pre-searched and collated ready for use. The biggest excuse held up by ICT executives for not having a true “data and information strategy” is mostly around having a mandate for unilaterally applying data management policies – certainly guidelines exist but these are often seen as minimum standards. Better to have forward thinking ICT executives that stay ahead of the curve, rather than those that wait for regulation and rely on expensive 3rd party eDiscovery services when the issues could have been dealt with at the root cause for much less.

KEY INITIATIVESA great example of this is e-mail archiving and the related search tools. For years IT managers and directors alike have said there wasn’t the need for compliance style archiving predominantly designed for a regulation in

the US, which didn’t apply to the business world in Europe, let alone government bodies. Time has proven that the IT managers and directors that decided to implement such an archive system made big savings – deadly Outlook PST files that clogged up backup jobs disappeared and employees that could find e-mail and attachments more quickly and were not subject to inbox space limits became much more productive. Not only does this kind of archive help with backup and staff productivity but it also aids the reliability of the e-mail servers, reducing the need for so much tier-one disk for e-mail. If not done correctly though, these archives can add to the “piles of data” mentioned earlier. The second key initiative, which has been positively encouraged by central government, is shared services. Economies of scale make perfect sense and a pooled budget used centrally can achieve levels of service that are out of reach of more modest purchasing power. There are many challenges to overcome, which are well documented in terms of partners, personnel, decision making, legal and budget related, but once achieved the dividends will kick in. The initial decision of exactly what to share is often the easiest – common core services such as HR and net new projects with a lead authority are favourites, though it could be as simple as providing rack-space and power for DR on a mutual basis, though the latter is unlikely to have a significant financial benefit. Combining data and information management into a shared service instead of attaching it to a group of processes like a Common Media or HR department may seem alien, but a fundamental

Many talk about information flow; the challenge is that it doesn’t flow unless you design it that way, says Nigel Tozer, business development director, EMEA, CommVault

www.governmenttechnology.co.uk Government Technology | Volume 9.5

STORAGE

Nigel Tozer, business development director EMEA, CommVault

shift can be made that sets costs savings in stone for many years. Commercial entities have traditionally made use of hosted services more so than public sector bodies and this is increasing with the advent of smarter, more customisable and more scalable technologies delivered via a cloud model. Government directives on data security often preclude cloud use for public bodies but there is nothing stopping groups of such bodies creating their own “cloud” of IT services or indeed data and information management specifically, such as backup, DR, archive and eDiscovery.

OVERCOMING BARRIERSIn the past the barriers to sharing IT were technological – especially with data protection and eDiscovery. The ability for one party to access or change protection levels for privileged or secure information of another party is not an option; nor is running a search against documents containing personal data if you don’t have the authority. For example, you wouldn’t want a call centre operative able to run searches that pulled up child welfare information. Thankfully, choosing the right technology means these challenges just aren’t there anymore, which paves the way for shared data and information services that are transformational. Not only can control be central but it can also be confidently delegated or made self-service with full auditing of who did what, and when, for extra piece of mind. The flip side to this level of management is that data protection functions can be merged with fault tolerant and load-balanced processes that reduce the server and media footprint as much as virtualisation helps with the production server estate. Choosing the right system means that archive can also be rolled right into the same infrastructure for even greater savings. Deduplication is one of the hottest technologies around in the data protection space and can be effectively distributed via the data management software layer – off-site DR and remote protection all of a sudden become viable and automated from one place without expensive hardware lock-in or restore penalties. Whilst all of this is transformational from an ICT perspective, apart from the budget savings and the ability to increase the quality service with less of everything, just gaining access to the right information can be the biggest benefit. Legal, HR or regulatory searches can become quick and easier without the black holes; they can even be spread throughout the user-base with secure role-based limits on scope. Data and information management seems anything but radical until you really do get back to the basics, which is when fundamental improvements can be achieved.


Web: www.commvault.com



With the spectre of cuts almost everywhere, only the IT projects with the best justification will get a nod – and these will often be the ones that will also deliver assured savings

STORAGE

...to usit represents our resilience in an ever-changing industry

Whether you are looking for products or services to help you to...

Enline’s solutions are based upon technologies from the leading manufacturers and implemented using our consistent and tried methodology for deployment. They are proven to increase security, improve access to information and reduce costs.

Providing impartial and trusted advice on Information Security and Infrastructure solutions

for 25 years.

to most25 is only a number...

Improve• Identity Management

• Data Sharing

• Information Security

• Compliance & Governance

• User Provisioning

Secure• Infrastructure

• Authentication

• Network Access

• Remote Connectivity

• Federated Access

www.enline.com 0844 800 1985


WHERE BUSINESS ISSUES MEET THEIR IT SOLUTIONSTHE NEW 360°IT EVENT taking place at Earls Court 22-23 September is a fresh, new event born out of extensive research with IT professionals from CIOs to IT managers by Reed Exhibitions, the organisers of Infosecurity Europe. The event is strongly targeted at the public sector with Mr Chris Chant, director of the Government Cloud Programme, delivering the opening address. Other public sector speakers include Mr James Gardner, CTO, Department of Work and Pensions; Mr Mateen Greenway, chief technologist EMEA Defence, Security, Government & Healthcare; Mr David Jones, CIO, Crown Prosecution Service; and Mr Chris Price, head of ICT Solutions, Highways Agency. SOLUTIONSThe event will deliver the holistic view of the solutions that support the entire IT infrastructure. A visit to 360°IT provides an essential road map of current and emerging technologies, including Security, Storage, Network & Communications, Virtualisation, Data Centres, Applications, Enterprise 2.0, Information Management, Cloud Computing & SaaS, Business Continuity, and Risk & Compliance. With 100+ top IT providers exhibiting from across the globe, it offers a comprehensive showcase of solutions, products and services. High level strategic content, product demonstrations and technical workshops facilitate vendor and end-user collaboration, to create IT infrastructure that will enable government organisations to reduce cost and manage risk, ensuring they provide UK citizens with an improved level of service. BUSINESS NEEDSA third of organisations do not have an integrated IT infrastructure that can deliver what the business needs according to a poll from 360°IT. The majority of organisations (52 per cent) have what they need for now, but only 15 per cent have an IT infrastructure that is sufficiently flexible to meet their changing needs. According to Denise Plumpton, an experienced top-tier CIO and non-executive director of 360°IT, the important challenge is to ensure you have an integrated infrastructure that can deliver what the business needs now, yet is sufficiently flexible to meet your (inevitably) changing needs. The 360° IT Keynote will address the key issues and pressures that government

organisations face in an environment that is increasingly mobile and fast paced, but also one where cost effectiveness is the key priority. The programme features leading experts giving unique analysis, end-user “real-life” experience, strategic advice and predictions in the form of panel discussions, to ensure that you have all the information that you need to galvanise your IT infrastructure within the strict budget constraints that your organisation is facing. Clive Longbottom, service director, Business Process Analysis, Quocirca Ltd will lead a panel on ‘Is IT a Strategic Weapon or Survival Tool?’ The discussion examining how to drive home the importance of IT within the wider business function, will involve David Chan, director, Centre For Information Leadership, City University London; Nick Gaines, group information systems director, Volkswagen Group UK Ltd; Michael Warren, CTO, The London Metal Exchange; and Marcus East, head of Future Media & Technology, Comic Relief. IT INNOVATIONJim Mortleman will lead a keynote panel on IT Innovation that will provide exclusive access to leading research and innovation within the IT industry, offering a unique chance to get a glimpse into the future of the IT industry. Panellists include James Gardner, director Corporate IT & Future Design, Department For Work & Pensions; Ms. Katherine Coombs, CIO, Morrison Facilities Services; and Ian Alderton, former European CIO, Wachovia Bank. Ms. Mette Ahorlu, consulting director, IDC European Services, will chair a panel entitled ‘Are Hosted Services the Way Forward?’ Panel members Myron Hrycyk, CIO, Severn Trent PLC and Mark Hall, director of IT, HMRC will review current hosted services on offer, addressing the important questions to ask when considering if it is the right choice. The panel on ‘Is The UK Knowledge Economy Dead?’ will highlight what the government can do to stimulate innovation and enable UK businesses to climb back to the top of the knowledge economy tree. The panellists debating how to engage the IT leaders of tomorrow includes Nick Illsley, chief executive, Transport Direct; Ian Brinkley, director of The Knowledge Programme, Work Foundation; and Jayne Nickalls, chief executive, DirectGov. The panel entitled ‘The Changing Role of the CIO’ will investigate what transformational leadership is and what it can achieve and will feature David Jones, CIO, Crown Prosecution

Service; Lee Bryant, founder, Headshift; Adam Thilthorpe, director for Professionalism, BCS; and Peter Birley, director of IT & Business Operations, Browne Jacobson LLP. The panel entitled ‘Adversity: the Mother of IT Innovation’ will consider the importance of ensuring IT innovation always keeps a place in your organisation and the benefits it can bring to the business. Panellists include David Chan, director, Centre for Information Leadership, City University London, and Chris Price, head of ICT Solutions, Highways Agency.


For free entry and further information about 360°IT, visit www.360itevent.com

360°IT offers the public sector a new perspective on IT infrastructure


STORAGE

Secure• Infrastructure

• Authentication

• Network Access

• Remote Connectivity

• Federated Access

Where Business Issues Meet Their IT Solutions

360°IT - 22-23 September 2010, London, UK360°IT demonstrates how IT solutions can help to achieve key business objectives such as improving service, reducing cost, managing risk and gaining competitive advantage.

No other event offers the holistic view that IT professionals need to ensure the management and development of a flexible, secure and dynamic IT infrastructure.

Register now for FREE entry at:www.360itevent.com

®

ORGANISED BY: OFFICIAL MEDIA PARTNER: OFFICIAL ASSOCIATION PARTNER:

STRATEGIC PARTNERS:


IS YOUR IT SECURITY DOING ITS JOB?RECENT INCREASED ACTIVITY by the Information Commissioner’s Office to penalise organisations that fail to secure confidential personal information has put many government organisations under increasing pressure and raises the question, how can you be sure that that your IT systems are secure? Even if you have invested in the best security equipment how you can ensure it is always working effectively? As however good your equipment if it is not set up and tested correctly there is no guarantee it will protect your citizens’ data and prevent you becoming another government organisation to be vilified by the media. In a recent test of IP filtering devices run by NSS, an independent testing company in the USA, none of the security appliances on test were able to block 100 per cent of the attacks. The appliances on test were from the major suppliers in the industry and the worst performing appliance only stopped 17.5 per cent of the attacks. The best appliance only stopped 89.5 per cent and this was only after the appliance vendor had their own highly skilled engineer configure the appliance to provide maximum attack coverage. This means that in the best case scenario 11.5 per cent of attacks got through the defences and could easily be the ones that cause the most damage. AVERAGE USERSSo where does this leave the average user of these appliances? Unless you are an expert in configuring security appliances, or you are prepared to engage an expensive, skilled engineer to do the job for you, then you need to have some method of independently checking that they are doing what they are supposed to do – keeping the hackers out and your systems secure. This is where Traffic IQ Pro comes in. IQ Pro is an automated auditing and penetration testing tool designed to test the response and recognition capabilities of security defences where IP based packet filtering systems are used. It’s used by people in the know within the industry at companies such as Microsoft, HP, 3Com, Cisco, Juniper, Checkpoint, US Army, Singapore Government, Top Layer, Trend Micro, PCCW, AT & T. In addition to testing that malicious traffic is kept out it will enable you to check if confidential data can “leak” out of your network and that good traffic is not being denied. For people who understand the importance of network security and have some understanding of the principles involved this is the tool to use. So why haven’t you heard of it before? That’s a good question – you have now. IQ Pro can be safely used In live systems (see

tech insert) and does not require a “sacrificial host”, as scanners used in traditional “pen testing” do. It is deployed in “stealth” with no use of the TCP/IP stack and is immune to IP based attacks. Version 2 of the product is just about to be released and includes many new features that seriously beef up what is already a very strong tool. In the new version a scripting engine is included to allow attacks against end-points, automation of tasks, tests on ports to ensure that they are working etc. Well known hacking evasion techniques can be applied to traffic files for those who really want to test their appliances like a seasoned hacker. The reporting module has been enhanced and high quality security rules are included for each new traffic file. The security rules can be used in your appliance if it fails to stop the attack to provide complete protection.

The result is a definitive analysis of the capability of the appliance to stop the attack. Now even if you believe that your network is secure from attack you can prove it one way or another with IQ Pro. As Kevin Beaver, the author of Hacking for Dummies, said: “Traffic IQ Pro is a must-have for testing network security systems and performing security assessments. It’s a serious tool for serious information security.”


It’s the best kept secret in the security industry and it’s available now from Idappcom Ltd www.idappcom.com or call them UK 0800 680 0791 / 020 3355 6804 US 1888 4338835

How can you be sure that that your IT systems are secure?


HOW DOES THIS WORK TO PROTECT YOU?

The software version of IQ Pro is installed on a PC with a minimum of two network cards – one connected to the internal interface of the product being tested, and the other connected to the external interface. Or you can buy the appliance version which comes pre-installed on a 1 U high appliance. Both versions come with a library of “real world” threats and attacks which can be replayed through the IP filtering device. Each traffic file is a capture of the network traffic of a real attack and is divided into the two halves of the “conversation” - one consisting of those packets sent by the client, and the other those packets sent by the server. Each packet is then replayed in the correct

sequence through the correct network card in order to arrive at the appropriate interface of the sensor. Multiple sessions contained within a single capture file are handled correctly, with intelligent replacement of the IP addresses for each session. During the replay operation, the sensor will see the correct SYN on the correct interface, followed by the SYN ACK on the opposite interface, followed by the ACK on the first interface, and so on throughout the capture file. Thus the sensor will see the attack as it was originally played across the wire.

STORAGE


MIGRATING TO THE CLOUD

CLOUD COMPUTING could be more revolutionary than the invention of the PC in public sector IT, according to the Society of IT Managers, the body for public sector ICT management. A bold statement? Yes. An accurate assessment of reality? Only time will tell. What is not in doubt is that the delivery of applications via the cloud will have an impact on the way government IT and public services are delivered. Fiscal austerity is the new international trend and, given the recent budget, the same can be said of the public sector. This, combined with the potential for enhanced delivery of public services, means we will see more and more public sector IT departments thinking out cloud as migration to this new model becomes an attractive proposition in the coming decades.

TAKING US BY STORMTo say cloud computing is taking the public sector by storm would not be unreasonable: payroll, human resources, management and resource planning, for example, are all being either considered for migration to be delivered via the cloud, or have already made the transition. While many public sector departments may not have complete autonomy to migrate their entire back-end processes and functionality to be cloud based, the desire for much improved

public services coupled with the more urgent need for cost savings is driving more and more government departments to consider where cloud computing can fit into their strategy. In terms of cost savings, the government believes it can save £3.2bn annually in IT costs through a combination of actions with cloud computing at its heart. One part of the strategy, which will save the government

£300 million a year through reduced power usage according to the government’s ICT strategy paper, is to consolidate the many data centres owned by the public sector down to 10 to 12 secure, mega centres. These data centers will be used to host the government cloud – the idea being that public sector bodies will then be able to choose their applications

– such as word processing, communication or customer relationship management tools – from a store on this government cloud. According to Government CIO John Suffolk: “The technology has matured to allow us to do this now and it will mean we can cut costs and deliver better public services.” It’s not just the UK government implementing cloud solutions. Across the world, governments

are hoping to reduce IT expenditure and cloud computing is seen as a big part of the solution. In the US, every new IT project the Federal Government takes on has to consider a cloud computing approach. And in Taiwan, the government recently announced a huge US$800 million investment in creating a government cloud service. Under the

How will cloud computing impact the public sector? Microsoft’s Mark Taylor weighs up the arguments


CLOUD COMPUTING

To say cloud computing is taking the public sector by storm would not be unreasonable: payroll, human resources, management and resource planning, for example, are all being either considered for migration to be delivered via the cloud, or have already made the transition

plan, the Taiwanese cabinet will combine the information systems in over 4,000 government organisations around the island into two to three cloud-computing centres.

PUBLIC SERVICE DELIVERYHowever, while saving costs in this era of financial strife is vital, without visible benefits to the public, the strategy runs the risk of being mooted a letdown. The ultimate aim then, for any government cloud computing strategy, is to improve public services. As the UK public becomes increasingly familiar with cloud-based consumer functionality, from e-mail to online storage to banking, there is growing pressure that public services should too allow citizens to be more autonomous with their own information. Earlier this year the former UK government announced it wanted to create a personalised webpage for every citizen by 2015. This was to be a place where citizens get medical advice, pay their taxes, license their car and even consult their child’s teachers – all from a computer. If this initiative survives into the new administration, it will revolutionise how we interact with our government. It will give a citizen centric, single view of the state and will mark the biggest change in how we interact with the government and public services since the formation of the modern bureaucratic state. This will give us access to governmental departments and services anywhere we are in our lives and will lead to the connected state where we can access any public services we like through one uniform website rather than dealing with a plethora of departments. The move could also see the exponential reduction

in back office functions for departments dealing with job centres, tax, vehicle licensing, passports and housing benefit within ten years as services are offered through a single digital gateway.

A WORD OF CAUTIONCloud computing though is no silver bullet to awe-inspiring public services or the budget deficit; there are still challenges to consider. Making decisions based on anticipated return on any investment can be tricky. In addition, there will also likely be hidden management, transition and usage costs that need to be uncovered and assessed early and repeatedly in the decision-making process. Not only that, but there is an initial outlay of costs, as well as integration fees and technological upgrades, to consider too. The cost savings need to be viewed with a “short term loss, long term gain” pair of spectacles. Another factor to consider is that complex IT legacy systems are not necessarily good candidates for migration to the cloud. Based on feedback from the private sector, cloud computing might be better suited to enabling new processes, applications and services that have been too difficult or expensive to offer previously. Interoperability and lock-in also need to be considered; government agencies don’t want to escape one contract only to be locked into a cloud agreement for many years, preventing further innovation. Then there are the major challenges of data security. While, in principle, cloud computing is little different from more traditional outsourcing arrangements, public sector IT managers will have to consider whether the security surrounding cloud environments

complies with laws, policies and protocols. A chief concern arises around the potential for a cloud environment to have multiple tenants. Departments may not know or trust all of these tenants – and the risk of information theft or reputational harm may discredit the entire process in the eyes of the public. A final challenge will be ensuring business continuity. Gmail, Amazon and SalesForce have all experienced significant outages over the past two years. It is important therefore, that strategies are in place to reduce the risks, such as effective SLAs, disaster recovery of material and business continuity planning. Conversely, however, cloud computing may mitigate some of these risks by enabling the public sector to replicate data and business processes in the cloud, where they can be warehoused more safely than at existing data centres at minimal cost.

THE FUTURE IS SETCloud computing is not a panacea to complex, inefficient public services or a costless process that can engender immediate financial windfalls. As I mentioned above, there are challenges facing every public sector department IT manager and issues to be overcome. Yet the potential benefits, societal, economic and political, are of the likes we have never seen before. We are on the cusp of democracy at its purest form through the PC. Cloud has the potential to revolutionise how we operate as a country and how we interact with the government and with each other. It is this potential that will, I think, ensure that cloud computing remains steadfastly at the top of the IT agenda for the public sector for many years to come.



CLOUD COMPUTING

HE PRESSURE is on to improve operational efficiency and reduce costs. But how do you do this

without investing extensive amounts of resource and time? It’s quite a challenge. With over 120 advisors throughout Europe, EquaTerra has deep expertise in Finance and Accounting, HR, IT, Supply Chain Management and other critical business processes. We help companies significantly reduce costs and improve effectiveness and efficiency through internal process delivery improvements, shared services, outsourcing and global sourcing solutions. Our advice is based on the experience of our advisors, who on average have over 18 years of experience, many as former CIOs, transaction and transformation architects and former outsourcing providers. At EquaTerra they have been involved in thousands of optimisation and outsourcing projects, resulting in significant savings for clients. This experience,

along with our robust database of service delivery costs, service levels and contract deal terms, provides significant advantage for companies evaluating change initiatives. EquaTerra’s range of sourcing advisory services spans in-house optimisation through our Governance Health Check and sourcing strategy support; measurement of value through our value assurance and benchmarking assessments; post contract transition and change

management support, all underpinned by our four-stage methodology that supports the entire sourcing lifecycle through strategy, procurement, implementation and operational optimisation.


Tel: 0845 838 7500Fax: 0845 838 7600E-mail: [email protected]: www.equaterra.com

Rising to the challenge of cost reduction

T


CLOUDY THINKINGWHAT IS THE FUTURE OF THE G-CLOUD? This question is being frequently asked. In April 2009, under the previous government, the Treasury unveiled its Operational Efficiency programme and set out to save £7.2 billion from IT and back-office systems, with shared services and outsourcing fundamental to the transformation. The G-Cloud was to form a key part of the strategy. As recently as January this year John Suffolk, the Government CIO, announced plans to create a secure government cloud infrastructure. An aggressive timescale was outlined, but while a pause for rethought is unsurprising under a new administration, things have now slowed to a snail’s pace. POTENTIALCloud computing holds huge potential for UK Government, across its infrastructure, storage and data management through to its desktop systems and software. With over 10,000 different software products and services in use, the prospect of everyone using the same applications for common functions such as Human Resources could save vast amounts of money and streamline procurement. In the announcement Suffolk indicated that the government could halve its data centre real-estate, as fewer and fewer applications are hosted locally. Westminster departments and the UK’s 750 non-departmental public bodies rely on 130 data centres, a figure Suffolk estimates could be reduced to about 12 with enormous cost savings and a magnificent reduction in power use. In fact, data is held in many more locations, like server rooms and smaller installations, entailing further duplication and power usage. The need for efficiency has not gone away, and arguably the need for savings has intensified. The drive for government to reduce its environmental load and meet its green targets is ever-present. So much time and engagement with IT industry experts has already been invested; it seems a terrible waste to let it all age and become fruitless. Today, while a complete rethink of the role of the Office of the Government CIO is under way, it seems little is moving. The commercial sector is embracing cloud with alacrity, having completed its own period of reflection most major firms are moving rapidly into action. Gartner placed it unequivocally at the top of the list of strategic technologies for 20101, and the government had seemed well on the path, working with Capgemini and other IT industry players extensively. Most of the original questions and practicality puzzles are over, to the point where actual solutions are ready for the UK Government to adopt. Capgemini has

fully completed demonstrations and proofs of concept that could directly be helping the new administration towards its economic and efficiency goals if it moved smartly towards firm decisions and implementation. At Capgemini we know the path to the cloud is not easy. Organisations need to move at different paces and in different ways and have varied starting points and drivers for transformation. Capgemini’s Cloud Readiness Assessment and Strategy service helps them to assess over a period of four to five weeks

whether they should move ahead and creates actionable plans to help them achieve organisational goals. Its Accelerated Solutions Environment model helps CIOs work in a far more intense and immersive way, to understand fully the relevance of the cloud to their specific organisation and what the “journey to the cloud” looks like. It is heavily supported and facilitated and, once clear outcomes are defined, it moves rapidly to create 30-day proofs of concept or pilot plans which zero in on those outcomes. CIOs have the chance to work with some of Capgemini’s smartest business analysts and consultants over an intense two to three day period – secure in the knowledge that Capgemini, unlike many others, is completely technology-independent. Capgemini has a

Business is grasping opportunity whilst government may miss out


Data centres are coming under scrutiny as power useand data volumes rise – UK Government has 130, plusmany smaller data repositories

CLOUD COMPUTING

completely objective view with no platform or product agenda, and can focus wholly on finding the solutions that are right for the client. EXPERIENCECapgemini has vast experience and proven record of helping public and private sector organisations through fundamental system and process transformation. Its award winning work with HMRC is a case in point. Moving a critical service like Tax Credits away from 20-year old data centres into more resilient, state-of-the-art facilities could have been highly disruptive, but the transitions were planned, rehearsed and executed entirely invisibly to the six million families that depend on it. As Mark Hall, HMRC IT director, said: “Successfully moving huge amounts of data and 17 IT systems with 300 interfaces over a weekend is a fantastic achievement.” There are many more examples, such as helping the MOD move to a highly secure and cost-efficient shared travel services platform, which now aids the movement of tens of thousands of service personnel around the world, creating a model for other departments.

Earlier this year Capgemini created a new global Infostructure Transformation Services unit to accelerate clients’ ability to drive sustainable cost reducation and access the benefit of cloud services. This unit is able to draw together all the insight and expertise from the company’s public and private sector experience to help clients drive savings and reduce carbon footprint with cloud computing – not least because they can also benefit from Capgemini’s new green data centres. It is crystal clear that government could be benefiting at all levels of the cloud computing “stack”, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). At the Infrastructure level, new developments in data centres are striding towards a greener and more sustainable future. At the platform level, the new government’s concept of an IT development “skunkworks” could have great benefits if it had a virtual development environment from which to design, test and deploy new systems and software efficiently, securely and cost-effectively. At the software level, the

concept of a Government AppStore remains an obvious one, and cloud could be the basis for bringing economical shared services to life. The UK Government needs the cloud or it will not achieve the 25 per cent of cost savings it needs in IT operations. It is even doubtful it will achieve more than 15 per cent unless it fundamentally changes its approach. Power-reduction targets and related resource efficiencies simply cannot be met without a consolidated data centre strategy. INTERESTThe interest seen at Capgemini from departments and organisations makes it clear that the desire for the benefits of cloud does exist. In an interview with Computing on 1 June, Dylan Roberts, CIO at Leeds City Council and the new chairman of Socitm Futures, outlined his intention to introduce more cloud-hosted services into local government. Socitm2 is the membership association for all ICT professionals working in local authorities and the public and third sectors and suppliers to those sectors. Perhaps most ironic of all, a June 2010 report by Gartner3 reported that the UK is leading the world in the adoption of SaaS and cloud computing. It predicts that at least 95 per cent of companies will increase their adoption this year in a cloud services market which looks set to surpass £45 billion ($68 billion) by the end of 2010. Almost 30 per cent of global growth will come from UK companies, grasping the potential in particular for cost reductions. It is a shame that the UK Government is not at the leading edge of this incredible change. It still can be, but only if it doesn’t take too long to contemplate and decide on its ICT directions.

1. Gartner Top 10 Strategic Technologies for 2010 www.gartner.com/it/page.jsp?id=12106132. www.socitm.net3. Worldwide Cloud Services Market to Surpass $68 billion in 2010 www.gartner.com/it/page.jsp?id=1389313


Visit www.capgemini.com/its formore information on CapgeminiInfostructure Transformation Services. Free special report: Search at www.capgemini.com for: ‘Path to the Cloud – Paving the Way for Infostructure Transformation’ or call the office of Capgemini’s CTO on 0870 904 4167.



CLOUD COMPUTING

“We chose to work with adapt due to their high standard of service delivery and open and transparent way of working with their customers. We’re delighted with the service adapt delivers - we know that our intellectual property is secure, which leaves us free to concentrate on business-building projects.”

Gerry Todd, Head of Service ManagementEnergy Saving Trust

“Adapt differ from other suppliers in their responsiveness and longstanding commitment to providing service excellence. Adapt manage to retain the personal touch, working in close partnership with both RNID itself and our external consultants to deliver the right solution every time.”

David Combes, Director of Information SystemsRoyal National Institute for the Deaf (RNID)

adapt | New Broad Street House | London | EC2M 1NH ITopia | Galaxy House, 32 Leonard Street, London, EC2A 4LZ

www.adaptplc.com www.itopiaconsulting.com

adapt is a leading independent Managed Services Provider (MSP), working in partnership with public sector customers to deliver enterprise-level IT management and infrastructure solutions. adapt takes best-of-breed physical and virtual vendor offerings across Microsoft Windows, Linux and UNIX platforms, integrating these into our unique incident management and performance reporting portal to provide service levels that exceed customer expectations.

adapt’s virtual solutions scale from a single virtual machine right through to the provision of your entire infrastructure. We assess

exactly how your network, storage and servers can be virtualised and size the solution to those requirements with enough growth to accommodate seasonal peaks and year-on-year growth.

Whether you wish to host your own virtual environment and outsource day-to-day management to our team of experts or trust us to host and manage your entire virtual infrastructure, adapt’s flexible approach to solution delivery ensures our customers perfectly align technology with business strategy, enabling change, growth and innovation.

adapt in partnership with ITopia

Virtual solutions for the real world.

A gift for youWorking in partnership, adapt and ITopia are delighted to extend a free, no-strings Virtual Assessment to all Government Technology readers.

Your free assessment is simple to set up, quick to run and provides a detailed view of your server and desktop environments. The output of the assessment exercise is an in-depth report designed to help build a compelling business case in preparation for any virtualisation projects you may be considering. Simply send an email with your preferred contact details to the address below and we will be in touch at a time that suits you. Easy peasy!

[email protected] (or give us a call on 0203 009 3300).

ITopiaadapt works closely with industry experts the ITopia Group to scope and shape virtualisation solutions. ITopia provides professional consulting services that result in real cost savings, reduced carbon footprint and improved efficiency, availability and manageability of IT infrastructure.

With a strong background across all major virtualisation technologies and partnerships with key vendors including Microsoft, Citrix and VMware, the ITopia Group can provide unparalleled independent advice and assistance throughout your virtualisation project lifecycle.


CLOUDY WITH A CHANCE OF BIG SAVINGS

AS THE NEW COALITION GOVERNMENT has settled into power, it is clear that the number one priority on its agenda will be reducing the huge hole in the public finances. Inevitably, as we have seen from the recent emergency budget, this will mean government organisations will be asked to find further savings in their budgets. As ever, many government organisations will look first to their IT departments to find the savings they need to balance budgets, both by increasing efficiency in their own operations and across the organisation as a whole. One of the quickest and most common approaches to reducing ICT budgets has been through the use of virtualisation technologies and we have seen widespread adoption of these across the public sector over the last few years.

BENEFITS OF VIRTUALISATIONThe cost cutting benefits of virtualising are well-established – not only does virtualising reduce data centre costs by reducing physical infrastructure and administration, but fewer servers and related IT hardware means less real estate and reduced power and cooling

requirements. We have seen customers in the public sector achieve significant cost savings as a result. Sevenoaks District Council, for example, saved around £80,000 in its first year of virtualisation, at the same time as reducing its data centre requirements by 50 per cent. Somerset County Council, achieved a server consolidation rate of 20:1 through virtualising, which has brought significant cost savings via reduced power and hardware maintenance costs. While these types of cost savings are a key attraction to virtualisation, organisations across the public sectors have seen other benefits including:

• Increased availability of hardware and applications for improved business continuity• Enhanced operational flexibility and the ability to cut provisioning times for new application servers • Reduced energy consumption• Reduction in staff required to maintain data centres.Taking all these benefits into account, it is perhaps no surprise that a survey of CIOs by Gartner revealed virtualisation to be their number one priority for 20101. However, while some organisations are yet to discover the benefits, our experience tells us that the majority of public sector organisations have virtualised

We take a look at how virtualisation is shaping up to drive the public sector’s cloud computing strategy

www.governmenttechnology.co.ukWritten by VMware

VIRTUALISATION

One of the quickest and most common approaches to reducing ICT budgets has been through the use of virtualisation technologies and we have seen widespread adoption of these across the public sector over the last few years

recently outlined ICT strategy, the government cloud infrastructure will ”enable public bodies to select and host ICT services from a secure, resilient and cost-effective shared environment. Multiple services will be available from multiple suppliers, which will make it quicker and cheaper for public sector bodies to switch suppliers if they face service or delivery issues”. Furthermore, the G-Cloud has been identified as a key part of the government’s ongoing savings programme by offering the benefits of economy of scale to all public sector bodies and providing a single access point for ICT services, applications and assets. Central to the G-Cloud initiative and its potential success is that it will be able to offer public sector bodies benefits far beyond those of the average cloud service provider. Not only will the economies of scale already associated with cloud be available, but added to this will be the leveraged purchasing power of an initiative potentially representing over 400 public sector bodies who account for £4-5 billion of annual ICT spend. The G-Cloud will essentially act as a ”gold standard” brand for public sector bodies, with private cloud providers having to meet strict SLAs around availability and data location and security in order to make it onto the list of approved providers. THE EVOLUTIONARY PATH TO CLOUDA key part of the G-Cloud initiative will be the ability for organisations to migrate parts of their existing infrastructure to be hosted elsewhere, removing the costs and hassle associated with running this themselves. However, it will also aim to help to drive down cost by reducing the 10,000 plus software packages and services currently being used by public sector bodies. Instead of each using separate applications, public sector bodies will be able to choose from a shared range of applications held in the Government Application Store, to be hosted in the G-Cloud. With more applications hosted centrally and less run from individual data centres, there will be the potential for large cost and efficiency savings across the board, and increased standardisation will help different public sector bodies work together more effectively. Having been involved in the consultative

part of the G-Cloud development process, one of our shared core beliefs is that the shift to the cloud should not be seen as a giant leap into the unknown for public sector organisations. As already discussed, the majority of public sector organisations are in the process of adopting virtualisation, and while some may be further down the track than others, the ability for organisations to create their own private clouds through virtualisation is a stepping stone to the ability to incorporate external cloud services. We’ve already seen a number of customers using our tools to create their own ”private clouds”, abstracting complexity and creating an internal elastic pool of compute, storage and networking resources. You can also maintain data security, compliance and control, and gain efficiencies in resource utilisation and automation without impacting SLAs and existing applications. By enabling federation of on-premise infrastructure with third-party cloud infrastructure, organisations will easily be able to extend selected workloads into off-premise cloud providers. However, while the ability to create a private cloud that can be ”lifted and shifted” to be run by an external cloud provider is a hugely exciting proposition, there is an expectation that, for most, the move to G-Cloud will be more of a gradual process. Organisations are expected to dip their toes in the water with some of their least mission critical applications before committing further. While we wait to see exactly how the G-Cloud initiative will shape up, it is clear that the potential benefits it offers are enormous. As with many technologies, not least virtualisation, it will be the cost savings that will be the main initial driver for the public sector. However, this is merely opening the door to a whole range of benefits for public sector bodies and, ultimately, public service provision. Exciting times lie ahead!

Notes 1. The Gartner EXP CIO report ‘Leading in Times of Transition: The 2010 CIO Agenda’2. Worldwide and Regional Public IT Cloud Services 2009-2014 Forecast 3. IDC European Software Survey, 2010 IDC European Software Survey, 2010 IDC European Software Survey, 2010



to some extent. Indeed, there is a feeling among many public sector CIOs I speak to that, having endured two or three years of dramatic belt tightening, the ”big save” solutions such as virtualising have been tackled, and the next steps for cost cutting may call for some more radical solutions. One need only look to second place on Gartner’s CIO priority list to see the potential answer – cloud computing.

CLOUD COMPUTINGThe cloud computing approach reduces ICT complexity by leveraging the efficient pooling of on-demand, self-managed virtual infrastructures, to be consumed as a service. Analyst IDC, expects spending on IT cloud services to grow almost threefold during the next five years, reaching US$55.5 billion by 2014, and it is clear that there is tremendous interest in the potential benefits it offers2. These benefits start with the cost savings offered both by economies of scale and also the ability to offer an “on demand” model where you only have to pay for what you use. Second is the removal of a lot of admin work for the in-house ICT department – with a highly automated cloud ICT staff need to spend less time worrying about server maintenance or upgrades. Third, the cloud can act as a huge enabler for change in working practices and improved productivity, with employees able to access ICT resources wherever they are, as long as they have an internet connection. Indeed, many public sector bodies have already been using elements of what is now loosely termed “cloud computing” for a while. An interesting recent survey from IDC discovered that nearly 60 per cent of European CIOs, both in the public and private sector, are already using cloud services3. Interestingly, it also revealed that many don’t even realise they are doing it, thanks to the confusion and hype surrounding the many different definitions of cloud technologies. One example of a ”cloud approach” that many would not immediately identify is that many organisations no longer manage certain applications in-house and instead use a Software as a Service equivalent, which is run and hosted elsewhere. While this is an interesting aside, for many in the UK’s public sector (and indeed in the private sector), there remains a real hesitancy about the perceived risks involved with public cloud models, particularly with regards to the security of their data, data location and the ability of third parties to host mission critical applications. Following a number of high profile instances of data loss over the last two years, both within the public and private sector, it is not hard to see why these concerns remain front and centre for many CIOs.

G-CLOUDThe Cabinet Office’s proposed G-Cloud initiative promises to address many of these concerns, particularly with regards to SLAs and data security. A core part of the most

While we wait to see exactly how the G-Cloud initiative will shape up, it is clear that the potential benefits it offers are enormous. As with many technologies, not least virtualisation, it will be the cost savings that will be the main initial driver for the public sector. However, this is merely opening the door to a whole range of benefits for public sector bodies

VIRTUALISATION


BALANCING THE RISKS AND REWARDS OF VIRTUALISATION

VIRTUALISATION’S BENEFITS are rooted in its ability to separate a physical host into discrete sub-environments known as virtual machines (VMs). Virtual machines operate like physical machines in that they run their own operating system and applications. Yet virtual machines exist as file images and can be quickly provisioned, copied, moved, and restored. This type of virtualisation, known as server virtualisation, is the most prevalent for production purposes. With the new coalition government announcing further budget cuts and IT departments often on the front line of the war on wasted money, public sector IT decision makers will need to demonstrate efficiency in their own ranks in a bid to help drive down costs. Virtualisation is an easy and effective way to achieve this so it seems now is the ideal time to look into it but in the rush to virtualise, public sector organisations need to make sure their systems remain protected against cyber threats by investigating proper security for their virtual systems. Organisations are adopting virtualisation at a rapid rate to capture the various operational and financial benefits this technology offers. In their rush to implement virtual networks, however, security often does not receive the attention that it should. According to Stephen Elliott, IDC’s research director for enterprise systems management software: “We’re finding security is the forgotten stepchild in the virtualisation build-out. That’s scary when you think about the number of production-level VMs.” According to IDC, 75 per cent of companies with 1,000 or more employees are employing virtualisation today. The risks of virtualisation stem from three main sources:• Virtual machine sprawl• Lack of separation of duties• Lack of visibility into virtual network traffic

VIRTUAL MACHINE SPRAWLVirtual machine sprawl, or VM sprawl, is the propagation of virtual machines without adequate coordination or oversight. VM sprawl is caused by a variety of factors:• System administrators deploy new VMs without sufficient planning. Little attention is paid to such lifecycle elements as support, patching, configuration, and end of life because of the ease and speed in provisioning the VMs. • Administrators and users copy VMs to new hosts throughout the network because the VMs exist as file images and can be easily transferred via portable

USB drives or network transfer.• Snapshots enable a VM to be rolled back to a previous state, which means that patches can now be undone.• A technology known as live migration enables organisations to simply look for a physical host that has available resources and then migrate VMs to it, making it even easier to violate security best practices.The result of VM sprawl is that VMs are distributed across multiple physical hosts, in various states of patching and configuration. No single group tracks where a VM is located, what its patching and configuration status is, or what its purpose is. Security risks become more tangible because a VM that is not properly tracked and managed may not have updated patches or proper configuration control, leading to vulnerabilities that can be exploited.

LACK OF SEPARATION OF DUTIESHistorically, different groups have owned different physical devices. Server operations owned the servers, network operations owned the routers and switches, and security owned the intrusion detection systems and possibly firewalls. Virtualisation has disrupted this paradigm so now the server administrators that typically deploy a virtual system own the entire virtual infrastructure. They configure the virtual switches and virtual storage. They usually do not deploy any virtual security devices such as firewalls or intrusion prevention systems (IPSes) because these products mainly do not exist today. Because of various time and financial pressures to meet deadlines, server administrators may not be able to get the networking and security groups involved in the virtualisation process. Unfortunately, this change in paradigm will lead to more misconfigurations and vulnerabilities because the groups now doing the virtual infrastructure configuration are often not the subject matter experts. Anecdotes reported from various enterprises implementing virtualisation reflect this situation:• New VMs being rolled out without any antivirus or antispyware protection• Production VMs and development VMs running on the same host, where the development VMs contain proprietary source code• VMs being connected to multiple virtual networks, such as production and test, that should otherwise be segmentedEven today, with physical networks, most enterprises do not have full visibility into their

network traffic. If they monitor their traffic at all, they typically follow best practices in only deploying sensors in various monitoring zones such as inside the DMZ, between an enterprise’s wireless and wired segments, or between partner networks. Based on an assumption that malicious traffic will be detected as it is entering or exiting a monitoring zone, enterprises do not usually monitor traffic between hosts in the same zone. Gaining visibility into virtual network traffic is even more challenging because of the degree to which virtual hosts and networks can be arbitrarily combined. As previously discussed, it is now extremely easy for enterprises to run production and non-production VMs on the same host, or bridge VMs between different monitoring zones. The physical world enforces a certain discipline by requiring hosts to be located in specific physical racks or connected to certain switches. This discipline is now lost and it becomes possible for any virtual host to communicate with any other virtual host, due to misconfiguration or lack of policy enforcement. And this inter-VM traffic is not visible to physical sensors that remain deployed at their traditional locations, i.e. between monitoring zones.

ROLE OF BEST PRACTICESIn order to effectively protect their environments from the threats virtual machines are subject to, organisations must view security as a process, not a technology or product. With this in mind, a number of best practices can help mitigate the security risks that may be created when an enterprise implements virtualisation:1. Apply standard security practices to virtual machines as if they were physical. These include antivirus and antispyware agents, configuration control, and vulnerability scanning.2. Segment virtual machines by the data they contain. Do not combine VMs containing sensitive data with VMs designated for QA or testing, for example.3. Enforce isolation between network segments. Do not combine VMs in the same host if they are connected to network segments at different trust levels. For example, do not put a VM connected to the production data center segment with a VM connected to the internal office LAN or test network. If possible, do not virtualise hosts in the DMZ, especially if these hosts cross trust levels, e.g. firewalls.4. Guard against VM sprawl by maintaining an inventory of VMs and the physical host they reside on. All migrations should be documented and potentially subject to an approval process. As IT organisations implement virtual

Virtualisation is a concept that has become highly visible in the last few years because of its perceived benefits in reducing costs and improving system availability

www.governmenttechnology.co.uk Written by Richard Park, senior product manager, Virtualisation, Sourcefire

VIRTUALISATION

environments as quickly as possible to capture the financial and operational benefits, they must adapt their processes to ensure proper security. Although there is no regulatory pressure at this time to address this specific area, auditors will at some point in the future require organisations to address the potential risks caused by virtualisation. In the midst of this environment, security analysts and server administrators need to support best practices with tools that can help them do their jobs effectively. They need visibility into their virtual infrastructure, tracking where VMs reside, where they move to, and what other hosts they are communicating with. They also need a means of applying the proper security processes to their VMs, providing the same level of security to their virtual infrastructure that they do to their physical infrastructure. Tools that provide visibility into virtual networks and identify network behavior that violates IT policy are essential. The rapid implementation of virtualisation in the enterprise does not replace the need for traditional physical security infrastructure by any means. Firewalls and intrusion sensors remain crucial for protecting the enterprise. In order to become engrained in an organisation’s security best practices, a virtualisation security solution should not exist as a separate silo but instead as an extension of a physical security solution. Users already have many products to manage. Tools that provide visibility into both physical and virtual networks from a common management console provide significant financial and operational benefits.

CONCLUSIONThe rapid deployment of virtualisation in many network environments has created the need to track and monitor the deployment of virtual machines throughout the network. While the benefits of virtualisation are significant and have received well-deserved attention, the security risks are equally significant and must be specifically addressed. Best practices and tools that offer a holistic approach for managing both physical and virtual network security without increasing cost or management overhead are the answer.



VIRTUALISATION

ABOUT THE AUTHOR

Richard Park is senior product manager at Sourcefire where he is primarily responsible for virtualisation and Sourcefire’s Realtime Network Awareness (RNA) product. He has over 15 years of experience in product management, network security, network architecture, and systems engineering at companies including Computer Associates, Redback Networks, Booz Allen Hamilton, and UUNET Technologies (now part of Verizon). Richard has an MBA from Harvard Business School and is currently pursuing an MS in Computer Science from Johns Hopkins University.


EFFICIENCY THROUGH RISK MANAGEMENT

IA10, THE GOVERNMENT’S Information Assurance flagship event, is being held at a challenging time for government. We are all being charged to do more with less. We are facing pressures to reduce headcount and minimise our access to consultancy and service providers, while we must achieve greater efficiencies and improve the performance of our existing ICT infrastructure. IA10 is designed to enable those responsible for information risk management across government to get more out of their technology. It will help them to take more calculated risks and overcome technology barriers. As emphasised by the new Security Minister, Baroness Neville-Jones recently: “IA10 will play a vital role in giving central and wider government the understanding and confidence they need to make the bold decisions demanded by our future strategy for ICT.

“Essential, much-needed efficiency savings will not be realised if government departments fail to protect personal data, resulting in a loss of public trust in how we handle their information. “Bringing together the public and private sectors, IA10 presents a powerful forum to exchange information and solutions to help drive the changes we need to make the UK a global leader in Information Assurance.” In light of the importance of this two-day event at a crucial time for government ICT, we don’t want cost to be a barrier to anyone attending, which is why the rate for government delegates is being set at £349.00 – which compares with £699 for IA09. CESG director IA Jon Ashton explains: “It is imperative that central and wider government representatives attend IA10. We did not want booking fees to be an obstacle, therefore, we have taken the decision to reduce attendance costs dramatically.”

WHO WILL BE THERE?So, who will be at IA10 in London on 14-15 September? The event is drawing many of those strategically responsible for information risk management from across government,

together with leading industry specialists. By mid-July, almost half of the 500 delegate passes had been reserved by a wide range of organisations, including – to name but a few – the Department of Health, DWP, HMRC, The Environment Agency, DEFRA, DVLA, NPIA and Police Service of Northern Ireland. The speaker panel is very impressive this year. Jonathan Hoyle, director general for Information Security and Assurance, GCHQ will be chairing IA10. He will focus the event on the imperative to help enable efficiency through government ICT systems. Jonathan will be joined by the new Security minister, Baroness Neville-Jones, who will provide a perspective from the new government. Neil Thompson, director, Office of Cyber Security at the Cabinet Office will report on progress achieved by the OCS over the

past 12 months and its impact on your department. Christopher Graham, UK information commissioner will provide a briefing on the new powers that he has in preventing breaches of the Data Protection Act. An industry perspective will be provided by Francis deSouza, the senior vice president of the Security Group at Symantec.

SHARED SERVICES Sharing services and data is critical to delivering better and more efficient government services. Many government organisations have experienced sharing services – maybe using the GSI – but few grasp the sheer scale of information sharing under the government’s strategic IT programme. It will take shared services to a whole new level and risk owners and managers need to understand what it means to achieve this step change. It will consider how risk appetite, risk tolerance and risk management can be synchronised across a broad range of organisations. This stream will cover how you balance the need for central control with the principle that each organisation owns and is responsible for its own data and how you undertake a

common assessment of asset evaluation. From the start to finish, this stream will be practical, focusing on the key issues that must be solved over the next six months, enabling shared services to be taken to the next level. It will allow you to hear directly from the major players leading the government’s strategic IT programme, see the future delivery and risk management of shared services, and the preparations that you must make for their arrival.

BUILDING SECURE SYSTEMS Understand how good architectural design can deliver world class IA at low cost – and when coupled with good enterprise security management, deliver real business benefit. Supported by strong government case studies, this stream will combine industry and government perspectives. This stream will provide hands on demonstrations and explanations of key issues, identifying pitfalls and common design mistakes. There will be a demonstration of CESG architectural patterns, which demonstrate how good IA can enable agile business.

CYBER NETWORK DEFENCE You will be given an insight into the real threats facing your department’s networks – and what can be done to protect them. We will provide real examples. Awareness of the threats and vulnerabilities in government and industry will be provided by the head of GovCertUK, who will cover the Top 10 “real issues” that have been experienced by government organisations. There will also be a focus on practical examples, demonstrating how government departments have used Cyber Network Defence as a vital part of their overarching IA strategy.

SOCIO-TECHNICAL ISSUES The importance of behaviour and culture in achieving effective IA is well established and has been covered by previous flagship IA events. This year, we are running a special session, focusing on the impact on IA that might result from the uncertainty now impacting on public sector employees. We will look at how to maintain IA awareness and good practice during a period of potentially low morale.Other areas covered at the event include:• Efficiency and Reform Group: What is the impact on IA in bringing the OGC and Buying Solutions into this body within

IA10 is being carefully shaped to enable government organisations to achieve greater efficiencies and squeeze more out of their ICT infrastructure safely

www.governmenttechnology.co.uk Written by Candida Hinks, CESG


Bringing together the public and private sectors, IA10 presents a powerful forum to exchange information and solutions to help drive the changes we need to make the UK a global leader in Information AssuranceBaroness Neville-Jones

the Cabinet Office? Hear direct from the individuals behind this development. • What is the ROI on IA? With stringent pressures being placed on ICT investment, this session will cover initiatives being developed to assess the financial value of IA. • London 2012: Key contributing organisations will be on the platform for this fascinating session, which will provide an insight into the impact of the Olympics on government IT systems and strategic risk management. • Professionalisation: We will provide the latest update on progress towards creating a cadre of experienced and qualified IA professionals. • Building confidence and trust in new systems: Supported by case studies, this special session will review strategies for engaging with communities.

IA10 SPONSORS CONFIRMEDSome of the world’s best-known specialist IA firms have already committed to investing large amounts of time and energy in IA10, which will give you access to expert advice that you can implement in your organisation. Symantec tops the bill as Lead Sponsor, meaning that you will learn first-hand from the experiences of the senior vice president of this global information security enterprise. We are also delighted to welcome Thales and BT, who together will be playing a key role at IA10 as Lead Networking Sponsor. Two-day stream sponsors include Detica

and McAfee, while EADS is sponsoring a single day. Government Technology is the official public sector media partner.

BENEFITS OF ATTENDINGIA10 will provide clarity in responsibilities and practical advice and support in implementing and maintaining IA. Our ambition is that all delegates leave the event with a clear idea of the part they must play in achieving better information risk management for the UK – and the motivation to do so. With the UK public sector facing stringent financial pressures, government ICT mustplay a vital role in streamlining service delivery – by reducing cost whilst sustaining performance. IA10 will focus on how Information Assurance enables efficiency by managing risk. We are placing the focus throughout IA10 on delivering serious, tangible outcomes for delegates. We have identified the priority issues that those responsible for IA across government must address. The event allows you to build your network with your counterparts in wider government to drive cross-department collaboration and deliver better public services. Share information with third parties in confidence – find out how others are building trust and gaining real assurance from their contractors. In addition, the event enables you to hear the latest industry perspective from this year’s sponsors – some of the biggest

names in information security globally. You can also learn best practice in interactive sessions from across government and on issues where the pace of change is rapid. IA10 is being staged by CESG, the Information Assurance delivery arm within GCHQ. CESG as the National Technical Authority for IA, works closely with the Cabinet Office as well as the Centre for the Protection of the National Infrastructure (CPNI) to enable HMG to manage information risks securely in the internet age.


To register please visit at www.ia10.org.uk or call 020 8661 8481.



Pauline Neville-Jones



GET PROACTIVE AND GET MONITORING

SECURING SYSTEMS through greater visibility and insight into both the network and user behaviour is a basic and intrinsic requirement of every organisation’s IT policy. In fact, it’s now even more important since the Information Commissioner’s Office announced at the start of 2010 that fines of up to £500,000 would be introduced for serious data breaches. For central and local government, fire, police, health and education authorities who hold vast quantities of data – from DNA databases to children at risk records – this means that there is no excuse for not having the right security processes in place to prevent information from slipping through the net, either accidentally or maliciously. So what processes should these be? There is a tendency to believe that traditional protective technologies such as firewalls,

intrusion detection systems and anti-virus solutions can be fitted and forgotten about with guaranteed protection and zero administration requirements. But they can soon become obsolete, outdated and pose a serious security risk. For instance, as IT infrastructures evolve over time, hackers develop new means of infiltrating systems or authorised users perform unauthorised actions.

UTILISING BEST PRACTICERecognising this, CESG’s Good Practice Guide 13 (GPG 13) Protective Monitoring framework has been developed and aims to guide public sector organisations on how to monitor exactly what is going on with their IT systems in a consistent, efficient and effective manner. For public sector organisations that are already tackling various compliance initiatives with stretched resources, GPG 13 may be seen by many as an unwelcome additional tick in the box requirement. But before casting judgement on the framework, let’s take a look at exactly what it entails and why the powers that be have decided to introduce it in the first place. GPG 13 Protective Monitoring for HMG ICT systems combines a number of roles, including that of enterprise monitoring, serving as a definition of scope for relevancy and effective

deployment of monitoring technology and as a standard for measuring the quality of organisational security information and event management (SIEM). As such, GPG 13 may be used as a best practice standard by any organisation that needs to monitor their network resources and improve auditing, accounting and monitoring processes.

BUILDING ON EXISTING POLICIESReplacing Memo 22, what appeals about GPG 13 is that it doesn’t aim to re-write the books. Instead, the framework builds on existing HMG regulations and policies that mandate monitoring and auditing event data, supporting legal regulations and adhering to specific legislations and guidelines, for example, the Official Secrets Act (1911 &

1989); the Human Rights Act (1998); Data Protection Act (1998); Computer Misuse Act (1990); Introduction to Forensic Readiness Planning; and the ACPO Good Practice Guide for Computer-Based Electronic Evidence. Additionally, GPG 13 also augments the Plan-Do-Check Act (PDCA) cycle of continuous improvement mandated by HMG Information Insurance Standard No 2, improving both the Check and Act phases of the cycle. GPG 13 comprises 12 Protective Monitoring Controls (PMC), each describing specific organisational requirements for monitoring. For example, information systems must be monitored in real-time and investigations, reports and alarm rules must facilitate immediate access and notification of any conditions which are impacting the enterprise. Each PMC has a Recording Profile which measures the strength of a particular solution – Aware (medium), Deter (medium-high), Detect & Resist (high) and Defend (very high). In a nutshell, this means that organisations need to know exactly what’s happening on their network, systems and applications and be alerted in real time if anything untoward occurs. On the face of it, this is easier said than done. Today’s IT departments typically operate a myriad of different applications – each one generating complex reams of

log data pertaining to that day’s activity. Gathering together and analysing the log data in the first place can be a monumental task, let alone doing it in real-time.

AUTOMATED TOOLSRealistically, Protective Monitoring can only be efficiently and effectively achieved by using automated tools. Tools such as LogRhythm’s can instantaneously translate the inconsistent and obscure “technical data” produced by infrastructure, database and applications into consistent “ISO and GPG audit or business language” so that it can be easily interpreted and more readily used to satisfy the Protective Monitoring requirements. Implementing such tools can provide centralised log management, event correlation, trending, analysis, policy compliance dashboard and a reporting engine. As well as auditing the behaviour of all users, whether they are privileged or non-privileged, the solution can be used to raise alerts for security incidents and enable efficient prioritisation, investigation and response. Such solutions don’t just benefit GPG 13. They have a dramatic positive effect on the entire IT estate, from having better network visibility and reducing the complexity of monitoring heterogeneous IT infrastructures to reducing the cost and time it takes to demonstrate compliance and improving the security posture of the network overall. With this in mind, public sector organisations should perhaps stop seeing GPG 13 as being unlucky for some, but instead seize it as an opportunity to Gain Proactivity Greatness.

LogRhythm’s Ross Brewer takes a look at exactly what CESG’s Good Practice Guide 13 (GPG 13) entails



As IT infrastructures evolve over time, hackers develop new means of infiltrating systems or authorised users perform unauthorised actions

Ross Brewer


IF IT IS DOWN, THE HEAT IS UP

SIMPLY STATED firewall rules allow computers to send traffic to, or receive traffic from, programmes, system services, computers, or users securely. Whether you have five or 500 firewalls, you need to understand the risk in real time if you want to stay ahead of the game. But with complex rule configurations, routers, etc. to continuously monitor and maintain, it can be hard to identify which are running smoothly, which are smouldering and which are seconds away from meltdown. By focusing your efforts on the right firewall at the right time you can mitigate every risk before it becomes a problem. So, how do you know which one that is? Intelligent network security metrics hold the secret.

INTELLIGENT NETWORK SECURITY METRICSIdeal metrics don’t just make you look good, they provide some indication of what is wrong or out of control as soon as, or even before, problems arise so that you can correct it and improve your operational efficiency. By combining a myriad of metric results you can generate a “risk score” that provides instant visibility into the security and compliance posture of all your firewalls including regulatory compliance such as PCI-DSS reporting. The same score can be used proactively for enhanced workflow automation. Sounds good doesn’t it – so where do you start?

PERFORMANCE MONITORINGThe first step is to examine your rules, routers and firewalls to identify which are most susceptible to risks, which do you rely on the most, and which do you need the most from – this will help identify and prioritise where to focus your resources. A standard firewall metric that will probably spring to mind is “availability”. It tells you about the performance of the box – for example 99.9 per cent up. This is obviously a good metric to track; however, in my opinion, it has limited applicability although it conveys that everything’s fine with only 0.1 per cent downtime. It doesn’t tell you what went wrong, how to fix it, or how to improve performance and avoid it happening again, it simply states the obvious – that valuable uptime was missed. That’s not to say that all basic metrics aren’t valuable. Some standard baseline performance metrics that deliver exceptionally useful data, and every firewall team should be tracking, are CPU utilisation, memory utilisation, connections passed, connections dropped, and simultaneous connections. These are all dimensions that are important when examining your firewall’s current performance and whether it behaved like this previously – yesterday, last week or

last month, to determine if there’s a significant change warranting further investigation. These are also key components for a capacity planning exercise to pinpoint if a firewall is overloaded. Performance metrics may indicate that a hardware upgrade is needed but, it is worth first checking whether the firewall configuration can be optimised as there may be underutilised capacity elsewhere. A more sophisticated metric for tracking firewall performance is to use an external testing product that streams traffic through the firewall to a collector, and records the throughput, latency, and jitter of the firewall and network influence on this packet stream. This live bandwidth monitoring can be an

important part of understanding if a firewall is cleanly passing performance sensitive traffic such as VoIP and video conferencing traffic. Nothing stays the same for long and, as your IT environment alters so does your firewall. You need to change, create, disable, or even delete rules. Change can impact availability, either positively or negatively, and as this is one of the main things a firewall must provide, metrics that provide meaningful data that can be acted upon are invaluable. Configuration updates happen in a number of ways:• planned• unplanned or emergency (out of cycle) changes• changes with no authorisation sometimes

Firewall guru Michael Hamelin shares his metric secrets from over 150,000 firewall configurations so you can control the temperature in yours



referred to as “cowboy changes” – someone logs in, makes a change and doesn’t have any documentation either before or afterwards or what was done. Firewalls do not have a change management process built into them, so documenting changes has never become a best (or even a standard) practice for many organisations. If a firewall administrator makes a change because of an emergency or some other form of business disruption, chances are he is under pressure to make it happen as quickly as possible, and process goes out the window. But what if this change cancels out a prior policy change, resulting in downtime?

By monitoring the number of planned versus unplanned changes you can determine how well the team is pre-empting the users’ requirements and proactively managing the firewalls versus “seat of the pants” updates. A great metric is the percentage of changes resulting in outages as this provides feedback on how well the operational team understands the changes they’re making and their impact, and whether they’re using some method or tool to verify changes before they’re made. Another really useful metric, although rarely tracked, is the MTTR (mean time to recovery), in other words, how fast did the team restore service for each of your outages, and is a

good gauge of your team’s familiarity and understanding of the firewalls configuration and whether it’s improving or diminishing. It could also be an indicator that everything is getting complex or unruly. If you’ve read The Visible Ops Handbook (The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps, by Kevin Behr; Gene Kim; George Spafford) you’ll remember that 80 per cent of all outages are caused by configuration adjustments and that 80 per cent of the MTTR is spent identifying what changed, therefore it stands to reason that if the team understands exactly what happened they should be able to isolate the failure point within a minute and restore service in less than five. Ultimately the goal is to eliminate downtime in the first place.

RISK & COMPLIANCE MONITORINGAs corporate policies evolve and compliance standards change, you need to review how you are enforcing traffic on the firewalls and optimise the rule bases. Hackers like the fact that firewall teams never remove rules – this is how many compromises occur. Metrics can be used to check how often a rule is applied and clean up all those that are redundant: rules that have been replaced by new rules, rules for services no longer used that you were not informed about, and all those temporary exceptions that were added to get projects, acquisitions, mergers and so on finished. Other useful metrics for risk and compliance monitoring are the ones that can easily be seen trending towards zero or 100 per cent. Examples include the number of shadowed rules – ones that are blocked by another rule; the percentage of unused and therefore wasted rules; and the percentage of rules that actually violate company policy. By continuously monitoring these metrics over time you can see how effective the team. Which goes back to the old adage that a good metric is one that tells you something meaningful. If you’re score is getting better then you know you’re doing something right. Good metrics are transferable across industry and companies – they enable you to make changes that make a difference. Combining these various test results provides each firewall gateway with a security score that provides a comprehensive, cross vendor, organisational grade. This provides a clear understanding of the nature and level of overall network security risk and granular, actionable data needed to manage it accordingly. Although be warned, I have seen instances of teams who, having discovered the “satisfaction” of numbers moving in the right direction, became fixated on the wrong goal – if you’re concentrating your efforts on making the metrics look good then you’re not focusing on making strong rules.


Web: www.tufin.com



Whether you have five or 500 firewalls, you need to understand the risk in real time if you want to stay ahead of the game


Is your Internet

Intelligent?

Does it let you see how your employees are using the Internet? Does it let you

control access to applications that facilitate the illegal downloading of

copyrighted materials?

Get intelligent business Internet

IntelligentBusinessInternet

App.1

App.2

App.3

App.4

AccessCircuit

As a Public Sector organisation, you need to be fully equipped to conform to

the new Digital Economy legislation; Intelligent Internet from Exponential-e

lets you do just that. Called PowerNGNplus, this solution lets you adapt the way

your Internet acts. It puts you firmly in control. You can change per-application

bandwidth levels to guarantee the performance of business-critical data, set

usage thresholds that alert when reached and importantly, it empowers you to

throttle rogue traffic.

What’s more, since this functionality is delivered from our cloud, there are no

expensive appliances to install, so it is extremely cost-effective.

PowerNGNplus is an evolution of our powerful PowerNGN Internet solution (see

table below). Both are available in 25, 50 and 100Mbps packages.

Features Standard Internet “Intelligent” Internet

Fibre optic connection which can be split into VLANs to deliver multiple converged services

UK’s fastest connectivity speeds thanks to our clever Route1™ algorithm

Stringent SLAs on uptime for peace of mind 99.9% 99.99%

Ethernet Demarcation Device for end-to-end visibility and Quality of Service

Per-application visibility & control portal

DDoS mitigation for protection from external attacks

IP addresses 16 maximum 16 with option for more

forfor £700 per mthfrom 25Mbps✝

per mth£550from 25Mbps*

For more information about our powerful business Internet solutions

*Terms and conditions apply. †Introductory offer pricing, subject to change. Terms and conditions apply. E & O E

Call 0845 470 4001 Email [email protected]

Download the datasheet

www.exponential-e.com/powerngnplus or www.exponential-e.com/powerngn


UNDERSTANDING THE DIGITAL ECONOMY ACT

THE UK DIGITAL ECONOMY ACT was finally passed on 8 April 2010 by 189 votes to 47 amidst much controversy. The Act will see illegal down-loaders punished for repeated attempts to access copyrighted content. The consequences of the Act, for both public and private sector corporate internet users, will not fully emerge until sometime later this year. However, certain central key issues are already evident. The most significant question in the Act

and the one which has caused the most extensive debate is, of course, the points on illegal file-sharing and the potential sanctions which include disconnections and fines.

BUSINESSES TO BE THE TARGETThe clauses which relate to copyright are particularly controversial. If illegal downloaders are not sufficiently deterred by warning letters then their internet access will be restricted

or totally disconnected. Many argue that this is a disproportionate response given the importance of the internet to society. With internet access absolutely critical to every type of organisation in the UK the Act is hardly going to insist that any business is cut off from its main form of communication. However, it is clear that copyright infringement bodies will target the business sector rather than private individuals. That’s because both private enterprise and public sector bodies will have the ability to pay any fines imposed and are likely to do so quickly because their corporate reputations depend on it. The penalties will therefore be significantly more severe say, for local government bodies, than those faced by individual broadband consumers in their homes. The workplace is a potential breeding

David Lozdan, head of public sector at Exponential-e, assesses what the Digital Economy Act means for internet users


The most significant question in the Act and the one which has caused the most extensive debate is, of course, the points on illegal file-sharing and the potential sanctions which include disconnections and fines


A New Era inSecurity and SafetyManagement

SECI 20T E N

International IP Solutions Exhibition & Conference

Earls Court 2, LONDON20th - 21st October 2010

co-located with

www.iipseconline.com

Demonstrating security andsafety technology· Surveillance & CCTV· Access Control, Time & Attendance· Biometric & Video Analytics· Intruder Detection & Alarms· Fire Detection & Evacuation· Integrated Safety Solutions· Audio, Intercom & Messaging· Transmission & Comms Systems· Building Management Systems

Your security requirementstraditionally fall into 4 areas -Physical Security, CCTV, AccessControl, and Intruder Alarmsmost of which have eithermigrated from analogue todigital technology, or are in theprocess of doing so. Digitalsystems are increasingly beingrun over networks using IP(internet protocol). The benefitsare self-evident with furtherintegration of audio, intercomand messaging, fire andevacuation, asset managementand tracking and transmissionand comms technologies.

But the world is changing, andIT and Network professionals are becoming more involved, with growingresponsibility for both Physical and Logical security within an organisation,particularly with intelligent building management and facilities solutions alsobeginning to converge.

This shift will change the way we protect and manage all of ourorganisations, properties and people in future and will introduce bothopportunities and challenges for those responsible for security and safety.It's time to embrace and investigate this migration, and to identify how bestthey can be exploited.

In a recent survey of IT, ICT and Network managers, 80% of respondentsagreed that physical security was increasingly becoming part of their remitand that engaging with security and safety professionals was key.Convergence Key to EfficiencyWe are all acutely aware of the continued convergence between the physicalsecurity, life safety and IT worlds. We also understand that for NetworkedSecurity and Safety Applications to become more effective it is essential thatwe learn to engage with both the security specialists and the IT industry as awhole and the IP players in particular.

Preparing for the FutureHelping to increase the awareness and acceptance of new IP basedapplications across many market areas, the IIPSEC exhibition and conferencenow located at the IP EXPO will ensure that you gain from the synergiesbetween the various technologies on display and will provide a firm basisupon which Stake-Holders, Security and Safety Professionals and IT andNetwork Technologists can discover the opportunities that lie withinmutually accessible solutions.

Where to learn moreIIPSEC at the IP EXPO will demonstrate real life solutions and allow securityspecialists to engage with IT and network professionals for the first time. Thecombination of the product showcase, technical and practical seminars andworkshops and presentations tailored specifically to your needs will result inan informative and enlightening participation.

IIPSEC has always concentrated on the application of technology within theSecurity, Life Safety and BMS environments, whereas the IP EXPO isdedicated to the underlying technology itself, covering Cloud computing,Virtualisation, Infrastructure and Wireless and Storage solutions. This is aunique combination of events where Security, Safety, IT and NetworkProfessionals can mingle and understand the commercial and practicalpossibilities available when working together to increase security and safety.

Register FREE – www.iipseconline.comImage courtesy of NICE systems

Security – who’s job is itanyway?

Halfpage-Vert-July 10/6/10 2:20 PM Page 1

ground for copyright transgression. After all, councils, healthcare trusts and universities provide much faster internet access for their employees than they get in their own homes. Higher speeds in the workplace make the office a more convenient place for those intent on downloading very large music or film files. The office floor also offers the protection of relative anonymity for the individual (although this is not true in actual fact). Hence, many public sector organisations, in the same way as their private sector counterparts, are the unwitting conspirators of copyright theft. THE ACT IN MORE DETAILIt is fair to say that, to date, the global copyright protection industry has lacked any real teeth to make a difference. The Digital Economy Act has changed things dramatically. Copyright owners now have the “teeth” to prosecute UK business organisations and any employees that persist in downloading copyright content from the internet. Let’s look at the Act in a bit more detail. Section 4 states: “After apparent copyright abuse, copyright holders can send a ‘copyright infringement report’ to ISPs with evidence of the downloading, within one month of the alleged incident. The ISP must notify its subscriber within a month, providing evidence and information about appeals and legal advice.” Copyright owners already do this and ISPs receive thousands of such notices every month. However, until now, ISPs were not compelled to inform the offending

company – their subscriber. This section changes that obligation and an ISP must now inform the offending subscriber about the actions of one of their employees.

INFRINGEMENT NOTICESSection 5 states: “ISPs, if requested, must provide copyright holders with a ‘copyright infringement list’, listing each infringement by an individual, anonymised user.” This is where copyright owners just got “teeth”. Whilst ISPs are not currently required to inform their internet customers about “infringing downloads”, they do keep infringement notices on file for future reference. The point is, ISPs do know who the infringing subscribers are and enforcement agencies want access to this information. Copyright protection agents will act fast. They will demand to know the full identity of each misdemeanant – and they will pursue civil remedies in the courts. Lawyers familiar with the Act state that the employee will certainly be liable for the copyright infringement and the employer may face a claim against them for vicarious liability – in other words knowing that such acts are now illegal and not undertaking sufficient remedies to prevent such acts. Enforcement bodies are, however, most likely to follow the path of least resistance by targeting the subscribing organisation. The burden of enforcement is therefore firmly on the ISP and the employer. Exponential-e provides next-generation network solutions to both public and private

sector organisations. The service provider specialises in building highly scalable and versatile corporate networks built using Ethernet across different customer sites.

VISIBILITY AND CONTROLHead of public sector at Exponential-e, David Lozdan, is concerned: “What is worrying is the context into which the new Act is being introduced. We know from our own surveys and independent industry reports that 82 per cent of IT departments have little, or no idea, how their employees are using their work internet. With this in mind, we took the decision just a few months ago to embed a new technology into our Business Internet portfolio. “It is now possible for customers to see exactly how their employees are using the internet service they take from us. Clients get much more than the limited visibility given by today’s routers and firewalls because all traffic known, and unknown, can be identified, optimised, rate-limited or blocked.” David Lozdan goes on to say: “We didn’t want to make this a hardware-based solution. Putting hardware at the customer premise makes the cost of the solution prohibitively high and out of reach for the majority of organisations because of the high CAPEX required and the ongoing levels of OPEX associated with integrating, maintaining and supporting the solution.” In the context of severe cost cutting, solutions which rely on customer premise hardware are never going to be viable for public-sector clients and, in fact, for the majority of private sector clients.

AN ANTIDOTEHence Exponential-e launched a mass market solution delivered from its cloud. The service provider embeds the capability into the actual internet service so clients don’t have to worry about additional hardware. This keeps the cost right down. Customers get to find out exactly what traffic flows are on their networks and in what quantities. They then interact with their own network via their own self-service portal to fine-tune how each traffic stream performs and to deliver a guaranteed end-user experience to the rest of their organisation. David Lozdan adds: “We have taken a massive stride forward in helping our customers meet their new obligations and in keeping them compliant. Most of all it puts customers back in control. After all business customers don’t want to be the last to find out that one of their employees is putting their organisation at risk of a significant fine or worse. “It is clear that the Digital Economy Act will require employers to police much more closely the online activity of their employees. The stakes will be particularly high for high-profile organisations of the kind found in the public sector and there is no doubt that the British press will have a field day with any well-known organisation found to be on the wrong side of the law.”



It is clear that the Digital Economy Act will require employers to police much more closely the online activity of their employees



WHAT PCI COMPLIANCE MEANS FOR THE PUBLIC SECTOR

FOR SEVERAL YEARS, major data breaches of payment information have hit the headlines, with shockwaves affecting many businesses and industries, including the public sector, underscoring the critical importance of securing credit card data. No public institution wants to be caught exposing its customers’ sensitive information, nor encountering the subsequent legal and financial burden – including legal fees, call centre costs, regulatory fines, breach notification, public relations, and law suits that have reached into the hundreds of millions for some organisations. While the bulk of media attention has focused on the activity of outside attackers, these breaches actually make up little more than 20 per cent of recent breach incidents. The greater threat is the number and type of data compromises caused by people within an organisation – poor procedures and human errors by staff (and the malicious activities of people on the inside of an organisation) account for more than 35 per cent of breaches.

PUBLIC SECTOR PAYMENTSEach industry has its own challenges and the public sector is not immune, partly because the various organisations that it comprises – the military, law enforcement, public services – have greatly different needs and procedures. Recent research on data breaches in the public sector indicates:• A below average proportion of compromised host reports, but the proportion of processing errors was well above average• That either fewer compromises occurred due to a higher degree of preventative control, or fewer compromises were reported, possibly because of lower coverage by detective controls. This underscores why the PCI Data Security Standard (DSS) is so important to securing cardholder data. A strong security strategy that helps protect against threats to sensitive payment card data must address people, processes and technology, and not one at the expense of another. The PCI DSS gives organisations a base set of security requirements with which to build this strategy. In 2010, we will hear more discussion on the topic, especially as we approach the introduction of the newest version of the PCI Data Security Standard in October. In this piece, I’d like to highlight measures the PCI Security Standards Council (PCI SSC) has recently initiated and other activities we are

conducting that will help you manage your own PCI security efforts more effectively. There are actually three standards that the Council manages: The aforementioned DSS, which broadly defines in 12 requirements the process necessary to begin protecting payment card data; the Payment Application Data Security Standard (PA-DSS), a set of requirements for the software that processes payment transactions, including POS software and online shopping carts; and the PIN Transaction Security (PTS) requirements, which set a course for the physical hardware necessary to conduct secure payment transactions. The latter two, the PA-DSS and PTS standards, are relatively easy for you to put to use immediately, because the first rule to payment data security is simple: Don’t store what you don’t need. This can be done effectively by asking your

software, hardware and service providers if they are PA-DSS and PTS compliant and confirming that they are not storing unnecessary credit card data. You don’t even have to know all the particulars, since it forces them to address the issue on your behalf. You can also check for PA-DSS compliant payment software and approved PTS devices and hardware on the PCI Security Standards Council’s website. The Council has very strict requirements for development of these products and a stringent testing protocol to ensure that these products can meet the PCI requirements. We’ve done all this testing – so you won’t have to. If the equipment you’re using is not listed, contact the manufacturer or service provider and ask some basic questions – do they plan to get tested and listed? How do they know if their product is storing cardholder data? The DSS may require a little more effort to

Jeremy King, European director at the PCI Security Standards Council, highlights what government organisations need to be aware of when it comes to payment data security


PAYMENT SECURITY

meet the 12 requirements, but if you begin your journey with security in mind, compliance will follow as a byproduct. I’ll talk more in a minute about the many tools and resources the Council offers to help you along the way.

EVOLVING PAYMENT SECURITYIn May of this year we launched the newest iteration of the PTS standard, and the next version of the DSS and PA-DSS will come this fall. In June, we announced significant changes in the standards development lifecycle, aligning all three standards on a three year timeline for updates. In response to feedback from all sectors of the payment industry, we did this to give you more time to better understand the standards, and more time to implement them. The three year cycle is also a win for the Council – providing us with an additional year to consider market dynamics, emerging threats and new technologies before issuing a new version, and an additional year for us to gain feedback from your real-world efforts to secure payment data. We’ve presented and archived a webinar, explaining the lifecycle changes in more detail that you may find in the education section of our website at www.pcisecuritystandards.org. These standards evolve from the feedback

we get from hundreds of PCI participating organisations globally. We need to hear from you to continually evolve the standards to meet your needs, as well as those in all aspects of the payment chain. We invite and encourage the public sector to join us in shaping the future of payment security by becoming Council members and taking part in feedback periods and our annual Community Meetings, where we gather together to discuss with our peers the feedback, emerging technology and next iterations of the standards’ evolution. You can find more about this year’s European Community Meeting in Barcelona, Spain on the website. With an agenda including presentations from industry experts on current issues surrounding payment card security, law enforcement and data breach investigations, in addition to the opportunity to participate in the development of the standards, it’s a great chance for members of the public sector to engage with the Council and connect with others in the PCI community.

RESOURCESIn addition to the Council’s Community Meetings and the lists of approved software and hardware on the Council’s website, there are numerous tools and practices that can aid you in your organisation’s quest for payment card security. For example, on the resources section of our website you can also get: Qualified Security Assessors (QSA) and Approved Scanning Vendors (ASV) listings; Self Assessment Questionnaires; access to the Council’s Prioritised Approach for DSS document, which helps identify how to reduce risk to card holder data as early on as possible in your compliance journey; fact sheets on the standards; as well as the most up to date guidance from our Special Interest Groups, including those on skimming fraud prevention and wireless deployments. Another significant resource that the Council developed this year is the PCI Internal Security Assessor (ISA) Training Program. The PCI DSS training and certification for internal assessment staff is a direct response to Participating Organisation feedback on the need to improve educational opportunities for internal staff. The three-day course is designed to test and qualify in-house security personnel on how to validate and maintain ongoing PCI compliance within their organisations. The session will arm attendees with the knowledge and resources needed to: • Enhance the quality, reliability, and consistency of internal PCI DSS self-assessments• Support the consistent and proper application of PCI DSS measures and controls• Effectively facilitate interactions with QSAs.People and processes continue to be integral in developing a strong security strategy and meeting PCI requirements. With this new training offering, organisations have the chance to develop their own in-house PCI compliance

experts, and with the many other tools and resources provided by the Council, can implement a stronger ongoing security process. Reinforcing the global nature of our mission, the inaugural course kicked off in Sydney, Australia in May and will also be offered at the forthcoming European Community Meeting in Barcelona, Spain. Keep an eye on the Education section of our website for details on future training sessions.

KEY DATES IN 2010Aside from the key dates I mentioned above, the other calendar items senior managers and government organisations should have in mind include the following:• Summer: After review by the Council’s elected Board of Advisors, we will provide a summary of proposed changes to the DSS and PA-DSS to Participating Organisations and the market• The Council will release its emerging technology framework and a more detailed white paper on EMV technologies; this is part of a series of guidance to examine emerging technologies, like EMV, point to point encryption and tokenisation to help you better understand how these technologies may satisfy certain requirements of a PCI audit• 21-23 September 2010 – US Community Meeting, Orlando, Florida• 18-20 October 2010 – European Community Meeting, Barcelona, Spain• Late Autumn 2010 – This autumn, following our Community Meetings, the next iteration of the DSS and PA-DSS Standards will be released to the public.Everyone recognises that protecting the credit card payment process can be a daunting task, but every little bit of security helps. As you move forward on your journey, just remember all the tools and resources that are out there to assist in the building of your security strategy. Build with security in mind, and compliance will follow.


Web: www.pcisecuritystandards.org



PAYMENT SECURITY

Jeremy King



CREATING A MORE EFFICIENTAND SECURE ORGANISATION

MENTION Payment Card Industry Data Security Standard (PCI DSS) to a security manager and you can often see their eyes glaze over as they’ve heard it all before. For many, PCI DSS compliance has been hanging over them for a good few years now. In fact, the first PCI DSS standard was released in December 2004, with the most recent revision in 2008, and an updated version due in October 2010. It’s no wonder that everyone’s getting a bit jaded with it all by now. This rings even more true in the public sector where there seems to be a never ending stream of new initiatives and guidelines relating to information management and technology infrastructures, for example GCSx, CoCo compliance and latterly Memo 22 replacement, Good Practice Guide 13 (GPG 13.) It’s complacency such as this that could find public sector organisations lagging behind when it comes to complying with, and getting the most out of, the regulations. At a time when the public sector is in the public eye more than ever regarding data security, the last thing a local authority needs is a card payment security breach incident on its hands.

WHAT IS PCI DSS?The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organisations proactively protect customer account data. The collection, management and analysis of log data has always been integral to meeting PCI audit requirements. However, the task of assembling this information can be overwhelming in itself, not to mention the additional requirements of analysing and reporting on the data. Thankfully, technology has progressed significantly since the early days of PCI DSS when two separate systems for File Integrity Monitoring and Security Information Event Management (SIEM) had to be installed in order to meet the stipulated log data requirements. Now integrated SIEM and File Integrity Monitoring solutions such as LogRhythm have transformed how PCI DSS is addressed. Preconfigured options mean that the technology can be installed straight from the box, dramatically speeding up implementation time. Log collection, archive and recovery are fully automated across the entire IT infrastructure and log data categorisation, identification and normalisation facilitate easy analysis and reporting.

PREVENTING PROBLEMSThis enhanced control, visibility and reporting shouldn’t be restricted to PCI DSS use. Instead, imagine the value of being able to continually monitor the network so that any irregularities – from attempted hacking or data theft to virus outbreaks or application failure – can automatically be flagged and investigated before they become a problem. Equally, the principles behind initiatives such as GCSx and GPG 13 include the ability to know what’s happening on the network at any one time – Protective Monitoring by any other name. Think of it as the “who’s

doing what”, “where they’re doing it”, “what information they’re accessing” and “what the impact is on the organisation”. In today’s budget restrained environment, implementing a solution that can put multiple ticks in the compliance boxes and improve the security posture of an organisation is enough to take the glaze off any security manager’s face.


Tel: 01628 509 070Web: www.logrhythm.com

Don’t fall foul of compliance complacency, warns Ross Brewer, vice president and managing director, LogRhythm EMEA & AsiaPac

CASE STUDY: CARDIFF COUNTY COUNCIL

Cardiff County Council has implemented a log management, log analysis and event management solution from LogRhythm, the company that makes log data useful. The solution ensures that Cardiff County Council complies with the UK Government Connect Secure Extranet (GCSx) initiative while bringing additional benefits of PCI compliance and all-round improved IT best practices. Like all English and Welsh local authorities, Cardiff County Council is being urged to join the UK GCSx initiative, which aims to create a private wide area network for secure communications between connected government organisations. As part of this, local authorities must sign up to the Code of Connection (CoCo), which includes specific requirements on log data. Andrew Horner-Seddon, principal IT consultant – Security, Cardiff County Council, explains: “The Council already had its own manual, decentralised log data solution but it was incredibly complex and time intensive to use. CoCo signalled an opportunity to re-assess our requirements and install a more sophisticated log solution. “Some of the solutions we looked at provided log data indexing but the data could only be searched on by using

specific index codes. Not only would this be time consuming but there was a risk that some log data may be excluded from the results if all codes were not known. LogRhythm, however, offered a much more comprehensive and flexible search capability that would make it significantly quicker and easier to find information and run reports. We also liked the fact that LogRhythm provided an integrated hardware and software solution which gave a clear understanding of the total investment needed.” As well as ensuring Cardiff County Council meets the CoCo requirements, the new LogRhythm solution enables the Council to comply with Payment Card Industry Data Security Standards (PCI DSS) that have been established to ensure the protection of credit card data. Additionally, LogRhythm provides the Council with greater insight and control over its IT operations both from a security and capacity management perspective. Mike Selley, IT service delivery manager, Cardiff County Council, adds: “As well as ticking the compliance boxes, LogRhythm will help tighten up the IT infrastructure at the Council to create a more efficient, streamlined and secure organisation for the citizens of Cardiff.”

PAYMENT SECURITY

USES FOR A LOGUSE NO. 1

Give it some love

Log Management and SIEM 2.0, File Integrity Monitoring, Network and User Monitoring,One Integrated Solution

Call +44 (0)1628 509 070 Visit www.logrhythm.com

Fall in love with what SIEM and Automated Log Management can do for you

LogRhythm and the LogRhythm logo are trademarks or registered trademarks of LogRhythm, Inc. All Rights Reserved.

PCI DSS, GPG 13 and GCSx compliance

packages OUT OF THE BOX



SECURITY FIRST

AUTOMATED PAYMENTS are becoming increasingly prevalent within the public sector and, as with the private sector, measures have to be taken to ensure the security of both the public who make these payments and the organisations receiving them. Public sector organisations that receive payments from citizens increasingly recognise that securing timely payments is considerably aided when there is a choice of convenient and easy-to-use payment channels. These include self-service payments via the internet, automated telephone or even SMS text. Those making payments want to be confident that payments made by credit or debit card take place in an environment that provides the highest level of security as regard to cardholder data. In recent times, we have seen additional fraud protection measures being put in place such as Chip & PIN for cardholder present payments, Card Security Code for payments made over the telephone or internet and more recently, card password validation (verified by Visa and MasterCard SecureCode) for internet payments. SETTING THE STANDARDOver the last couple of years, all organisations that accept card payments have also been moving towards compliance with the Payment Card Industry Data Security Standard (PCI DSS). The standard sets out to ensure that the whole environment in which card payments are taken (including processes, software, hardware and infrastructure) complies with the well-documented and rigorous requirements of this standard. Many organisations are still confusing information security with ICT services provision, when they should be treated as independent (albeit overlapping) business functions. This is potentially leaving ICT departments weighed down with complex security compliance obligations that they don’t fully understand. For instance, a typical IT manager may well deliver encryption to a database holding credit card data, but will often miss the importance of delivering good key management processes around the encryption routines, such as having multiple key holders to provide separation of duties and ensuring regular key changes are scheduled. These types of areas are the key considerations when trying to achieve and maintain a PCI DSS compliance and can sometimes be the difference between suffering a card data breach or not. Any organisation that accepts card payments will see the clear benefit of compliance with

PCI DSS. Having invested heavily in services that take payment by card, any card breach can have a severe impact on a business. This may result in penalties imposed by the banks or card schemes, loss of customer confidence, delays in payment impacting revenue flow and a possible channel shift back to less favourable and more resource intensive payment methods such as cash or cheque. A number of organisations are now choosing to call upon the services of expert partners who can take on much of the responsibility for compliance with PCI DSS. In doing so, they are looking at working with a “payment service provider” who can offer:• An established and proven managed service• A PCI DSS compliant service• Payment Application Data Security Standard (PA-DSS) certified applications• Payment Card Industry PIN Transaction Security (PCI PTS) compliant Chip & PIN devices• A wide range of payment channels• PCI DSS advice and consultancy• PCI DSS network scanning from an Approved Scanning Vendor (ASV)• Competitive card processing rates• The latest in card security measuresIt is inevitable that where security exists compliance will follow and there is no doubt that customers will feel assured by certain

industry standards. Our own managed service was certified to Payment Card Industry Data Security Standard (PCI DSS) Level 1 in 2007, making us the first of the leading local government providers to achieve this standard. REWARDSIt can be a daunting process to hand over responsibility for security to an external organisation but it can also be very rewarding especially when you build a strong long-term partnership. We work with over 200 customers to provide payment services along with a managed service. These customers are largely drawn from the public sector including the local government, further and higher education, social housing and health sectors. The volume of payments taken continues to grow and at May 2010, stood at around 1.6 million card payments worth over £130 million each month. Automating payments systems is undoubtedly an increasingly popular method of generating efficiencies within public sector organisations but with so much continued focus on card fraud and the protection of citizens’ data, convenience shouldn’t take precedence over safety and security.


Web: www.capita-software.co.uk

Dave Whitelegg, IT security manager at Capita Software Services, explores the security and compliance requirements associated with card payments and some of the advantages of outsourcing the related functions

PAYMENT SECURITY


DRIVE DOWN THE COST OF YOUR PAYMENTS PROCESSTHE RECENT EMERGENCY BUDGET has imposed demanding targets for cost reduction across all areas of government. Many of these savings are expected to come from improved processes and increased efficiency but to realise some of these savings, it is necessary to invest time and resource in finding new ways of working. Payments is a function that is due for an overhaul and can provide significant savings through automation, data quality and process improvement. Cost in the payments process comes from three key areas; the manual processing of payments, handling payment errors and managing levels of fraud. But what can you do to reduce these costs and how can you demonstrate return on investment within the first 12 months?

AUTOMATE YOUR PAYMENTS PROCESS By ensuring that manual processes are only used where human intervention is strictly necessary, you can reduce paper-chasing, free-up staff time and drive down the cost of administration overheads. Experian Payments Gateway takes payment data directly from existing software applications, checks the data against processing rules, highlights exceptions and submits automatically to UK payment services such as BACS or Faster Payments.

VALIDATE YOUR PAYMENTS DATABy ensuring that your citizen’s bank account details are correct at the start of the payments process, you can ensure that payment errors do not result in costly rejected payments that waste time and money. In the UK, validating sort code and account number is mandatory for paperless Direct Debit sign-up and best practice for new originators. Bank Wizard, the UK industry standard for bank account validation, ensures bank account data is correct at the point of capture, whether you collect details over the telephone or via your website.

VERIFY YOUR PAYMENTS DATABy ensuring that the bank account details provided actually belong to your citizen, you can ensure that the account you are making a payment to or collecting a payment from is the account of your citizen, minimising the risk and associated cost of fraud. By verifying the link between your citizen and their bank account details, Bank Wizard

Absolute ensures that the bank account for your citizen is correct, reducing fraud such as falsified benefit claims or fraudulent council tax payments and improving citizen experience. Experian Payments work directly with local and national governments or via chosen government solutions providers to deliver highly efficient, easily deployable solutions that drive down the cost of payments processing and show return on investment in as little as three months. Blackpool Council has already seen the benefits. Initially, Blackpool Council needed a

payments system that would integrate with its many and varied computer platforms. Experian Payments Gateway was chosen for its functionality, ease of use and stability. Experian Payments Gateway was integrated into existing payment applications within two days and with minimal disruption to the business. As a result, Blackpool Council has increased the efficiency of their payments processing by improving their ability to meet tight deadlines whilst reducing the amount of time council workers needed to dedicate to this task. Donna Billsborrow, systems development & control officer at the council, says: “I find that on a daily basis, the Experian Payments support team is very friendly and are able to find solutions to any problems we have very quickly. This is essential for us as we have very tight deadlines to meet.” More recently, Blackpool Council wanted a solution that would ensure the accuracy of bank account details at the point of capture to remove the problem of managing updates to complex and constantly changing data. As

an existing customer of COA Solutions since 2001, Blackpool Council approached Experian to work with COA to integrate Bank Wizard into their e-financials product. Following integration of Bank Wizard, the number of failed Direct Debit payments experienced by Blackpool Council fell by 80 per cent. Carol Cunniffe, transactional services manager at the council, says: “Implementing Bank Wizard for our Direct Debit payments has resulted in a substantial decrease in the number of returned payments for services such as Trade Refuse,

Council Tax, Business Rates or direct debits from our local leisure facilities. We have also been able to remove paper and manual intervention from our payment processes, significantly improving our customers’ experience by speeding up the payments process.”


To find out more about how Experian Payments can help you overhaul your payments process and demonstrate significant cost savings visit: www.experianpayments.com/public-sector, e-mail us at [email protected] or call us on 01788 554810 and quote ‘Government Technology’.

Increase efficiency, reduce errors and prevent fraud with Experian Payments


Implementing Bank Wizard for our Direct Debit payments has resulted in a substantial decrease in the number of returned payments for services such as Trade Refuse, Council Tax, Business Rates or direct debits from our local leisure facilities. We have also been able to remove paper and manual intervention from our payment processes, significantly improving our customers’ experience by speeding up the payments process

PAYMENT SECURITY


ECM BEYOND COMPLIANCE

ENTERPRISE CONTENT MANAGEMENT (ECM) technologies will underpin the compliance strategy of every organisation, from financial services through to public sector. But organisations should beware the lure of a compliance-only route. ECM can deliver a wide range of benefits from improved productivity and cost reduction to competitive advantage. The escalation in compliance requirements, from FSA regulations and the Data Protection Act to the Freedom of Information Act, poses significant challenges for organisations around the globe but it has been an undoubted boon for many vendors of Enterprise Content Management (ECM) technology. From scanning and workflow to web content and e-mail management, organisations now perceive ECM technologies as an obvious means of solving all their compliance problems, addressing not only market specific legislation and regulation but also issues such as the Employment Act 2002. Yet there is an inherent danger in accepting the packaged “compliance” solutions increasingly being offered by bandwagon hopping vendors. Every vendor in the ECM space, from enterprise software or solutions to point products, has a “compliance” solution. But just how much value are these packages offering? Fundamentally, compliance is not the end goal. Instead, this has to be to address compliance requirements while implementing and supporting processes that will also improve efficiency. And these processes are unique to every organisation; individual requirements that packaged solutions will not be able to address. Indeed, it is becoming patently evident that those organisations focusing purely on compliance will actually increase the complexity of their internal processes, adding business cost.

MISSING THE POINTThe primary question every compliance focused organisation must ask is: just how flexible are these packaged offerings? Can they evolve beyond pure compliance requirements to address pressing business issues, from streamlining sales and procurement processes to improving competitiveness through enhanced provision of information to clients? If not, organisations are fundamentally missing the point of ECM. Yes, it will play a key role in achieving compliance to a raft of current and future legislative requirements. But if organisations are to achieve both a viable cost base and access to information that will transform customer relationships and, hence, competitiveness in an overcrowded marketplace, they need

to leverage that ECM investment in full. Indeed, in the longer term it will be these same ECM technologies that will provide a platform for the exploitation of business critical intellectual capital. But all of these benefits can only be achieved if organisations are aware of the bigger picture when they make the initial compliance focused investment. And, to be fair, given the penalties for non-compliance, some organisations may be tempted to opt for “compliance in a box” simply to address an immediate requirement. But, while valid, such a strategy is no excuse for investing in technology that cannot scale or extend in the future to deliver benefits beyond the initial requirement. For those organisations that can achieve compliance within a scalable framework the long-term benefits will be significant.

MARKET CONFUSIONOne of the main challenges facing organisations keen to achieve compliance within a technology framework that will enable longer-term benefits is the multiplicity of technologies that contribute to the ECM marketplace. While many organisations may not be in a position to implement a fully integrated, enterprise-wide ECM solution, there is no reason why best-in-class, “point-of-need” solutions, from document scanning to workflow, cannot be implemented in phases across a business to create an enterprise-wide solution in the longer term. However, this will only be achieved if the technology meets three key criteria: it is invested in and implemented with the end goal of ECM in mind; it is tightly integrated into the existing technology infrastructure – such as ERP and CRM applications – to provide easy, appropriate information retrieval; and it is scalable to support both larger user populations and increasing business requirements. And, while the introduction of the likes of .NET products undoubtedly eases the process of meshing together best in class products, it is not a guarantee – product choices need to be made very carefully to ensure technology blind alleys are avoided. ECM is, however, not just about cost or efficiency savings; in order to attain maximum value, companies need to fully embrace not just the power and flexibility of ECM technologies, but critically also the cultural and process changes that truly underpin a change in working practices. How many companies have, for example, invested in document scanning and workflow technologies to drive paper from the business, only to baulk at the final hurdle: shredding

documentation? By failing to take that final leap of faith they are massively undermining the financial benefit that ECM can deliver, and unfortunately resigning the company to old, and now outdated ways of doing business. And this, again, is where a strong provider choice is key. ECM can deliver immediate benefits in enhanced productivity and cost reduction and, as a result, many companies left to their own devices, fail to really push the solution to attain even greater value. To maximise the ECM ROI requires the provider to guide, steer and mentor organisations into making sure that appropriate follow-through is ensured. In addition, the provider should be revisiting users regularly after the technology implementation is complete to ensure that the solution is delivering what they expect it to deliver; are benefits being achieved and measured; are those benefits being measured really the key benefits the company should be measuring? It is considerations such as these that ultimately drive improved information retrieval and authorisation processes that are critical to the long-term success of an ECM project and ultimately, can deliver significant competitive advantage.

BEYOND COMPLIANCE With a raft of deadlines upon organisations from financial services to the public sector, a significant number of current investments are undoubtedly compliance focused. And ECM solutions will play a major role in attaining compliance both today and to future legislative requirements. However, regarding ECM technologies only within a compliance perspective can be a major mistake that will potentially add cost and complexity to the business. With the right approach it is straightforward to implement technologies that address compliance requirements while implementing and supporting processes that will also improve efficiency. Compliance is not just about accountability and audit trails, it is about streamlining processes to reduce the cost of compliance. Too many organisations, particularly in the public sector, are falling into the trap of compliance-centric ECM implementations and, as a result, will struggle to meet other key efficiency and cost savings performance targets that can easily be delivered via the right ECM solution. It will be those organisations that can consider the broader implications of an ECM investment that will reap the benefits of improved productivity, lower costs and maximised intellectual property once the compliance issues have been addressed.

A blinkered, compliance centric ECM implementation will significantly reduce an organisation’s chances of attaining longer term business advantage, maintains Ben Richmond, founder and CEO, The Content Group


CONTENT MANAGEMENT


THE DRIVE TOWARDS TRANSPARENCY

TRANSPARENCY? OPEN DATA? Linked Data? If you have been following government policy for the last 12 months or so you’ll have a reasonably strong idea of what I’m talking about. Originally driven by the Labour government and now embraced by the incumbent Tory-Lib Dem coalition, the push for government transparency in the form of open data could not be greater. Giving the British public a true picture of what information is being created, collated and stored amongst the walls of both central and local government promises to provide genuine transparency to the services funded by tax payers. The race to open up data is now on and taking place at an impressive rate. The questions remain though; how achievable is this initiative, what are the issues and benefits we all face in trying to meet the utopian view and how do we go about it?

FROM THE BEGINNING Firstly, where did it all start? In early December 2009, then Prime Minister Gordon Brown, announced plans to open up UK government data which included: public services performance data, new transport data and geospatial data. Who better to head up this new initiative than Sir Tim Berners-Lee and Professor Nigel Shadbolt, hired back in June 2009, producing a beta version of what is now known as the data.gov.uk website. This project was underway by September 2009 and since then has developed at quite a pace, launching as a single and easy to use online access point in January 2010, and recently growing to present over 3,500 data sets from all over government. Now, under the new Prime Minister David Cameron, the drive has increased further. The Conservative ‘Building the Big Society’ paper was a clear message of continued support for opening up data, encouraging citizens, communities and local government to utilise this information so that they could become more empowered and help to build the Britain that they want. After only a few weeks in office, Cameron set out his commitment to open up government data in a letter to government departments and with some clear deadlines too. The new Public Sector Transparency Board, chaired by Francis Maude, appointed both Sir Tim Berners-Lee and Professor Nigel Shadbolt as board members along with Tom Steinberg, the founder of mysociety. This will help build on achievements already made by data.gov.uk, ensuring that these leading experts

continue the drive to open up data and set open data standards across the public sector. At the time of writing, the Transparency Board had just set out its draft principles including that public data will be published in reusable, machine-readable form, using open standards and following relevant recommendations of the World Wide Web Consortium.

AN UNTAPPED RESOURCEThe developments over the past few months are really no surprise to those of us who work across central government departments, government agencies and local authorities and those who have been in ICT for the last decade or so. We’ve been aware of the semantic web from Tim Berners-Lee’s speeches back in 1999 and could more recently see the reasoning behind the need for linked data. “I have a dream for the Web [in which computers] become capable of analysing all the data on the Web – the content, links, and transactions between people and computers. A ‘semantic web’, which should make this possible, has yet to emerge, but when it does, the day-to-day mechanisms of trade, bureaucracy and our daily lives will be handled by machines talking to machines. The ‘intelligent agents’ that people have touted for ages will finally materialise.” To create intelligent agents though, we needed data that could act intelligently and with that, slowly but surely, linked open data was born. More recently in January 2010, Tim Berners-Lee told BBC News: “It’s such an untapped resource…government data is something we have already spent the money on... and when it is sitting there on a disk in somebody’s office it is wasted.” If we as individuals, communities, societies and nations are to progress, surely the obvious thing would be to take what was once static information residing either online or in files and utilise the World Wide Web as Tim Berners-Lee intended. So now, over 20 years after its introduction we seem to have evolved our thinking and the ability to really harness the web in a way that can truly benefit us all. But how do we achieve this? There have been two phases to this initiative so far. The initial push was to put up the data that already existed in whatever format was readily available, but that’s really not enough. In order for that data to be reusable it needs to be unlocked from the usual PDF, Excel and HTML formats and converted into linked, machine readable formats. The second step, the one we’re in now, requires organisations

to adopt a series of standards when publishing their data using recommended linked data formats such as RDF. If we’re to build true transparency then data needs to be structured in a way that enables it to be correctly open and interoperable. New data can be captured in ways which makes it easy to transform it into linked data but for existing data your only option may be to retrofit it using advanced techniques to automatically structure and enrich content. Thankfully many organisations, including ours, realise the importance of setting out best practice to provide a sustainable environment to publish data. TSO is working with organisations including the Cabinet Office, the COI and The National Archives to bring this together, establishing the principles for publishing government linked data and helping different people, organisations and departments see exactly what they need to do to deliver upon the open data drive. For instance, reference data sets for common data such as government departments and MPs all need to be created and shared so that all can refer to data in the same way. I can’t emphasis enough how important it is for people to work to a standard

As we embark upon the new world of transparency and open data, Terry Blake, technical services director at TSO, explores the challenges and benefits of opening up data


OPEN DATA

to ensure this all pulls together, which will mean that time and funds are not wasted and that everything works as a whole. Finally, making it easy for that data to be accessed through APIs will help to ensure it gets reused. Of course, like Professor Nigel Shadbolt commented earlier this year: “Public bodies have a public duty to publish public data.” You may be wondering what can be done

with all this data once it’s been published as linked data? How do the public use it to better empower their decisions on an individual or community basis? It’s fair to assume that the general public won’t access the data from data.gov.uk and will need the data re-presented in a more user-friendly form. This is where projects such as TSO’s OpenUp challenge, www.tso.co.uk/openup and the 4iP fund,

www.4ip.org.uk come in. These are simple competitions, projects and challenges that will help educate and encourage people to interact with the data in a fun but meaningful way where they can see the true value of it.

WHAT’S HAPPENING OVERSEAS?It’s also important to note that we’re not the only country embracing open data. The Obama administration launched data.gov to offer feeds from various departments early last year and other countries around the world are taking steps to partake in this greater transparency. It appears that finally government and society have evolved to generate something for the greater good, to make all our lives simpler, better informed and above all, to help us all become more responsible citizens. We all expect it, we can now all demand it and if we take the right approach we can deliver it.


Visit www.tso.co.uk and www.tso.co.uk/openup or follow on twitter, www.twitter.com/TSOSolutions



OPEN DATA

ABOUT TSO

TSO (The Stationery Office) is the leading provider of information management and publishing solutions to the public sector. We are the largest publisher by volume in the UK, publishing more than 8,000 titles a year in print and digital formats. Our experts help to create, structure, capture, transform and deliver some of the most important government information. TSO provides services, consultancy and infrastructure to deliver all aspects of the information lifecycle to the highest standards for our clients. TSO has been at the forefront of

working with public sector clients to open up published data. We create tools and processes to allow data to be created in a structured way; enrich data using text engineering techniques; convert data into formats to publish as linked data on the web and provide and host web environments that allow both humans and machines to access the data. Privatised from HMSO (now The National Archives) in 1996, TSO was acquired in 2007 by Williams Lea, the leading global provider of Corporate Information Solutions.

MHR can simplify the administrationof your personnel issues:

• Absence and Holiday Management• Appraisal and Disciplinary Recording• Benefit Allocation• Company Vehicle Allocation• Customisation Screen and Employee Pictures• Electronic Document and Note Storage• Friendly User Interface• Diary Function• Pay Grades and Pay History• Record Leavers• Reporting System• Secondment Records• Staff Directory• Training and Target Allocation• Varying Levels of User Access• Operates on Windows and Mac

Online Personnel and Reporting SystemMinerva Human Resources (MHR) is a web-based personnel and reporting system that will reduce the impact of your general HR admin duties. Whether you want to release yourself from the burden of a paper based HR system or simply want to start using an easily accessible, computer-based system, run with the latest online technology, MHR can offer you all the necessary features.

www.minervabs.net

Making IT Work For You

TRY OUR 14 DAY FREE TRIAL OR OUR ONLINE DEMONSTRATIONApply online at www.minervabs.net or contact us for further details

Telephone: 0845 245 0008 e-mail: [email protected] www.minervabs.netMinerva Business Systems Ltd. 12a South East Cumberland Street Lane, Edinburgh EH3 6RU



MIDAS – Mileage Input Data Access System

IDAS is a web based application

enabling businesses large and small to take control of business mileage, fuel and other associated costs within one system. MIDAS processes mileage claims for company cars or private cars (grey fleet) used for business purposes. MIDAS handles fuel purchased by fuelcard or cash and is able to calculate reimbursements at a variety of rates. MIDAS differentiates between business and private mileage thus removing business/employees from the Benefit in Kind (BIK) Tax liability that is usually associated with businesses providing fuelcards for their employees. MIDAS has a unique claims authorisation process, enabling approval by line manager, or automated approval. MIDAS is designed to be flexible and can be configured

according to a company’s own business rules. It produces a variety of management reports, including payroll deduction details, CO

2 and MPG reports.

MIDAS enables a business to comply with HMRC requirements such as the Euro VI VAT Directive, and recording with sufficient detail, bona fide business journeys.


Contact: Adrian HarrisTel: 01676 525303Fax: 01676 525690E-mail: [email protected]: www.midas-fms.com

M

Hays – recruitment solutions powered by expert knowledge

T HAYS INFORMATION TECHNOLOGY, we

believe that as experts in the provision of IT recruitment and workforce related solutions, we should also be experts in the sectors we recruit for. Accordingly, we operate a dedicated public, voluntary and not-for-profit IT practice and our consultants specialise in the central government, local government, NHS, education, defence, emergency services, charities, voluntary, not-for-profit and housing sectors. Developing a deep understanding of each sector, its challenges, central issues, hard to find skills and prevalent technologies means we know what the primary recruitment motivators of our clients are. This allows us to fill roles at the first time of asking.

We place professional candidates into permanent and contract roles across the project, programme, development infrastructure, ERP, leadership, digital and telecoms channels. We also provide a range of solutions that include a fixed price project capability, outplacement and assessment services as well as a cost-efficient Hays retained worker facility for contract staff. We are more than just recruiters. A Buying Solutions accredited supplier for both contract and permanent staff, our solutions and services are always fit for purpose.


To find out more about how we can help you reduce your recruitment costs, contact Joel Armitt on 07793 306032 or e-mail [email protected]

A

Providing IT recruitment to the Government SectorDCL Search & Selection have 16 years experience of placements within the IT industry. We have a particular focus on IT Security, IT Storage, Networking Infrastructure, Desktop/Server and Project Management

We recruit the key employees for the system integrators and IT service providers that deliver IT services to the Government sector.

Working directly with Governmental departmentsAt a time when IT skills shortages are making it hard to recruit experienced IT staff, our direct recruitment and selection model ensures that we can fill

your IT vacancies with the speed, ease and skill sets that you require.

25% discount on your first hireIf you have a particular IT requirement you are finding hard to source,

call Robert Anderton now on 0208 663 4030 or email [email protected]

Quote Reference DCL14/4 for 25% discount* on the fee of your first hire.

*Valid until Dec 2010 subject to terms and conditions

‘DCL Search & Selection are a recognised Buying Solutions supplier under the ‘Non-Medical, Non-Clinical Resources’ framework agreement’

www.dclsearch.com


GOING FORWARD TOGETHER

IN TODAY’S ECONOMY there is a lot of pressure to reduce costs relating to payroll production. From research conducted it is apparent that changing times are ahead. Local authorities (LAs) are moving from a full in house system to part or fully managed outsourcing for use of shared services. There are a number of different streams for HR/payroll provision, however, the decision is business critical. An emerging scenario is for a group of local authorities to tender for new HR/payroll software as a joint venture. There are, however, different options for service provision, and in order to choose the stream of provision that is a best fit for the organisation, this will be the start of a major project. The LAs taking the decision to go for a joint tender will not have taken it lightly. In order to ensure the best fit all options will need to be explored at the outset. The exercise will usually commence with an evaluation of the current system in use and will take into account potential problems, shortcomings, improvements and benefits; this will form part of a statement of user requirements (SOUR), which is briefly discussed later. Different options for consideration for provision of a payroll/HR service could be:• Fully managed• Part managed• Bureau• In house• Shared service, the definition of which will not necessarily be the same for all organisations.The above are merely a few examples that could be explored, however, there are more and so this just goes to show that careful consideration should be given to the choices explored. So taking risk, cost (budget available) and time scales into consideration what will be the best fit for your organisation? Will the ultimate choice enable the organisation to meet the overall objectives and goals?

WORKING TOGETHERNeighbouring local authorities may require a new software provision simultaneously and so it would seem logical to put forward a joint tender. This would seem a sensible approach to service provision and LAs could be forced down this route due to the red tape that needs to be cut, for example complex European Regulations in order to dot the ‘I’s and cross the ‘T’s. Sharing the joint tender will also mean sharing costs. Other reasons for this application of shared services could be that there is no relevant skill in house. Risk is likely to be reduced as the responsibility for service provision is shared.

In order to explain how a group shared service will work and explore some key considerations I would like to discuss a group of LAs that are currently going through such a process. A consortium has been put together in the Manchester Region consisting of three LA regions, for anonymity they are referred to as A, B and C. The aim of the project is to align business strategy and take into account current and future business requirements. Another key aspect being the potential to attract new business partners to the collaboration. The implementation covers two phases:• phase one is the implementation of the core HR/payroll system• phase two is the roll out of self service functionality A programme office has been established in

order to coordinate the project and this will manage the various work streams. All three LA areas are to provide resource for the project. The work streams are to be split as follows:• A – is to host and lead on the ICT infrastructure• B – is to host disaster recovery • C – is to host the programme office

BEING BUSINESS CRITICALA key aspect to the project planning is consideration to future proof the service. Looking ahead is vital and as part of the original Statement of User Requirements (SOUR). Basically the ultimate wish list for end user requirements would be to look five years ahead. Her Majesty’s Government (HMG), via Pre-Budget and actual Budget Report announcements publish impending changes to policy and legislation and also provide hints for what is in the pipeline in future years. The financial impact for not future proofing your service provision could be significant when considering further development costs. The strategy implemented will impact on economic feasibility and organisational goals so

consider, where do the leaders of the organisation want to be in five years time. Are there plans in place to implement new strategies, e.g. a self service facility for employees or harmonised contractual arrangements? Could the new service deliver the related functionality required? If not, once again there will be significant financial impacts for building further functionality. This could mean the difference between meeting an organisational goal or not. This situation would have a negative impact on economic feasibility; ultimately the project will not be able to deliver.

KEY CONSIDERATIONSEmbarking on such a project brings with it adherence to any related rules and legislation, examples being:• Councils Information Security Standards

• Contractual arrangements and council policies• Data Protection Act• Freedom of Information Act • Her Majesty’s Government compliance:– Her Majesty’s Revenue and Customs (HMRC)– The Department for Work and Pensions (DWP)– The Department for Business Innovations and Skills (BIS)By choosing a system that is a better fit you can improve automation and will save on time to perform tasks, resource required, create cost savings in the long term, and produce comprehensive management information for payroll and HR to assist in making strategic decisions. Information will be accurate removing room for error. To conclude, strategy is concerned with economic feasibility and the organisational goals. It is important to check there is a strong alignment between the benefits a new system will provide and overall business strategy.


E-mail: [email protected]: www.payrollprofession.org

There is much to keep in mind when it comes to payroll software issues for the public sector, writes Elaine Gibson FIPP MSc, senior policy officer and manager of Post Graduate Qualifications, Institute of Payroll Professionals


FINANCE

By choosing a system that is a better fit you can improve automation and will save on time to perform tasks, resource required, create cost savings in the long term, and produce comprehensive management information for payroll and HR to assist in making strategic decisions


REDUCING COSTS WITH THE RIGHT SOFTWARE

IF PUBLIC SECTOR BOSSES are to find ways to adapt to the widely reported budget cuts and increasingly stringent financial legislation they must begin to consider ways in which efficiencies can be optimised through the intelligent application of IT. Public sector bodies have to make significant savings, and many BASDA members are able to provide the complete set of solutions for source-to-pay, substantially reducing procurement and back office costs. Source-to-pay starts with spend analysis, and BASDA members have analysed over £50 billion in spend. One member reports average savings of 2.5 per cent on managed spend and minimum savings of ten per cent on unmanaged spend. The results of spend analysis and benchmarking then feed into tenders, quotes and e-auctions resulting in contracts. A large number of public sector bodies are unable to provide contract information in a timely manner due to the lack of a contract management system, again here many BASDA members can help with appropriate systems. It is important that contract management is

at line item level so that the prices can be automatically transferred into finance systems, purchase order systems and marketplaces. Moreover, public sector bodies have a legal obligation to have properly tendered contracts for all spend over the EU limit (around £100K), and again appropriate software can ensure compliance with contracts for the purchase-to-pay cycle that follows on from sourcing.

ELECTRONIC MARKETPLACEMany councils now have all contract suppliers on their electronic marketplace. The e-marketplace creates the requisition through an easy shopping process, this is approved on the finance system and the order is routed via the marketplace into the supplier’s back end finance system with invoices coming back in the opposite direction. This provides significant savings through ensuring contract compliance, correct pricing, accurate orders and invoices, with an additional savings in reduced time for both buyer and suppliers. BASDA members and others support BASDA XML¹ for e-orders and e-invoices,

and this allows PO systems, finance systems and e-marketplaces to interoperate in a proven and effective manner. Thus customers can be assured of interoperability between different vendor solutions. When aligned with clear operational strategy, IT presents worthwhile opportunities in helping public sector bodies prepare for lean times ahead. For example, implementing a robust asset management software solution can maximise efficiencies within the finance department through improved reporting functionality and increased automation in complex calculations such as asset value depreciation. Promoting an accurate centralised asset register can also improve inter-departmental communication and transparency, maximising business value, streamlining processes and allowing organisations across the public sector to achieve their full business potential through the prudent management of resources. As well as giving an organisation tighter control over operational costs and maintenance programmes, an up-to-date register also provides an accurate value of the asset base instantly. Additionally, a streamlined software system will help staff manage the complex and multitudinous data involved with depreciation reporting and component account detail, whilst provide a clear audit trail.

PERIPHERAL SOFTWARE SERVICESIn recent months, BASDA members have seen an increased demand for a range of peripheral software services that sit alongside the core financial/operational software run within public sector organisations. One of these emergent requirements has been for software that improves security of documents transferred electronically both within these organisations and with their external suppliers. A number of councils have become early adopters of this new software and now use it for the secure electronic delivery of a range of business documents such as e-pay slips, invoices, statements, P60s and even business council tax bills. There are a small number of software providers who are able to offer a solution to public sector organisations, and a key feature to look out for is compatibility with your ERP or back office system. Finally, both public and private sector organisations are under increasing government pressure to cut carbon emissions and this pressure will only increase, especially with the Carbon Reduction Commitment Energy

Jairo Rojas, director general of the Business Application Software Developers Association, looks at developments within financial and accountancy software for the public sector


FINANCE

Public sector bodies have to make signification savings, and many BASDA members are able to provide the complete set of solutions for source-to-pay, substantially reducing procurement and back office costs

Efficiency Scheme, which began in April this year. With 5,000 UK organisations committed to report on their emissions and carry out measures to bring about reductions, now is the time to invest in the necessary software systems to ensure compliance. Software is the foundation for success. It is the duty of software developers to continue to invest in developing suitable carbon management and reduction technologies. It is also vital for the authorities and climate change bodies to acknowledge and promote the key role software systems in effectively bringing about carbon reductions. With software developers, the authorities and environmental bodies all on board, organisations will only then recognise the critical role software plays in tackling climate changes. There is little doubt that budget cuts, job losses and legislative compliance pose major challenges for the public sector. But best practice, improved understanding and control over their resources will enable organisations to make far more informed decisions about capital expenditure, resource allocations and replacement budgeting, expansion or restraint. BASDA is a member-driven organisations where members benefit by sharing knowledge and expertise, and work effectively as one voice to address strategic issues and evolving legal, political and technical influences that affect the business software industry. BASDA offers a free booklet designed for organisations involved in the selection of a business software system and an appropriate supplier – ‘Selecting a Business System’ – please contact [email protected] for a copy.

Notes1. BASDA’s eBIS-XML Standard was developed about ten years ago, and allows orders and invoices to be exchanged electronically using e-mail, so that any attachment to an e-mail message could be rendered in a web browser to show an invoice or order as a document that subsequently could be printed out. It is provided as an upgrade to an existing accounting system, and improves office efficiency and reduction in elapsed time. It also provides a link between website and legacy order processing systems, and is an open standard developed by the software industry.


Tel: 01494 868030Web: www.basda.org



FINANCE

ABOUT THE AUTHOR

Jairo Rojas was appointed to the new position of director general of BASDA in February 2008, to manage and drive the ongoing growth and focus of the UK-based membership organisation. Jairo joined BASDA after significant experience of working with both large IT corporations, and small start up organisations, and so is well placed to understand the needs of the diverse range of BASDA members. Jairo has wide experience in senior channel management roles and is used to leading, motivating and guiding teams of diverse talents to achieve the

required results. Jairo has lived and worked in several countries including the UK, Sweden, South Africa, USA, and his native Colombia. His past roles include International VP and Managing Director for IPIX Corporation, EMEA Channels General Manager for SSA Global, International Sales Director for MicroStrategy Inc, Affiliates Development Manager for JBA Software Limited, plus over eight years with IBM EMEA. Qualified with a business degree and with a Masters in Finance, Jairo’s academic qualifications complement his successful and wide-ranging business experience.

Jairo Rojas


THE VIRTUAL OFFICE

AS MORE PEOPLE wish to work from home or at remote locations there are increasing pressures on the IT function to deliver the same functionality to a remote employee as to those sitting at a desk. The technologies involved are now readily available and in use by many parts of government. There are challenges associated with implementing and supporting these applications and meeting the expectations of the remote user.

TECHNOLOGY AND THE WAY PEOPLE WORK20 years ago, the mobile phone was the size and weight of a brick, the take-up of e-mail outside of large organisations was negligible and the internet was accessible mainly over slow, unreliable, expensive, dial-up connections. Today, anyone not sporting the latest quad band mobile phone, slipped neatly into the shirt pocket, or not enjoying an ‘always on’ internet experience is regarded as a cave dweller. The remarkable progress in the development of mobile and broadband technologies has changed the way that people choose to live their lives. High speed, reliable communication enables work to be undertaken irrespective of physical location. Some 80 per cent of the UK working population are considered to be “Information Workers” for whom the tools of the trade are a networked PC and a telephone. There has been a steady rise in the take-up of home working over the last 20 years. Government figures show about 12 per cent of the UK workforce now work from home. There is much evidence to suggest that employers who give workers the freedom to work remotely are rewarded by improved

productivity and loyalty. Studies show that generally, the productivity of home-based staff is some 10-40 per cent higher than that of their office-based counterparts. With the increasing cost of fuel, there are significant financial incentives to eliminate or reduce the daily commute. Britons experience the longest commutes in Europe.

IT AND THE HOME WORKER The term “home working” can refer to different working models such as:• Working as an employee but operating from home for all or part of the working week using technology to provide secure access to the employer’s computer systems• Self employed, working from home• Mobile worker (sometimes referred to as a “road warrior”) working peripatetically and using home as a base (e.g. travelling sales person)Information technology supports all these ways of working. The advent of Virtual Private Networks (VPNs) working over the internet allows secure remote connections to be established to an employer’s back-office systems. The availability of mobile technology with both data and voice capability and the ability to utilise wireless “hot spots” is highly beneficial to the mobile worker. One aspect of home working which is yet to be fully exploited is the use of home workers to perform the types of duty normally associated with a call/contact centre. Today’s technologies mean that it is unnecessary to corral large numbers of workers into large open plan offices simply to be able to work with a PC and phone. Calls can be distributed

automatically to home-based agents operating with a PC and telephone, indistinguishable from those in a call centre. The potential benefits are huge; operating costs are reduced and the employer can vary the number of agents available almost instantly to meet the prevailing inbound call level. For the employee, part time working becomes viable as travel-to-work costs are eliminated. For those working at or near national minimum wage levels, this is an important consideration. No one can deny that technological developments over the last two decades have enabled new, flexible ways of working that many people are now taking advantage of. New developments such as NGA (Next Generation Access), a super-fast broadband service, and higher speed wireless services are now being rolled out. These will further support and encourage location-independent working. While these developments are good news for the home worker they do pose practical problems for IT managers.

THE IMPLICATIONS It used to be so easy. The servers and the data stayed in the data centre, the computers stayed in the offices. Security meant locks on the doors. Now everyone expects to access anything anywhere on all types of device. How does an organisation successfully marry up the demands from computer users with the need to maintain security? These demands mean huge changes for organisations, managers and of course for the IT department that has to make everything work and keep everything secure. The enterprise as a whole has to re-think what security means in terms of computers and data. The fear is that confidential data could be leaking out of the organisation via every laptop and mobile phone it possesses. Businesses must protect themselves against two types of vulnerability – unwanted people getting in and data leaking out.

KEEPING UNWANTED PEOPLE OUTProtecting your organisation against intruders requires effective authentication. Users may have to become accustomed to two-factor authentication – something they know and something they have. The something they know is generally a password or PIN code. The something they have might be a smart card or a rolling security code created by a key-fob device or sent to their mobile phone during the login process. And if a third layer of security is necessary, biometric ID such as face recognition or fingerprints could be employed. Many attempts to break into an organisation will be web-based and highly automated. It almost goes without saying that good quality security devices such as firewalls are essential. Furthermore, they must be properly installed. An IT security plan must be checked and tested by an independent third party. This will deliver peace of mind to all stakeholders.

Technology is freeing up staff to work from locations other than the office. But what are the implications for organisations, managers and the IT function?

www.governmenttechnology.co.uk Written by the Telework Association

MOBILE WORKING

Remember too that continuous monitoring of all entry points to a network for signs of attack – the computer equivalent of CCTV, is good practice. Data loss is every employer’s nightmare. Preventing it needs two things – an effective data security policy and the cooperation of every member of staff. One simple decision has to be made. Should data be let out of the data centre or not? If the answer is “no” then anyone who wants to access it does so via a remote link. That works well for high-security organisations and when every remote user has online access. But many people need to access their data when they are offline too. For example, if the work involves meeting people at their homes, your employees might not have the option of being online. Working in a remote area might also mean that an internet connection is simply not possible. Any data leaving the data centre must be encrypted and it must stay encrypted. The minimum standard now is that all laptop computers are encrypted and any removable storage must be encrypted too. Also, mobile phones should not be overlooked. Phones with e-mail can be the Achilles heel in data security. A facility is needed to wipe any lost or stolen mobile and have procedures that immediately stop e-mail forwarding.

DON’T FORGET THE USERSIn the midst of this whirlwind of security measures it’s easy to forget the humble users who are just trying to get on with their jobs. The need for security has to be balanced against ease of use. If security is made too onerous, staff will not be able to use the IT system. Or worse, they will bypass the security with inventive alternatives. IT managers must get users on their side. Users should be educated about the need for security so

they understand that it is for their own protection. This should be backed-up with clear instructions about what is permitted and what is not. THE HARASSED MANAGERAt the end of this process of change the managers still have to run their teams and keep everything functioning. How can they manage people they can’t see? How do they keep their team collaborating when they are apart? Managers must start by deciding what they are measuring. They must measure the right things, like outputs not inputs. They can’t just count the hours spent, they have to measure what each member of staff produces. Visibility of all the members of a remote team can be achieved through a thing called “presence”. Presence indicates that someone is

there – a little green light next to their name tells you they are working at their computer. Presence often goes hand-in-and with instant messaging. Instant messaging keeps communications alive by bridging the gap between the phone and e-mail. To avoid interrupting someone with a phone call, but without having to wait for a reply to an e-mail, use instant messaging. They can answer it when it’s convenient and it’s quick and easy. And finally, remember that remote working is not all or nothing. Designate a regular “office day” or a team meeting time so people do physically meet up and get the valuable contact time that makes teams really gel. How about meeting home-based staff at their homes so they don’t feel so isolated? The time invested is a small price to pay for a happy and productive team.



MOBILE WORKING

INGSTON TECHNOLOGY is the world’s largest independent memory manufacturer, offering

a wide range of quality products and services designed for increased productivity and overall system performance. Kingston Technology offers a range of focused products that provide solutions aimed at resolving increased pressures on departmental budgets and governmental IT investments: System memory – significant reduction of costs for both client and server system memory upgrades. In the majority of cases, Kingston Technology memory is up to 30 per cent less expensive than the original system manufacturer, without compromising on performance, compatibility or availability. Lifetime warranty is offered as standard. SSD storage – As well as offering memory

upgrades, Kingston Technology is also a leading provider of Solid State Drives (SSDs). SSDs offer significant performance increases over traditional Hard Disk Drives (HDDs) whilst ensuring improved system ROI, less downtime and higher reliability. Encrypted USB drives – To solve the need to protect critical or confidential data on the move at an affordable cost, Kingston Technology DataTraveler Vault Privacy and 5000 drives allow you to easily take

advantage of this essential technology. Support – Free 24/7 support is provided for peace of mind, and the option of a free of charge KingstonCare extended support service for memory and SSD i.


Tel: 01932 738888Fax: 01932 785469Web: www.kingston.com

Performance and ROI improvements from Kingston Technology

K

CASE STUDY – CYGNET SOLUTIONS LTD

Cygnet Solutions is a Scottish IT services company that has been using flexible/home working methods for the last 15 years. Personnel work flexible hours allowing them to organise their work around family commitments. Employees are equipped with secure connections into the company’s offices. Increasingly web-based applications are used which lend themselves to location-independent working. Employees work at the company’s offices when required (e.g. meetings, group events, functions, etc). A ‘light touch’ management style is adopted, measuring performance against agreed targets – not micro-managing. Although at any one time, staff may be working in a number of different locations, by adopting the right technology Cygnet is able to appear to the outside world like a ‘conventional’ company. Incoming telephone calls are transferred

quickly and professionally to employees. To the caller, the process appears like a normal switchboard. Frequently callers are unaware that they are speaking to someone working from home. The use of Virtual Private Networks (VPNs) allows staff to have ‘always on’ connections to the company’s resources with the facility to share files and resources and receive e-mails and instant messages in real time. The back-up of all important files is automatic and carried out centrally. Staff appreciate the freedom they are given and respond with high productivity, a low rate of absenteeism and a staff retention rate of almost 100 per cent. An additional benefit is that by cutting down on both office space requirements and commuting, the company calculates that its carbon footprint is reduced by about two tonnes of CO2 per annum.



COMMUNICATING WITH THE COMMUNITYA NUMBER OF FORWARD THINKING councils are now incorporating text messaging into the way they communicate with their community and importantly giving the public a low cost, simple route to talk to the council. Importantly text messaging is socially and digitally inclusive, over 98 per cent of UK adults now have a mobile phone. Many councils are adopting simple-to-use interfaces from companies such as txttools.co.uk. This service allows the user to send and receive SMS text messages from their computer and track the delivery, much like e-mail, but with audited delivery. Having the ability to create discreet groups of customers, clients, patients or staff can have major benefits when you want everyone to be notified with a single message. The tool is completely flexible, so you can send a message to a group or to an individual person. Messages can be sent instantly or scheduled at a later time and date. The schedule can be set months or even years in advance and sent out when that message is relevant. Messages can even be edited right up until the scheduled time to allow for changes in arrangements. Customers can be added to lists requesting information and replies may be automated or custom sent. Many councils are now incorporating txttools into their disaster planning, it is proven to be the fastest, most reliable method for communicating with large groups of people.

WHAT ARE THE PRACTICAL USES FOR COUNCILS? txttools can be used for emergency planning, for environmental notification and enquiries. For example flood warnings, electricity outages, water, transport, health warnings and severe weather warnings. It can be used for repairs and maintenance, such as repair reminders, surveys, contractor information, repair requests, enquiries, complaints, contractor orders, contract follow-ups, gas repairs, inspection notifications, health and safety information and notices. Other popular uses include using SMS for staff contact, meetings, appointment arrangements and reminders. It can also be used for youth services, tenant surveys, intruder alerts, anti-social behaviour, and reporting crime/vandalism. Uses also include voting both for staff surveys and public surveys, rent arrears reminders and rent remittances. Many libraries are using SMS text reminders for overdue books and to tell customers that reserved books are now in the Library. Sports centres can use it to confirm bookings and to tell people about events. ‘Neighbourhood watch’

groups can use it to let people in a very specific set of postcodes know if there is any activity in their area that they should be aware of.

WHY ARE THEY CHOOSING TXTTOOLS®?txttools have an uninterrupted message delivery in the public sector for the last nine years. They are used by councils, police forces, schools, hospitals, clinics, connexions and over 45 per cent of the UK colleges and universities. It is a robust sophisticated messaging platform that is easy to use underpins the companies business. The txttools team have and continue to respond to development needs of the community. The application includes an array of features; two way messaging and secure online access 24 hours a day, seven days a week from any PC (using the same security as online banking). You can send messages to groups or individuals, instantly or schedule for later delivery. You can also track delivery of every message. It is possible to convert text message to voice mail if the number is a landline. There are also inbox rules, RSS feeds and auto responders. The txttools team have an outstanding reputation in both their face-to-face customer training and unlimited support which is included in the package.

WHAT THE USERS ARE SAYINGLisa Holland, youth services worker – Information Services at Stirling Council, said: “We use the system in our youth texting service in Stirling to group young people together in areas, interests, or groups, so we can contact them with information relevant to them.

“We find that the system is easy to use which has enabled us to enrol this out to our staff so they can use it to engage with young people in youth groups or projects that they are involved in. The support and guidance we have had from txttools over the past two years has been brilliant.“ Barry McHenry, e-Services coordinator at Greater Merseyside Connexions Partnership Ltd said: “We use txttools to contact young people about Connexions services and have more recently added the emergency text system; this proved invaluable during the freezing snow conditions in January, when we were able to get instant messages out to all our staff at relatively low cost. “We have been working with txttools for nearly 18 months and have been really impressed with the service and the results it’s generated for us. We also recommended txttools to several partners who are equally happy with the product.” Here are some links to councils using txttools:• www.fifedirect.org.uk/doitonline/ index.cfm?fuseaction=online.alert • www.stirling.gov.uk/index/ lifeyouthservices/info_txt.htm • www.stirling.gov.uk/my/ • www.fareham.gov.uk/general/texting.aspx• www.eastriding.gov.uk/cs/streetscene/ maintenance-operations/textmessageservice/


Tel: +44 (0)113 234 2111E-mail: [email protected]: www.txttools.co.uk

Can an SMS text message strategy deliver information of real value to your community?

MOBILE WORKING


POLICE MOBILE SYSTEMS: HOLY GRAIL OR POISONED CHALICE?

IT’S TWO AND A HALF YEARS SINCE Gordon Brown announced the mass deployment of mobile computing devices to frontline police officers. Speaking at the Labour Party Conference in Bournemouth in 2007 he said: “We will provide hand held computers – 1,000 now, by next year 10,000 right across the country – cutting paperwork so that officers can log crimes on the spot, stay on the beat and not waste time returning to the station to fill out forms.” Since then central government has invested

£80 million. This equates to approximately £1.5m per force, although the money has not been divvied up equally. The National Policing Improvement Agency (NPIA) was responsible for the distribution of the cash and forces were allocated funds depending on certain criteria including size, but more importantly, capability to deliver. The latter focused on aspects such as ability to deliver on time, alignment with force strategic objectives and commitment to realisation of benefits. The higher a force scored on their capability to deliver the greater the slice of the pie.

LARGE SCALE ROLL-OUTThere are now over 40,000 devices deployed, with the vast majority of the 50 or so UK police forces now using some mobile system or other. Devices of all shapes and sizes (PDAs, BlackBerrys, Toughbooks, detachable in-car Mobile Data Terminals), delivering all sorts of solutions (crime, intelligence, PNC, missing persons, command and control, e-mail, mapping – the list is long and comprehensive) are now in the hands of a large percentage of frontline police officers. Not bad going at all, but it’s much more than a numbers game – benefits realisation is, of course, the key.

Jan Berry’s ‘Reducing Bureaucracy in Policing’ report published in November 2009 touched on the subject of mobile data in a rather cautionary manner: “While the underlying technology is now available, at present not all forces are able to make full use of this, which will restrict benefits. As a result, it is important not to overstate what the devices will achieve: claims such as promising that officers will save ‘30 minutes per shift’ are as yet hard to prove, particularly as at this stage, most front-line officers do not have units

that allow them to access the full range of databases and operational systems.” So where are we now and how far have we got to go to realise the full benefits of these devices?

WHERE ARE WE NOW?Within UK policing there is a wide body of knowledge about how to implement a large number of mobile devices in a relatively short time frame. For example, some forces went from essentially nothing to 1,000+ devices in under six months. The technical challenges are well understood and the traditional barriers to usage relating to reliability, battery life, security, connectivity, ease of use, suitability for purpose and so forth have partly been eliminated by technological improvements and creative thinking. These developments mean that it is easier (but by no means straightforward) to provide officers with mobile technology that potentially meets their needs whilst out on the street. There has also been considerable investment in benefits management to assess whether the officer’s and the organisation’s needs are being met. Benefits identification and benefits reporting mechanisms are now well established allowing the NPIA to get a clear

picture of what is being achieved through the monthly reporting of stats. What these stats indicate is that whilst some forces are doing well, others are struggling. In the best case scenarios the majority of frontline officers are using their devices on a regular basis and this usage is translating into increased time on the streets, which should ultimately lead to a better service being provided to the public. On the flip side devices are being left in lockers, officers are disinterested, benefits are scant. Why the differences?

OVERCOMING BARRIERSAs with all complex projects there are common themes that impact on success such as insufficient executive buy-in, lack of a clear overarching vision, over-stretched under-resourced project teams. There are also big differences between the systems being deployed – some are head and shoulders better than the rest in terms of usability and design features. But perhaps where forces are falling down the most is where not enough thought or resource is being invested in affecting behavioural and cultural change across the organisation. Whilst forces know that the change process is critical to the successful embedding of new technology, there has not been enough impetus to address this challenge. One might argue that there has been an underlying expectation that mobile systems would inevitably return significant benefits. Why wouldn’t they? Giving officers the tools to keep them out of the station and more visible to the public, whilst reducing administrative burden, is surely a winner? Well, it would be if it wasn’t for culture, confidence, expectations and all those other human quirks that influence behaviour. The police culture, any culture for that matter, can be likened to an elastic band. You can stretch it to where you want it to be, but when you let go it reverts to the way it used to be. That’s why we need to work hard to embed mobile systems, to permanently reshape the cultural elastic band. To do this we need to effectively engage the system users and develop new organisational processes that will support the new frontline working methods.

SUCCESSFUL ADOPTIONThere are several good examples of where this has been done well; where champions’ and supervisors’ networks provide on-the-ground support for all; where training has focused on the why and the where, and not just the

The last two and a half years have seen significant government investment in police mobile systems. Paul Hampton from C-innovate looks at how this investment has panned out and what the future looks like


While the underlying technology is now available, at present not all forces are able to make full use of this, which will restrict benefits. As a result, it is important not to overstate what the devices will achieve: claims such as promising that officers will save ‘30 minutes per shift’ are as yet hard to prove, particularly as at this stage

MOBILE WORKING

how of using the devices; where instilling user confidence has been the primary objective; and where processes have been re-engineered to optimise the benefits for all stakeholders. These interventions don’t necessarily need to be overly resource intensive, but they do need to be managed, maintained and sustained. If they aren’t it is proving hard to crack the traditional technology adoption curve. Every force has its innovators and early adopters who regularly use, explore and promote the mobile devices from the outset. This enthusiasm needs to spread to the early majority, from where the project gains critical mass and the late majority and laggards adopt the changes. The transition from early adopters to early majority, or “the Chasm” as postulated by Geoffrey Moore, is often the biggest hurdle to cross and is exacerbated by the high expectations of users resulting from their experiences with iPhones and other easy-to-use high-tech gadgetry. Highly focused user engagement and support activities at the early stages of a mobile roll-out can have a significant impact on how effectively the chasm is crossed and how quickly critical mass is achieved. And clearly the quicker this is achieved, the quicker benefits are realised and the investment proves worthwhile. There is also a need to be savvier about how to prevent users from reverting to their old ways of working. If users can still fill in paper forms, call in requests over the radio or return to the station to use a desktop, some users certainly will. A reduction in fixed ICT infrastructure, elimination of certain paper

forms and better radio discipline all need to be addressed and the sooner the better. In the current economic climate, with police forces facing significant cutbacks, cashable savings will be essential to mobile data’s future. Jan Berry notes: “While the Home Office has provided the up-front funding for many of the mobile units in use today, concerns have been raised about ongoing and maintenance costs. These will be recurring costs, and forces will need to make adequate provision.” Figures of £1,000/year are not unheard of in relation to the upkeep of desktop computers (yes, that’s per computer). Reducing the desktop infrastructure will also reduce the need for desks and potentially reduce the need to have some of our smaller police stations – these savings could easily cover the costs of mobile systems.

CASHABLE SAVINGSMartin Hansen, the director of information at Nottinghamshire Police, emphasises the need to illustrate cashable savings. He believes that the police have to work towards a self-service economy, where officers access information for themselves from hand held devices, rather than calling up over the radio or returning to the station to do so. Martin likens present day policing to the service driven society of the 1960s where petrol pump attendants filled up your car; the attendants being the support staff who undertake many of the back office tasks on behalf of police officers. In transforming policing to a self-service model there is also a need to simplify how benefits are managed; Martin describes the NPIA methodology of

benefits management as “though rigorous, is complex and for the most part difficult to understand” and he seeks to introduce a simpler benefits model whereby forces can easily demonstrate the cashable savings from their mobile implementations. This simplification should make it much easier to justify ongoing expenditure in mobile systems in the short to medium term; where it is definitely needed. So, Holy Grail or poisoned chalice? A bit of both. Some of these mobile projects have shown how pre-implementation excitement can be translated into post roll-out enthusiasm. There is still, however, a wide gulf between effective benefits reporting and effective benefits realisation – and to bridge this gap more focus on instilling confidence and engaging users is badly needed. The user experience is critical and the quicker we get it right, the quicker the inevitable transition to mobile computing will be achieved. And only then will the public get real value for money out of the investment in 21st century police mobile technology.



MOBILE WORKING

Don’t leave yourself exposed, contact us today on 01793 858181or visit www.cherwellsoftware.com

Cherwell. The service desk solution that covers all your ‘vITIL’ areas

The complete IT Service Management solutionCherwell is the ITIL solution that covers every angle – more powerful, more customisable, more scalable and more cost effective than other systems. Fast and easy to deploy, simple to manage, offering ITIL best practice ‘out-of-the-box’. Available as a traditional ‘On Premise’ installation or via a fully hosted SaaS solution, the choice is yours and with our unique CBAT technology, Cherwell delivers a truly powerful, scalable solution without ever stripping your budget.

Innovative Technology Built on Yesterday’s Values

So this is the software I can easily customise and configure. Let’s look at the

product videos on their website...


GETTING THE MOST OUT OF ITIL

MOST PEOPLE WORKING IN IT TODAY have heard of ITIL®, the IT Infrastructure Library of best practice guidance for IT service management. However, not all of them truly understand the potential it has to improve efficiencies, improve skills, improve services, and improve delivery across all of government IT. ITIL has been around for 20 years, and is now the de-facto sourcebook for service management in all shapes, sizes, and types of organisations. The books provide a process based framework for the management of IT services, with associated principles, methods, techniques, roles and responsibilities. Although originally authored for government IT, the adoption of ITIL spreads well beyond the public sector and the UK. Since ITIL version 2 was published in 2000, most UK public sector organisations implemented some of the ten processes described in that version, although the majority used very few of them.

ITIL VERSION 3In 2007 the latest version, Version 3, was launched, refreshing and updating the content and reforming it into five core books

using a service lifecycle approach. Over 30 processes are described, covering strategy, design, transition, operation and continual service improvement for IT services, all under the banner of service management. This recognised that in order to achieve service excellence, service management techniques must be used throughout the full lifecycle of services and changes to those services. This means that an awareness of ITIL is now beneficial for everyone working in IT, not just those responsible for live services. It also means that service management functions need to be involved from the start with IT projects, working throughout the lifecycle alongside project teams, designers, developers, and testers. Although ITIL version 3 has now been available for over three years, Version 2 is still the most prevalent version in use. There is, however, an increasing interest in some topics that were not in Version 2, such as service catalogue management. The approach generally recommended is to adopt Version 3 as the definitive source for

new initiatives. This incremental approach is the most sensible and cost-effective way to implement the new thinking.

ACHIEVABLE BENEFITS The benefits of adopting any process based framework are well known: • Efficiency – do what you do well• Effectiveness – consistently deliver what is required• Quality – deliver to a consistent and appropriate level of quality• Maturity – remove reliance on the knowledge of particular individualsITIL is the appropriate framework for IT services. Therefore, adoption of an integrated service management approach using ITIL will bring these benefits to the delivery of IT services, and accordingly to the organisation and its customers. In addition, correctly designed, implemented, and managed implementations of service management can significantly reduce the overall lifetime costs of all IT investments. These benefits have been proven in many organisations, in many countries, and in many market sectors, including the UK public sector. This is achieved using a combination of pro-active processes to deliver and maintain services that work, re-active processes that efficiently and effectively resolve issues that arise, control processes that manage risks, and relationship management processes that provide the bridge between IT, the business, customers, and suppliers.

THE DRIVERS FOR IT SERVICE MANAGEMENT There is often a tendency in IT to focus on technology and functionality to deliver the expected benefits of IT investments without truly considering how the service should be designed, delivered, and managed in live operation. The implications of this include:• Repeated service failures, harming the organisations efficiency • Poor availability of the services• Slow performance

Most of those working in IT have heard of ITIL. But do they truly understand its full potential, asks Kevin Holland


ABOUT THE AUTHOR

Kevin Holland is an experienced service management consultant and practitioner, with practical experience of applying ITIL in both the public and private sectors. He is the National Competency Lead for IT Service Management, the chair of the Cross Government Enterprise Architecture Service Management Domain, a senior ITIL examiner and a member of the BCS ISEB ITIL V3 working party.

IT SERVICE MANAGEMENT

ITIL Service ManagementAvailable to purchase as either a standalone solution or integrated with our NetSupport DNA IT Asset Management suite, NetSupport ServiceDesk helps you e� ortlessly track, organise and manage the toughest desktop support challenges.

Web-based and compliant with the core ITIL Incident, Problem and Change Management guidelines, NetSupport ServiceDesk’s intuitive interface and streamlined work� ow processing ensures your support team are using their time e� ectively and not being burdened with excessive administrative duties.

NetSupport ServiceDesk automates the assignment and prioritising of incoming incidents, escalates issues where necessary, provides a wide range of real-time status reports and an online knowledge base even allows customers to search for a solution to their problem before they get a chance to add to your support teams workload.

To see why NetSupport ServiceDesk has been voted Service Management Product of the Year for the past two years visit www.netsupportservicedesk.com and download a free trial.

www.netsupportsoftware.comemail: [email protected] tel: 01778 382 270

Remote Access & Desktop ManagementWith comprehensive multi-platform support for Windows, Linux, MAC, CE, Pocket PC and Windows Mobile systems combined with advanced desktop management functionality, NetSupport Manager o� ers complete compatibility for today’s business environment.

Monitor multiple systems in a single action, deliver hands-on remote support or interactive training. Dynamic Auto-Grouping of machines by operating system and platform provides an instant overview of your IT environment and with a growing number of manufacturers shipping servers, laptops and desktops that support Intel® vPro™ technology, NetSupport Manager can now be con� gured to browse for this capability, enabling a range of diagnostic functions to be performed remotely where previously a physical visit to the machine would have been required.

“In our view remote control software simply doesn’t get any better than this. NetSupport Manager 11 provides everything a support department could possibly need as it’s very simple to deploy, delivers a wealth of highly accessible features and combines these with extreme ease of use and good value.” - Network Computing

For more information and to download a free trial, visit:www.netsupportmanager.com

E� ective Management and Support Tools for the Modern Service DeskThe availability of business critical systems is key to the success of any government department. Ensuring this is the case relies on your support team being able to deliver an e� ective and timely response to IT related incidents. With a global install base

approaching 9,000,000 systems, NetSupport’s complementary software solutions are proven to help you reduce system downtime while also being able to o� er a more cost e� ective and productive service.

• Increasing costs of IT support and total lifecycle costs• Failure to achieve the expected return on investment• Damaged reputationThere have been several high-profile examples where “minor updates” resulted in major disruption to users, or where a new high profile service couldn’t cope with the volumes on the day of its launch. Hence the first driver is the need to improve the quality of the services that we deliver to citizens. The second driver is the need to reduce the total costs of government IT through the full lifetime of the assets, focusing on operating costs as well as initial investment. The aims of the ITIL lifecycle approach include minimising support costs, increasing the return on investment, and increasing value on investment. The third driver is the expected change in overall IT and business architectures, including data centre consolidation, shared services, service integration across organisations, cloud computing, and the public sector network. This will challenge the way that we manage IT services today, as the increasingly complex supply chains require effective end to end service management across several organisations.

THE ISSUESAlthough most organisations have adopted some service management processes, in the majority the scope is limited to the provision of a help desk, basic change recording, license management, and IT focused service level reporting. Whilst these elements offer initial improvements to users, the absence of the other process areas, particularly the pro-active and risk management areas, mean that the full benefits of an integrated service management approach cannot be achieved. For some organisations this is further compounded by a low level of process maturity. In 2009 Hornbill Systems carried out a survey on behalf of the itSMF. This survey looked at the percentage take-up and maturity of the ITIL processes across a variety of organisations. The analysis of the results confirmed that: “For those that have migrated to ITIL v3, it has simply been of the existing, or popular, v2 processes and not all the processes, making it appear, yet again, that ‘cherry picking’ of the processes is still dominant” and “46 per cent of organisations admit to having a medium to low level of maturity, with only 31 per cent in the high to very high levels.” The survey also confirmed low take-up of key processes such as capacity management (25 per cent) and release management (40 per cent). Hence we should not be surprised that our IT systems sometimes run slowly, run out of capacity, or fail after “minor upgrades”. The evidence of missing the opportunity to implement a broader range of mature, integrated service management processes

is clear – repeated service failures, poor service availability, failure to achieve expected return on investments. Yet many organisations seem content to increasingly invest in the re-active areas such as IT help desks, but fail to invest in the pro-active and risk management areas to ensure that high quality services are designed and delivered. For many IT projects, service management is only engaged just before going live. The symptoms of this include service desks without the knowledge to support the services, unfixed defects, and solutions that repeatedly fail in live use. A final issue is a shortage within organisations of the skills required to successfully implement aspects of IT service management. Although large numbers of IT staff have service management qualifications, many of them do not have the experience to be able to apply their learning – particularly as ITIL guidance generally needs to be tailored to particular requirements and environments. The usual solution has been to bring in external resources, but this tends to be a costly exercise and does not always embed the necessary skills in the organisation. Hence this combination of issues provides the “perfect storm”, driving up IT lifetime costs and adversely affecting the quality of services delivered.

THE SOLUTIONThe good news is that effective application of IT service management based on ITIL through the service lifecycle can help us address all of these drivers and issues, improving services, reducing costs, and supporting new architectures. So where do you start? The best place to start is to define what services and what value IT provides to the organisation. This ‘Service Catalogue’ should describe every service that the users receive, and what business functions and outcomes are supported by each service. An assessment is then made about how well each IT service supports the business, to highlight areas for improvement. The usage and maturity of each ITIL process can then be assessed, identifying those that are appropriate to making the required improvements. One area that can give major benefits to most organisations is the adoption of the methods from ITIL Service Design, such as the service design package, capacity management, and availability management. These pro-active methods ensure that the requirements for

successful and effective services are designed in from the start. This has the additional benefit of early involvement with service management, and can be applied to all changes to IT systems and services, not just to brand new services. A second area is ITIL Service Transition, the lifecycle stage that converts the designs into solutions, including all necessary planning, testing, and knowledge sharing. The service design package is used as the set of requirements for testing, ensuring that the new or changed IT service will meet expectations once it is live, and can also be used to assess the risks of proceeding. The skills and experience to implement these suggestions and achieve the benefits already exist within the public sector, although they tend to be dispersed across the organisations. There are also numerous people outside the public sector who are willing to share their experiences. Hence the key to moving forwards with IT service management is to tap into this pool of skills and experience. This can be done in several ways:• The Government IT profession is the professional group for those working in IT in the public sector. There is a website and an on-line community space, with a specific competency group for service management, and a network of organisational competency leads: www.civilservice.gov.uk/my-civilservice/networks/professional/it/index.aspx• BCS, The Chartered Institute for IT, has a service management specialist group providing an avenue for developing and promoting IT service management via the website and events. Visit www.bcs.org • The itSMF is the largest independent forum for service management professionals, providing a network of industry experts, information sources, and events. Their annual conference is in London on 8 and 9 November, with over 40 speakers sharing their advice and experiences. There is also an itSMF public sector special interest group. Visit www.itsmf.co.uk

CONCLUSIONTo date, many organisations have only dipped their toe into the reservoir of best practice for IT service management. Service management has a key role to play in the future of government IT and the delivery of improved services to citizens, but only if we take the opportunity to exploit the lesser used areas from ITIL by learning from each other.



Service management has a key role to play in the future of government IT and the delivery of improved services to citizens but only if we take the opportunity to exploit the lesser used areas from ITIL by learning from each other



MAINTAINING A HIGH LEVEL OF SERVICEIT’S THE SUBJECT on the tip of everyone’s tongue…the Coalition Government, after announcing budget cuts of £6bn owing to mistakes made across the financial market, is warning us all to tighten our belts and prepare for the worst cuts the UK economy has faced for decades. So how are companies meant to be continuing to provide the same high levels of service with a reduced workforce and uncertain budgets? Will the public sector batten down the hatches and settle itself in for a long hard storm to weather, while the long-term effects reveal themselves in the form of tighter competition, smaller profit margins and the loss of contracts? Or will the cuts mean more outsourcing of contracts and jobs, allowing field service companies to broaden into new markets, creating jobs and the chance for GPS and mobile workforce

management to take hold? As the government predicts that a stable and healthy return for the money markets is not an overnight occurrence, managers everywhere wait with bated breath for more information on how this situation will play out long term. Service Management Expo is Europe’s only dedicated annual event for the field service market, a must-attend event for service management, logistics, fleet management, facilities, operations, finance and IT professionals. All of the issues, predications, forecasts and difficulties that the industry is experiencing are up for discussion at this year’s event. Held 21-22 September at Birmingham NEC, it boasts its biggest line-up of solutions yet, with over 100 leading exhibitors, including Airwatch, Brother, Destiny Wireless, Getac, Mobilis, Panasonic, Psion Teklogix and X2 Computing.

SHARING BEST PRACTICEFor field service managers, struggling to keep hold of contracts, win new business,

motivate and optimise their workforce, and keep up with the latest hand-held technology, Service Management Expo has an unrivalled education programme which offers first hand advice and experiences on how to survive, stay at the top of your game and maintain a competitive advantage. With a renowned three stream conference programme over the two days, SME offers visitors the opportunity to hear case-studies from successful businesses including: Sky, EDF Energy, Virgin Media and Newcastle City Council. It also has three product-led solutions theatres, which are the perfect place to see demonstrations of the latest technologies. HIGH-LEVEL KEYNOTE SESSIONSEach day offers a high-level keynote session, allowing visitors to benefit from leading insights and the latest know-how as part of

the industry’s only free education programme. Already confirmed for Tuesday 21 September is ‘Competing for Trust: Why service competence alone is not enough’ with Don Peppers. Visit www.servicemanagement.co.uk/education for a comprehensive education and conference programme list, allowing you to maximise your time away from the office.

WELL-INFORMED PURCHASINGSME celebrated its 25th anniversary last year, and this year is again set to celebrate the survival and achievements of the field service industry against the odds. It will be showcasing the latest developments as well as live demonstrations, enabling well-informed purchasing decisions to be made. The core areas covered are:• Service Management Software & Systems • Tracking, GPS & Fleet Management• Logistics & Distribution• Workforce Optimisation & Scheduling• Mobile Communications & HardwareAt SME you will find the largest collection

of suppliers showcasing excellence across products, services and technologies in Europe. Whether you are looking to source new solutions, upgrade existing ones, or just discover how to utilise your existing hardware more effectively, SME is the place for you. This year SME has a brand new Vehicle Demonstration Zone, a display of engineer vehicles connecting technology to the reality of field service, as well as how to utilise your workforce to extend brand presence while representing your company in the field. The dedicated SME Networking Bar, situated on the show floor, provides you with the perfect opportunity to share ideas and solutions, and hear how other field service managers are coping with the loss of budgets and staff. Discuss practical ideas on how to keep ahead of competitors, source new and beneficial partners, and uncover the answers to whatever else is keeping you up at night.

NETWORKING HOURNew for 2010 is the ‘Networking Hour’ on both days from 12 – 1pm. Join your peers on the show floor bar to make new acquaintances and catch up with the regular faces within the industry. Don’t forget your business cards! In 2009, thousands of influential senior decision- makers, managers and directors invested their time in attending the show for one or both of the days – so why shouldn’t you? Don’t miss out on all these free opportunities, especially when most things at the moment tend to cost more and more. Plus, SME is co-located with Call Centre & Customer Management Expo, the leading event and conference for customer contact and integrated customer solutions. Your SME badge gives you free access, so bring your colleagues from customer service along. Entry to Service Management Expo is free if you register in advance, saving you £20.


Visit the website and register today: www.servicemanagement.co.uk/govtech

Invest in a first class field service at this year’s Service Management Expo



Service Management Expo is Europe’s only dedicated annual event for the field service market, a must-attend event for service management, logistics, fleet management, facilities, operations, finance and IT professionals

OPENING TIMES

Tuesday 21 September10am – 4.30pm

Wednesday 22 September10am – 4pm



New rugged mobile computing solutions for the outdoor workforce

UGGED MOBILE SYSTEMS LTD, the

specialist supplier of outdoor computing solutions, is pleased to announce two new advanced products to its range of rugged PDA’s and Tablet PC’s. M3 Sky+ is the latest in the highly successful M3 family of rugged PDA’s and uses the powerful PXA320 806MHz processor, 256MB RAM and 512MB ROM for unprecedented speed and robust application processing in a pocket-sized, slim and lightweight design. With GSM/HSDPA data and voice communication, 3 mega pixel camera, GPS, Barcode and RFID capabilities, plus industrial IP65 sealing and 1.5m drop ruggedness, it provides the ideal cost effective solution for inspection, field service and work management applications. The new Algiz 7 Tablet PC represents the next generation of mobile computing for the outdoor workforce. This IP65 sealed system has a 1.22m drop

test and a sunlight viewable 7” touch screen. It is compact, light and fast, with multiple connectivity options and has many advanced features including dual field changeable batteries and sealed USB and RS232 ports. It features an impressive Intel Atom 1.6 GHz processor, with a massive 64GB SSD and 2GB RAM, integral Camera and GPS, and runs Windows 7 Professional to support PC applications in the most demanding outdoor environments.


Tel: 0845 6520816 Fax: 0845 6520817 E-mail: [email protected]: www.rm-systems.co.uk

R

Mobile device management and security from Condico

ONDICO SPECIALISES IN mobile device management

solutions and services for government and NGOs, including: • In field maintenance• Remote control• Application upload and configuration• FIPS 140-2 validated encryption• Tracking• Menu lock down• Remote lock and wipe• Supply of Intermec ruggedised devicesWe can help ensure front line staff are properly cared for and

can provide more time in the field, thereby increasing service levels whilst reducing dead-time. Condico provides strategic consultancy, directly or through industry partners. From concept through trial to deployment, Condico provides all parts of the mobile solution through to handover to internal or outsourced support teams.


Tel: 01442 500600E-mail: [email protected]: www.condicomobile.com

C

O SOME THE NAME Advance ITSM might be new and to others the brand symbolises quality, trust, flexibility and

services that deliver real value added benefits. Advance ITSM specialises in two core areas:• ITIL and ISO/IEC 20000 Consultancy• ITIL Training and CertificationsThe management team behind Advance ITSM are passionate about delivering excellent customer service and are well respected in the field of IT Service Management. As a result of this we have grown considerably during 2009 and now wish to make considerable advances into the public sector by offering our ITIL products and expertise at cost that will help even the tightest of budgets. ITIL and ISO/IEC 20000 Consultancy – IT drives business today. Business profitability and shareholder loyalty is dependent on the high availability, dependability, security and performance of IT services. This has made the relative maturity or immaturity of IT management highly visible. This is further complicated by many businesses outsourcing the technology to deliver their core business to third party vendors such as ASPs, Network Operating and Data centres etc. How can Advance ITSM help you manage your IT more effectively, efficiently whilst ensuring compliance with your overall governance strategy?

We can conduct the following for you, tailored specifically around your requirements: • ITSM Maturity Assessments/ Process Health Checks• Advice and Guidance on Continual Improvement • ITSM Gap Analysis• ITSM Roadmap and Process Design • Governance Re-engineering• Advice and guidance on ITSM Tool

requirements, selection and implementation• ITSM Implementation Workshops (tailored specifically to your needs)• ITSM Interim & Project Management • ITSM Coaching and Mentoring Services Advance ITSM Training Services – at Advance ITSM we see education as being more than just training courses and pass rates. We believe that the education should be enhanced by a more thorough understanding of the subject matter, sharing knowledge and real-life experience. All our trainers are experienced, practicing consultants with a proven track record in the management and delivery of IT services, to ensure that you are told the basics, given real-life examples and involved in assignments that ensure the subject matter is understood. ITIL Version 3 Training:• Overview courses (1/2 day to 1 full day)• ITIL Foundation (1st step on the ITIL certification ladder) ITIL Lifecycle Modules (V3 Managers level leading to Expert)• ITIL Capability Modules (V3 Practitioner’s with option to achieve Expert status)


Tel: 0845 519 0948E-mail: [email protected]: www.advanceitsm.com

Advance ITSM – a specialist provider of ITIL® training, ITIL certifications and ITSM consultancy

T

Value

Chaos

supporting your ITSM journey

The journey of service improvement can take the IT organisation from the reactive and technology-centric focus characterised by the ‘chaotic’ helpdesk, to a vision of business-centred services that demonstrate IT value.

Supportworks provides the foundation to transform your service organisation, from chaos to value. The Supportworks platform offers a simple upgrade path from basic helpdesk, through your first ‘Bite-Size’ steps in ITIL adoption, to mature ITSM processes that deliver what the business needs.

With its unique ‘Human Touch’ features, Supportworks places the customer at the heart of IT Service Management, delivering increased service quality and improved customer satisfaction.

Register for the new white paper “Chaos to Value: the IT Service Management Journey”(Part 1: Chaos to Service Focus) www.hornbill.com/journey

Tel. +44 (0) 20 8582 8282 | Email [email protected] | www.hornbill.com

“We have largely implemented all the disciplines

associated with ITIL v2 and we are now looking at

where we can enhance elements using ITIL v3.

Supportworks underpins this approach, allowing us to

move to ITIL v3 at our own pace.”

Mel Gwynn, Operational Service Delivery Manager, Plymouth City Council

Hornbill_ITSM_A4_Ad_Quote.indd 1 10/05/2010 10:28


CELEBRATING IT SERVICE EXCELLENCE

THERE WAS AN IMPRESSIVE turnout for the IT Service Excellence Awards 2010 held at the prestigious Grand hotel on the seafront in Brighton. The spectacular dinner and presentation ceremony was an emotionally charged evening where the industry came together to celebrate the stars of IT service and support, offering their recognition to the hard work and commitment of all of the finalists in delivering exceptional levels of service. Guests were dressed to impress and gathered in their hundreds to applaud the winners. There was even an Oscar style speech from one very well deserving and delighted winner!

THE FANTASTIC FOURThere were four awards in total and an impressive shortlist. To get that far alone had been a mighty reckoning as Howard Kendall, chairman and founder of SDI, pointed out. “To reach this point each finalist has come through a grueling process, so it was difficult not to regard them all as winners in many ways. They can certainly be proud of their achievement.” In fact, the six finalists for the two IT Service Team Excellence Awards – one award for teams

with over 15 support professionals and another for those with less than 15 – had especially tough journeys. Not only did the judges pay a visit to each of their service desks, the final part of the process was for each finalist to get up on stage and sit on a panel answering questions in front of the 190-strong delegation at the SDI Annual Conference who then voted, by electronic keypad, for their favourite for each award. As scores from the audience were added to the judges marks, the final decision as to the winners of these awards rested on this vote. These six outstanding teams were also tasked with creating two-minute short films to be shown at the Awards ceremony (these brilliant and extremely entertaining films can be viewed at www.sdi-e.com/sdie-events/awards-2010/2010-finalists).

A NIGHT AT THE OSCARSYet the nature of competition is that a victor must prevail. And prevail the winners did. The first award of the evening was for the IT Service Supplier of the Year which is open to companies who provide services to IT support operations – be they

software suppliers or IT service outsourcers. Customers of the suppliers to the industry were encouraged to vote for them by ranking every aspect of their quality of service, product and value for money. Following the online customer poll, which ran for three months, the suppliers who received the highest scores from customers were invited for an interview with the judging panel. The winner – The Internet Group – was the first ever provider of outsourced IT services to have won this highly contested award and they were selected because of their customer focus and ability build deep relationships with their customers. Paul Andrews, judge and managing director of JIK Software, said: “I was very impressed with the ethos and work of The Internet Group. Their technical skills and offerings are all you would expect. What sets them apart and wins them awards though is their customer focus. Their willingness to build deep relationships and their obsession with responding to the needs of their clients is truly inspiring.” On receiving the award, Mitchell Feldman, sales and marketing director, said: “Winning this award is a tremendous achievement for us. We are incredibly proud of all our staff and thank our clients for their excellent feedback. We’re always aiming to add value to our clients’ businesses and to deliver a trusted and enjoyable customer service experience. We’re delighted that our efforts have been recognised once again.”

Emotions ran high as this year’s superstars of IT support took centre stage at the IT Service Excellence Awards



Howard Kendall, chairman and founder, SDI

Providing best in class records management for the London Borough of Hackney

The challengeThe partnership between LBH and TNT began in 2007. Following a rigorous nine-month tender process, TNT was awarded a contract that provided off-site storage and scanning services. With records dating back to 1930, and statutory obligations to keep documents for decades to come, LBH decided to store the documents it had to keep off-site, and scan the ones needed regularly in to their EDRMS so that staff and customers could still access them easily and quickly.

Daniel Cook, Corporate Records Manager, takes up the story: “TNT Business Solutions has been central to the work we do at LBH. We wanted an electronic records system to ‘open up’ the functional areas within the Council by facilitating information flows between the different business units.

“Our back scanning and off-site storage project has been managed by TNT and has really helped with this objective. We’ve now removed a lot of paper records off-site, which was crucial for LBH’s new service centre which opened in February 2010 where office space is at a premium.”

The solutionTNT manages the off-site storage and scanning for over 35,000 boxes containing a total of 30 million separate items, ranging in size from parking attendants’ notebooks to large A0 plans and drawings.

As well as off-site storage and bulk scanning, TNT has also worked closely with the local authority to provide an innovative ‘scan on demand’ service. This works closely with Hackney’s digital vision by

Call 0800 801 605Visit www.tntbusinesssolutions.co.ukFollow twitter.com/tntforbusiness

Not only is London Borough of Hackney one of the first Councils to complete the roll-out of its ambitious Electronic Document and Records Management System (EDRMS), it was also one of the first to combine outsourced off-site storage and scanning – meaning timescales and cost-efficiencies were maximised – thanks to its partnership with TNT Business Solutions.

reducing the paper-flow into the Council and allowing the organisation to destroy material once scanned, reducing their reliance on off-site storage, scan by scan.

Daniel added: “This is used when we know files are likely to be subject to high levels of retrieval. Instead of back-scanning all the records – of which 20% are required 80% of the time – files are barcoded, and when required the paper file is scanned and available to the Council by the end of the next working day.”

The benefitsTNT’s Business Development Manager Andy Lowe explains the benefits of the partnership approach: “LBH has certainly benefited as it’s given them much more control centrally – we work to stringent SLA’s which have increased accountability and tightened performance.

“We can be flexible and adaptable to their needs and requirements and the account management system we

have in place means that we can be quick and responsive if things need improving further.”

The partnership strengthened further with a major project undertaken by TNT in 2009 – namely the scanning of almost 5,000 index books for the Registrars Office. Andy explained: “This huge index – stretching back to 1837 to the present day – catalogues where Birth, Marriage and Death certificates are stored in the Council’s archives”.

The partnership between LBH and TNT is a showcase of best practice between private and public sectors. Zoe Rowland, Information and Knowledge Manager, added: “EDRMS not only brings the local authority closer together with the sharing of digital information, it also brings LBH closer to its customers.

“TNT has played a major part in reaching our objectives. It’s useful for us when they can think around the issues and come up with solutions that we know will be both cost-effective and also ultimately be more efficient and effective for the London Borough of Hackney.”

3789_TNT_Hackney_GovTech.indd 1 14/05/2010 12:07

ENTHUSIASM IS HIGHLY INFECTIOUSNext to take centre stage were the judges for the IT Service Professional of the Year category, Tony Ranson, SDI consultant and trainer, and last year’s winner from the University of Wolverhampton, Nalini Patel. For them it was one of the finalists that really stood out from the crowd by displaying to the judges a sincerity in his passionate pursuit of excellent customer service delivery. They felt his infectious enthusiasm which clearly motivated everyone around him. On handing the crown over the 2010 winner – Matthew John, support service delivery manager for The Internet Group – it became clear that this was a historical moment. This was the very first time in the history of the IT Service Excellence Awards that one company scooped two awards on the same night. The Internet Group were the first company ever to “do the double” by winning not only IT Service Excellence Supplier of the Year bur also IT Service Excellence Professional of the Year. Susan Story, judge of the IT Service Professional Of The Year award, said: “Matt is enormously proud of his team’s achievements. He is dedicated to delivering quality customer service, without compromising his values of integrity and innovation. He is, quite simply, an inspiration for every modern-day service desk manager.” IF AT FIRST YOU DON’T SUCCEEDOn his company’s double win, sales and marketing director, Mitchell Feldman added: “Winning these awards reinforces our achievement of 3 Star Service Desk Certification in November 2009. This proves that we have the maturity, disciplines and processes to provide a world class managed service.” The team at IPC Media was next awarded

IT Service and Support Excellence Large Team of the Year. Victorious for many reasons, not least because this was the third time that they had entered and the second time that they had reached the final, IPC’s head of IT services, Paul Stanley, said: “If at first you don’t succeed try and try again! This was our third attempt in five years at entering the awards and with hard work, commitment and belief, we got there. We’ve come a long way together as a team and service over the past few years, and it was such an honour to take this award back to everyone at the service desk as they are the ones that have earned it.” Also on the stage to collect the award on behalf of the IPC team was Michelle Ware, IT services liaison. Commenting on this prestigious award she said: “Receiving this award means a huge amount to our whole team but we don’t want to let it go to our heads. If you’re determined to be the best at what you do – and we are – it has to be a never-ending cycle. It’s our constant striving for perfection and innovation that makes our service desk such an exciting and challenging environment to work in and I am incredibly proud to be part of such a fantastic team.” CULTURE CHANGEHoward Burton of RM, a judge of the IT Service Large Team Excellence Award, commented: “The big difference in IPC’s award entry this year was the change in culture within their team. They demonstrated how well they work together to ensure their customers have the very best support and there is a real drive to help each other and improve. This was best demonstrated by all the staff spending time and effort on the front line. What a difference this has made.” The last award category of the evening

was for the IT Service Small Team Of The Year. The final battle was between the excellent IT service teams at Britvic, Skills For Care and Swinton Group. Announcing Swinton Group – Britain’s biggest high street insurance brokers – as the winners on stage, Ken Goff, a member of the judging panel, said: “This group of individuals embodies all of the qualities that you need to make a highly successful and motivated small team. Their passion, pride and positive attitude, combined with excellent customer awareness and knowledge (gained through staff secondment into the team), is a great endorsement of the way in which the team is managed, resourced and received by the customer community.” James Davies, also a judge for this category, added: “What most impressed me about the Swinton Group service desk was their real sense of passion and commitment to deliver service excellence. The necessary underpinning values and determination was evident throughout the team as well as a total sense of unity in delivering this level of success.”

CELEBRATING EXCEPTIONAL SERVICESumming up the awards, Howard Kendall told those who had gathered: “We are proud that the IT Service Excellence Awards have become such an important part of the IT support calendar. It is important to us at SDI, and to our members, that the outstanding achievements of service desk professional and teams are fully recognised by the industry. What’s more, despite the tough times that we’ve all been facing, there has never been a better time to come together and show how committed we are as an industry by celebrating the importance of providing exceptional customer service above and beyond expectations.”



THE FINALISTS AND WINNERS 2010

IT Service Team Excellence Award – Large Team• WINNER - IPC Media• Capita Education Services• BT’s N3 Service Team

IT Service Team Excellence Award – Small Team• WINNER – Swinton Group• Britvic plc• Skills For Care

IT Service Professional of the Year • WINNER – Matthew John, The Internet Group• John Noctor, head of Customer Services, ICCM• Liam Cross, ICT service desk analyst, NHS South of Tyne & Wear PCT

IT Service Supplier of the Year Cherwell Software• WINNER The Internet Group• Vivantio Ltd


Supplier of the Year The Internet Group’s Mitchell Feldman celebrates with Professional of the Year Matthew John

Suffolk County Council Legal Services.indd 2 06/07/2010 11:02


SHOWCASING EXCELLENCE, ACHIEVING RESULTS

AS THE COALITION GOVERNMENT pledges £6bn in spending cuts and over 600,000 job cuts planned within the next two years, everyone is feeling the pinch. Continuous worries within the public sector about job security and the future have led to an uneasy feeling across all industries, with organisations looking for ways to maintain operational efficiency whilst performing the required cuts in spending. At this time of economic struggle, with the country facing its worst cuts yet and with the official line being “make-do and mend”, Call Centre & Customer Management Expo 2010 is all about showcasing how customer service excellence is the best strategy for success, and how taking pride in being at the forefront of the contact centre industry, will keep you ahead of the game. Call Centre & Customer Management Expo 2010 offers ideas for low-cost technology implementations and people practices that can help reduce cost, while keeping citizen satisfaction. Offering a blend of integrated customer products & services, cutting-edge education programmes and unique networking opportunities, you can’t afford to miss this year’s event. Searching for a solution to a problem can take valuable time and staff away from the office, so if you have a problem that needs solving, an issue that needs addressing or a thirst for knowledge, Hall 9 at the Birmingham NEC is the place to be from 21-22 September. Central government departments especially, will be starting to look for help in cutting back, whilst facing the challenges of maintaining their high levels of customer service and productivity level while reducing costs. The prestigious Call Centre Conference, which runs alongside the exhibition, offers high-level, strategic sessions, which showcase learning experiences to inspire the very best ideas and forward-thinking conversations. The sessions also provide the latest information on how your organisations can thrive in the depression, and drive through the current climate to come out in a stronger position.

2010 SHOW FEATURESOver 200 suppliers of the latest customer contact and customer management solutions will showcase their latest services and solutions. Meet leading industry suppliers offering an array of products and services such as speech recognition, automated call distribution, computer telephony integration, interactive voice response and CRM software.

Confirmed 2010 exhibitors include: SAP, RightNow Technologies, IBM, Genesys, New Voice Media, NICE CTI Systems UK Ltd, Sage, Newvoicemedia, ProtoCall One, Interactive Intelligence and many more. Discuss anything from call centre operational efficiency to CRM upgrades in the Consultancy Clinic located on the showfloor. If you need advice to solve your business challenges, visit one of the leading industry consultancies for a drop-in private session. This year’s event will feature the biggest ever free educational programme. Following on from the success of last year, The Keynote Theatre, sponsored by Autonomy, will be showcasing six thought-leading speakers who will provide valuable insights and influential

thinking – all free to visitors. Already confirmed on day one Don Peppers, founding partner of Rogers & Peppers, discusses ‘Press ‘1’ to get lost: improving the contact centre customer experience’ followed on day two by Brad Cleveland, former president and CEO of ICMI, who considers ‘How every organisation must evolve to serve today’s always-on customers’. Brand new to 2010 are the three interactive peer to peer learning and networking workshops, which are packed with invaluable information. On day one Rufus Grig from Callmedia will give his insight on making ‘New technology work for you and your customers’ followed by Peter Coates who will analyse ‘The future of public sector contact’. Finally, on day two both Paul Weald and Mike Havard from

Save the date and register now for Call Centre & Customer Management Expo 2010 taking place on 21-22 September at the NEC Birmingham


CONTACT CENTRES

The old maxim ‘good customer service saves money’ has never been more relevant than it is today in the public sector. Events such as Call Centre & Customer Management Expo provide a chance to share ideas and develop new ways of delivering more with less – Simon Pollock, head of Customer Services, Surrey County Council

Video Feedback Collection

Survey Deployment

Marketing Campaigns

Advertising Services

Lead Generation

Centralised Management

Real-time Interactive Dashboards

Gain insight to your customer satisfaction levels across your entire site network instantly and in real time. Manage your feedback centrally; benchmark your sites; identify your weaknesses and leverage your strengths.

Full end to end solution available on a monthly lease plan, kiosks connect wirelessly to our national network. You only need a plug socket to start seeing the results.Call us now to discuss how we can build your end to end solution that will revolutionise your company.

0845 371 2292 www.experiencekiosks.com

To find out more or for a FREE evaluation of the impact of Qology’s queue management solutions in your contact centrecall 0800 878 6030 or email [email protected]

...without impacting customer satisfactionWith Qology’s virtual queuing and callback solutions you can experience:

www.qology.com

Boost contact centreefficiency...

*Typical results experienced in over 250 deployments worldwide

Stand C821st and 22nd

Septemberat the NEC

Call Centre ExpoVisit our stand at

• 10% increase in agent efficiency*

• 10- to 20-second reduction in handling time*

• 50% reduction in abandoned calls*

• Fewer calls queuing so fewer trunks required

• Fewer repeat calls / avoidable contact

• Reduction in peak staffing requirements

ProtoCall One will explore ‘How social media is changing the game for contact centres’.

CALL CENTRE FOCUS CONFERENCEThis year’s prestigious paid-for Call Centre Focus Conference, running alongside the exhibition, provides the very latest information and advice on how your business can strive to remain buoyant and recoup the desired competitive edge. With a choice of 24 insightful sessions, delegates will be given the opportunity to gain in-depth solutions, gleaning knowledge and advice from industry specialists. Sponsored by Vodafone and IBM, speakers include Neira Jones, head of Payment Securities, Barclaycard; Nick Lane, director of Strategy and Planning, Orange; Sarah Sargaent, head of CS People Programme, O2; and Lynda Campbell, general manger, British Gas.For more information on the quality educational content and big brand case studies as well as the special offers – single sessions just £69, go to www.ccfconference.com.

OTHER EVENT HIGHLIGHTSWith staff morale dwindling in the current economic climate, look to raise your workforce’s spirit by taking a stroll up the Incentive Avenue. Dedicated to helping find solutions to inspire and encourage the team, companies including Grass Roots, IM Creative, Sodexo, Team Spirit, Wellkom, Department of Health, Corporate Services, Phoenix Partners and SVM Europe, will be on hand to talk about rewarding and thanking employees. If you are looking to develop your team in key areas, the Learning and Development Zone is the place to meet companies such as Bray Leino, Kaplan Learning, JHP Training, DPG PLC, ISV Group, and Bridge Training and Events – all specialists in the field of customer service and contact centre training. Skills training and vocational qualifications, in-house and outside workshops, accredited in-company courses including NVQs, and BTECs

certificate programmes can all be found here. Make valuable industry contacts and swap ideas and strategies in the informal environment of the Networking Bar, sponsored by RightNow Technologies, while taking a break from the showfloor for lunch or a drink. Reserve your place at the industry event of the year. Call Centre & Customer Management Expo showcases not only improvements that can be made within your call centre but also brings together key individuals that will help you achieve unparalleled results. Join your industry peers to acquire invaluable business knowledge and share new ideas and best practice, and make a positive impact on your organisation. What’s more, if your call centre interacts with a field service department, bring your colleagues along to the co-locating Service Management Expo, taking place next door

in Hall 10. Your Call Centre & Customer Management Expo badge guarantees you free entry so no need to register twice.

SIX INSPIRATIONAL KEYNOTE SPEAKERSDelivered by the most motivational speakers, these six inspiring keynotes, are available to all visitors, containing a mix of revolutionary customer management techniques and cutting-edge thinking addressing the most topical issues the industry is facing today.On Tuesday 21 Sept at 10.45-11.30 Don Peppers, founding partner of Peppers & Rogers Group will take the session called ‘Press “1” to Get Lost: Improving the Contact Centre Customer Experience. Recognised for well over a decade as one of the leading authorities on customer-focused relationship management strategies,



LANTRONICS offers the industry’s most complete portfolio

of corded and wireless unified communications audio endpoints. Widely recognised for their sound quality, reliability and simplicity, Plantronics’ audio solutions help companies broaden the benefits of IP communications throughout the extended enterprise, fostering better business communications and efficiency regardless of where professionals are working. Plantronics is a world leader in personal

audio communications for professionals and consumers. From unified communication solutions to Bluetooth® headsets, Plantronics delivers unparalleled audio experiences and quality that reflect our nearly 50 years

of innovation and customer commitment. Plantronics is used by every company in the Fortune 100 and is the headset of choice for air traffic control, 911 dispatch and the New York Stock Exchange.


For industry views on unified communications, visit: http://ucblog.plantronics.com.For more information about Plantronics’ UC-ready products, visit www.plantronics.com/uc.

Plantronics – The Voice of Unified Communications™

P

CONTACT CENTRES

Motivation made easy

The Phoenix Partners3 Barrow Road, SilebyLeicestershire, LE12 7LWT: +44 (0) 1509 815 026W: thephoenixpartners.com

For more information and to arrange your demonstrationplease contact Joanne Faheyon+44 (0) 7850 279 276 or email [email protected]

incentivise-me.com on-line now and ready to support your motivation strategy…

Bring it on…

Transformation; Efficiency; Change; Doing More for Less; Cost Reduction (Absence; Presenteeism; Insurance)……

Biggest risks of not achieving these?

Biggest opportunities to succeed?

Interested in answers with a Guaranteed Return on Investment

Come and visit the WellKom stand;attend conference presentations;go to www.wellkom.co.uk or contacte: [email protected]: 01442 876748



Recognise achievement with Incentivise-me.com

NCENTIVISE-ME.COM is an off the shelf “points

means prizes” scheme used by companies and organisations to reward their employees. You set the targets and once they are achieved your employees receive points to spend at our online store. Incentivise-me is web based so you can speak directly to your participants via HTML e-newsletters as part of a supporting communications strategy. Incentivise-me is also extremely adaptable. Change the colour palette to match your corporate identity or adapt the gift list to reflect your employees’ needs. At the end of each month we will download reports to

measure the effectiveness of your campaign and then update you. So whether you want to reduce sickness, increase productivity or encourage recognition of a job well done – Incentivise-me.com is the reward scheme for you.


To learn more visit us at Call Centre Expo 21-22 September at the NEC, Birmingham or go to www.incentivise-me.com to download our brochure.Alternatively, please contact Joanne Fahey, sales managerTel: 01509 815026Mobile: 07850 [email protected]

I

The next generation of people management

ELLKOM is one of the international leaders in

3D Wellness Management, the next generation approach to business transformation. It combines expertise in health, people and business management in an integrated way to deliver rapid and sustainable improvements in performance and quality of life. WellKom was recently selected by the Health & Safety Executive to conduct a range of high performance reviews into different public sector organisations to independently validate the impact of the 3D approach – places available on a matched funded basis. WellKom has developed:• A global leading Wellness Profiling, Developmental and Reporting Package to reduce absence and presenteeism and improve productivity and service (software is selected by Investors in People as part of the development of their new health & well-being standard)• Action learning leadership

in 3D Decision Making to improve efficiency• Ways of measuring and improving the number of Brand Ambassadors• Accredited Skills Transfer Programme to develop own internal wellness network/offer new vocational qualifications in Personal Wellness Management and 3D Leadership• Wellness Community Cluster – regional/sector online Wellness Zone – an affordable, positive, proactive solution for all.


Tel: 01442 876748E-mail: [email protected]: www.wellkom.co.uk

W

an acclaimed author and a founding partner of Peppers & Rogers Group, Don Peppers will share his knowledge and expertise on why a majority of consumers are deeply dissatisfied with their call-centre experiences and how research shows they think call-centre technology is used principally to cut costs, even when that means diminished service. On Wednesday 22 September at 10.45-11.30, Brad Cleveland, former president and CEO at ICMI will look at how every organisation must evolve to serve today’s always-on customers.In this not-to-miss keynote, author and consultant Brad Cleveland – who has had a front row seat in his work with organisations across the globe – will define the deep changes taking place, and the steps you need to take now to prepare your organisation, your team and yourself to survive and thrive in the months and years ahead. He will discuss the confluence of economic pressures, cultural developments, and how the rapid rise of social media has fuelled fundamental changes that are leaving no organisation untouched. New for 2010 will be three interactive peer to peer learning and networking workshops. Packed with invaluable information, these workshops provide a unique insight into key issues, changing demands and challenges with the call centre industry.

DON’T BELIEVE THE HYPEOn Tuesday 21 Sept at 11.45-13:15 Rufus Grigs, managing director at Callmedia will take a session entitled ‘Don’t believe the hype – making new technology work for you and your customers’. As an experienced contact centre technology specialist within the call centre industry, Rufus will share expertise on the following topics; speech analytics, speech self service, unified communications in the contact centre, multi-site contact centre virtualisation, IP telephony in the contact centre, SIP trunking, PCI compliance solutions, integrated workforce optimisation, the unified agent desktop, supporting your web presence through multi-channel, and outbound dialling – meeting the latest Ofcom challenge. At 13:00-14:30 there will be a session on ‘The future of public sector contact – The view from the Local Government Contact Council’. It will be chaired by Peter Coates, Sunderland City Council & chair of the Local Government Contact Council who will be joined by Paul Conneely, advisor, IDeA; Vicky Sargent, press officer & marketing consultant, Socitm; and Simon Pollock, head of Customer Services, Surrey City Council. Having celebrated 20 years of working in local government with Sunderland City Council

this year, Peter has experienced developing, implementing, and managing information systems in many service areas. Together with Paul, Vicky and Simon, Peter will analyse what LGCC is, what trends the IDeA are noticing, web contact and its future and finally channel shift and channel strategies. On Wednesday 22 Sept at 11.45-13:15 Paul Weald, strategy director at ProtoCall One and Mike Havard, advisor to the Board at ProtoCall One, will take a session on ‘The impact of social media on the contact centre – opportunity or risk?’ Having worked in the contact centre industry since the early 90s and as a consultant for the past 12 years, with a strong focus on helping clients to achieve excellence, Paul will explore how social media is the new and emerging concept that the contact centre industry quickly needs to come to terms with. It offers new challenges that will require innovative thinking to resolve. This workshop is designed to be a catalyst for contact centre leaders to take action.


For more information and to register for free entry go to www.callcentre-expo.com



Improve efficiency without impacting on customer satisfaction

DUCATE your customers with

accurate information about current call wait times and empower them with the opportunity to receive a call back when at the front of the queue – reducing your need to staff up to peaks whilst removing the frustration they would otherwise experience whilst waiting on hold. Qology’s callback solutions typically achieve take up rates of over 50 per cent and successful reconnection rates of 97 per cent resulting in operational efficiencies including*:• 10 per cent increase in agent efficiency*• 10 to 20 second reduction in handling time*• 50 per cent reduction in abandoned calls*• Fewer calls queuing so fewer trunks required• Fewer repeat calls/

avoidable contact• Reduction in peak staffing requirements*Typical results experienced in over 250 deployments worldwide


To find out more or for a free evaluation of the potential benefits Qology’s callback solutions bring to your contact centre Tel: 0800 878 6030E-mail: [email protected]: www.qology.comAlternatively, visit us at Call Centre Expo 21-22 September, stand C8

E

Save time and money with Sage CRM solutions

INCE IT BEGAN with a conversation

between four people in a pub over a quarter of a century ago, Sage has grown into a FTSE 100 listed company with nearly 15,000 employees and 5.7 million customers worldwide. As we have grown, so have our customers. We are the third largest provider of ERP solutions worldwide and in every postcode area in the UK there are companies of all types and sizes using a business solution provided by us. Our applications include CRM, HR, Payroll and Construction and support public sector organisations from Health Authorities to County Councils. Sage CRM Solutions is a portfolio of market-leading applications consisting of ACT!, Sage CRM and Sage SalesLogix. Whatever the complexity and scale of your organisation and the solution you choose, Sage CRM Solutions provide insights into

all areas of your business. This allows for strategic management planning, collaboration amongst departments and true assessment of performance. Sage CRM Solutions can assist your business to increase profitability, reduce support costs, and boost customer satisfaction.


Sage CRM Solutions, Customer Development TeamNorth Park, Newcastle upon Tyne NE13 9AATel: 0845 111 9988E-mail: [email protected]: www.sage.co.uk/crm

S

CONTACT CENTRES

21 – 22 September 2010 | Birmingham NEC

201021 - 22 SEPTEMBER 2010

BIRMINGHAM NEC

Running alongside:

Showcasing excellenceachieving results

,

co-locating with:event sponsoR:

peop

le

stRa

tegY

out

souRcing

cust

oMeR ManageMen

t

At Europe’s no. 1 exhibition & conference for customer contact and integrated customer management solutions.

Register now with code GTMP1 for free entry to the exhibition at: www.callcentre-expo.com

tech

nologY



Keep your data safe whilst reducing paper and shredding costs

E HAVE SUPPLIED

schools and colleges with wipe boards for over 10 years. They have been used to aid literacy and numeracy within the classroom. Pupils can practice various exercises on the boards, then wipe them clean and start again, thus saving a great deal of paper. We have aimed the product at business users who take confidential details over the phone and have to shred the paper to safeguard the data. We have supplied various businesses and in particular call centres who have all benefitted from reduced paper consumption and shredding costs which is an obvious advantage in today’s climate. Gains in carbon footprint

reduction are made with the boards being manufactured here in the UK from recycled materials and the reduction in paper usage within the office environment. The boards themselves are

extremely durable, easy to use and easy to clean. They come as a standard A4 size, can be personalised on both sides should you require. They are supplied with a pen and eraser so that you can get to work and start saving straight away.


Tel: 0161 864 3256Fax: 0161 864 3517E-mail: [email protected]: www.datasafewipeboards.co.uk

W

Exprience Kiosks – advanced feedback technologies

XPERIENCE KIOSKS LTD

provide the latest state-of-art technology enabling companies to collect, manage and report on feedback (via video/audio/text), conduct surveys across their entire branch network, deploy visual advertising campaigns and allow customers to generate their own lead requests for additional products and services. This functionality is delivered on a lease basis through our touch screen, wireless Postremo kiosks. Our modular solutions enable you to increase your customer interaction channel offerings. We offer the full end-to-end [managed] technological solution from customer interaction to management systems and dashboard reporting; none of which require any infrastructure changes within your organisation. We are currently working with several FTSE 100 companies to provide solutions to improve

their service delivery and customer insight through our kiosk solutions. We are providing them with bespoke kiosk applications where requested. Representing a combination of industry

best-of-breed technologies, our products can be adapted to suit any organisation’s specific requirements. We have development centres across three continents working 24/7 so that enhancements to match your individual business needs can be turned around quickly, with the cost savings being passed directly back to you. Our solutions can be adapted to run-on, or integrate-with, your existing landscape systems.


Tel: 0845 371 2292Web: www.experiencekiosks.comE-mail: [email protected]

E

Audio search and speech analytics solutions

EXIDIA is the market-leading provider of audio

search and speech analytics solutions. Our patented technologies and breakthrough applications, enable customers to quickly gain new insight and intelligence, build competitive advantage and realise the amazing possibilities now discoverable in a contact centre’s call recordings. With implementations in outsourcing, banking, retail, collections, utilities and many other industries, Nexidia Speech Analytics is making a significant contribution to Quality and Operational Improvements, Compliance and Performance Management across the industry spectrum. This successful solution has won numerous awards, most recently – Professional Planning Forum 2010 Contact Centre Innovation Award and the Frost & Sullivan 2010 Award for New Product Innovation. Nexidia’s patented phonetic search engine is based on years of research and indexes 100 per cent of the content of all recorded calls and creates the most accurate index

possible for any spoken content. Nexidia’s proven ability to accurately search vast volumes of call recordings provides a formidable solution delivering reliable and meaningful business intelligence with the lowest total cost of ownership. Nexidia consulting-led engagements offer a wide range of flexible deployment options that provide proven, scalable and affordable speech analytics solutions to customers to enable them to instantly access calls and perform root cause analyses that: deliver unparalleled speed to business insight, improve First Call Resolution rates, reduce average handle time (AHT), increase operational efficiency and improve customer experience.


Tel: 020 8973 2400E-mail: [email protected]: www.nexidia.com

N

NICE Systems – a leading supplier of call centre solutions

ICE SYSTEMS (NASDAQ: NICE) is the leading provider

of Insight from Interactions solutions and value-added services, powered by advanced analytics in real time of unstructured multimedia content – from audio, e-mail and chat to social media, text messaging and video. NICE’s solutions address the needs of enterprise and security markets, enabling organisations to operate in an insightful and proactive manner, and take immediate action to improve business and operational performance and ensure safety and security. NICE has over 24,000 customers in more than 150 countries, including more than 80 of the Fortune 100 companies. NICE SmartCenter™ is the premier solution suite for helping companies optimise Customer Dynamics, with unique capabilities for capturing customer and organisation intent, analysing interactions and transactions for insight, and generating impact on the interaction and the business. NICE SmartCenter includes pre-packaged business

solutions that address specific business issues, including: Call Recording; Quality Management; Workforce Management; Cross-Channel Interaction; Analytics, Including Speech Analytics, Real-Time Guidance; Performance Management. These solutions include nine packaged offerings: Customer Churn Reduction; Sales Effectiveness; Customer Experience; Marketing Effectiveness; Collections Optimisation; Quality Optimisation; First Contact Resolution Optimisation; Average Handle Time Optimisation; Compliance Management.


Tel: 0845 2001000Fax: 08707 224500E-mail: [email protected]: www.nice.com

N


THE ESSENTIAL L&D EVENT

LOOKING FOR NEW WAYS to apply technology at work has, for centuries, been among the first potential solutions considered when managers want to find new ways to cut costs and increase efficiency. Replacing manpower with machinery has been well-established as an answer even before the Luddites objected to it. However, it was not until the era of the computer that the concept of automating managerial processes and skills could seriously be considered. With the dotcom boom at the turn of the 21st century came the growth of online or e-learning. The learning world has become constantly more virtual ever since. FINANCIAL BENEFITSThe financial benefits have always been a powerful attraction – the savings can be vast. It is not only the course costs – training presenters, travel and overnight stays, plus catering – that can be cut; there is also the benefit of reducing the time when staff are out of the office. More significantly, by introducing improvements much faster than if a face-to-face training course was rolled out, the savings possible through faster implementation of e-learning can be substantial. Mike Booth, learning technologies manager at Cable&Wireless Worldwide, states: “Undoubtedly, for this organisation, the financial benefits from greater efficiency and increased speed to market are the strongest, but not the only, attractions for using e-learning.” The new increased pressure on the public sector from the budget to cut costs suggests that greater use of e-learning will be on the agenda for discussion in the L&D departments of many national and local organisations in the coming months. NEW WAY OF THINKINGKim White, chief executive at i-CD, a learning organisation based within the University of Wolverhampton, observed that the cutbacks may prompt a new way of thinking about L&D and e-learning in the public sector: “Up to now, there have been sufficient staff in government departments to cover when an individual is on a course. In future, with fewer people, this may not be possible. The fact that e-learning can be fitted in to the working day as an hour a day may prove attractive to management in these circumstances.” There are other important benefits that accrue from e-learning beyond cost. Mike Booth highlights a few crucial advantages: “Consistency of approach; helping to

demonstrate compliance; training more people at the same time, even globally; and particularly flexibility – it’s always available, so learners can learn and refresh their knowledge where and when it is convenient or necessary.” As a new technique closely linked to fast developing technology, the presentation of content and the delivery methods continue to evolve. For instance, the magnetic power of computer games has been harnessed to engage learners in interactive learning, both as part of the process as well as for progress testing. KEEPING IT SIMPLEFrom the early days of e-learning when classroom training lessons were adapted to be self taught on computer screens, e-learning has moved on considerably. “There was too much emphasis on the technology,” comments Kim White. “What matters is engaging the learner. We keep the technology platform simple – broadband, Microsoft Office, clips on YouTube and podcasts.” Mike Booth notes: “Webinars have made a massive impact in the last year – now that they are technologically more user-friendly.” E-learning, including examples of its application in the public sector, will figure conspicuously at the World of Learning Conference & Exhibition – an event at which i-CD will be exhibiting and Mike Booth will be speaking. The essential event for L&D, the World of Learning 2010 takes place at the NEC in Birmingham on Tuesday 28 and Wednesday 29 September, where visitors will find extensive advice and the latest thinking on e-learning from the companies exhibiting, the free seminar presentations and the conference speakers. Among the leading e-learning providers exhibiting will be Atlantic Link, e2train, Information Transfer, iManage and Kaplan IT Learning. Many of these are leaders in the field and supply learning solutions to several high profile public sector organisations. For example, e2train’s clients include the Home Office, the Identity and Passport Service, Ofcom, the Environment Agency, numerous police forces and various NHS trusts, while Information Transfer works with The Arts Council, Magnox South (the government-assigned contractors responsible for decommissioning five nuclear sites on behalf of the Nuclear Decommissioning Authority), Leeds Teaching Hospitals NHS Trust, OffPAT (Office of Project and Programme Advice & Training – part of the Home Office), Thames Valley Police and the Bio Products Laboratory. Within the free seminars that are part of the exhibition there are several presentations

giving valuable advice on e-learning. Martin Belton, director of e-learning provider e2train, will be presenting a seminar on ’Ten rules for designing and delivering e-learning that works.’ Martin Belton highlights some of the issues behind his seminar: ”Today e-learning is used for more and more subjects. That means when you are commissioning and creating it there seems to be a near impossible amount of detail to consider. Certainly, creating good e-learning is about more than just good instructional design. For instance, budget is always an issue, even determining whether a programme is commissioned externally or created in-house. A clear vision of the desired learning outcomes is of course essential. But it is also useful to look at how often the course might be used, what its shelf life may be and how often updates might be needed. Accessibility should always be considered. Too often these demands are treated as a negative influence on creating e-learning instead of a real template for maximising the audience. “My presentation at the World of Learning will summarise the ten top pieces of advice for people about to create or commission e-learning for their organisation.” ’Digital natives – the challenge of the next generation learners‘ is the theme of a presentation by David Wortley, director of the Serious Games Institute. The Institute’s rapid adoption of media technologies has shaped its attitude towards learning and presents a challenge to educators, employers and society. David’s presentation examines the issues and solutions offered by technology, which will give real insight to those looking for inspiration in their learning activities. Piers Lea of LINE Communications will discuss some of the key aspects of blending learning technologies into an integrated approach, through highlighting case studies of blended learning success across Europe from Ford of Europe and British Airways. Additionally, using e-learning to boost training efficiency is the theme of a presentation by Mike Alcock, vice president – product evangelist at Kaplan IT Learning, featuring many examples of e-learning projects including British Telecom and Royal Bank of Canada.

WORLD OF LEARNING CONFERENCEThe industry-leading World of Learning Conference – the essential UK forum for L&D professionals – provides a cost and time efficient opportunity for delegates to learn from experts, peers and case studies, spanning two full days of invaluable insight on the current

The World of Learning Conference & Exhibition is the essential event for all senior learning decision-makers and buyers. Now there is no better time to ensure you are using the most cost-effective methods and solutions to deliver more successful learning results


LEARNING & DEVELOPMENT

issues of most concern to the industry. Chaired by BBC news broadcaster and presenter Nicholas Owen, the conference includes several sessions in which e-learning features as a core theme. Janet Cowie, group learning & development manager at Priory Group, and Owen Rose, managing partner of Information Transfer, will host an interactive workshop on ‘Developing the skills to deliver effective online learning’. This invaluable session will enable delegates to pick up advice and share knowledge and skills in producing e-learning results that are both effective and efficient. The presentation features Priory Group’s Foundation for Growth (FFG) programme, created by Information Transfer. By allowing Priory to complement or replace classroom training with e-learning, FFG has delivered reductions in the cost of training totalling millions of pounds. Before FFG, the “standard model” for training at Priory was half-day classroom-based training sessions. In addition to the costs of trainer, venue and travel, the most significant cost by far was backfill (cover) for staff attending the training. With FFG, backfill costs have been largely eliminated, as staff are able to complete e-learning modules during quiet periods on shift. FFG e-learning is carefully blended with other training channels and in many cases it is providing new training opportunities, rather that replacing existing formats. However, even taking a very conservative estimate, FFG has saved Priory over £5 million in direct training costs since its launch in late 2005. The closing address of the Conference will be

presented by Mike Booth, learning technologies manager at Cable&Wireless Worldwide, on the theme of ’More learning, less time, money and resource – achieving this through technology’. He will answer questions such as how to assess the technologies available and understand where they are relevant and how they join up, the effective use of webinars for timely large-scale learning, and how to create e-learning solutions that are more time effective. FREE-TO-ATTEND FEATURESIn addition to the conference and free seminars, there will be many other free-to-attend features on the exhibition floor. New learning techniques can be discovered through a range of exhibition features, including: the new Social Media Zone, which will uncover the value of social media networks and their full potential in learning; Professional Development Zone, where L&D professionals can consult experts one-to-one about all aspects of their career development; and the Skills Workshops, in which expert advisors will lead tailored group workshops that will teach visitors how to put learning on the agenda, develop internal coaching skills and make a case for informal learning. The International Zone, facilitated by UK Trade & Investment (UKTI), will also provide a unique opportunity for international buyers and decision-makers to meet with leading suppliers of L&D products and services. Several regular features at the World of Learning Exhibition will also return this year, including The Trainer Base, Experiential Learning Zone, Workplace Wellness Zone, Product Demonstrations and Presentations and the Business & Networking Lounge, all of

which offer invaluable opportunities to find out about new approaches within L&D. Each of these specialised zones and features are free to attend for both exhibition visitors and conference delegates, providing them with the ideal opportunity to source, research, test and evaluate the latest learning solutions.

DELEGATE BENEFITSConference delegates will not only benefit from the knowledge and tips they’ll receive from attending the conference, but they will also receive a Continuing Professional Development (CPD) Certificate of Attendance, free access to LM Matters’ 50 Lessons and Harvard ManageMentor, and the facility to ask the speakers to address specific learning issues. Those who book and attend the two-day conference will receive a free Toshiba HD camcorder. Early booking discounts are also available until 27 August 2010, entitling delegates to up to 30 per cent discount. Full details, including terms and conditions, are available at www.learnevents.com.


For more information, to book conference sessions or to pre-register to visit, please see www.learnevents.com or call +44 (0)20 8394 5171.



LEARNING & DEVELOPMENT

EVENT INFORMATION

Hall 18, NEC, Birmingham

Opening times:10:00-17:00 Tuesday 28 September 10:00-16:00 Wednesday 29 September

TL GROUP LTD is a leading UK based provider of e-Assessment solutions. For over 25 years, BTL

has been helping organisations to develop and deliver large scale e-Assessment and e-Learning programmes by using their own reliable, secure and robust technologies. Surpass®, BTL’s comprehensive e-Assessment platform, is the most commonly used high stake e-Assessment platform in the UK Awarding Body Market. Surpass is an easy-to-use platform that is designed to create innovative assessment questions and provide an engaging user experience whilst maintaining the integrity of the assessment. The Surpass system supports a wide range of e-Assessment delivery options, including:• Browser• Secure Online• Secure Offline• Secure Roaming (used by mobile assessors)

• Paper• SCORM Package (1.2 and 2004)• IMS QT 2.0 PackageBTL has an experienced and dedicated team of professionals who specialise in all aspects of e-Assessment. BTL provides a complete range of e-Assessment services including: consultancy, project management, training, testing and custom development.

BTL e-Assessment solutions are used by some of the leading certification boards in the UK including: AAT, AQA, The Actuarial Profession, City & Guilds, EAL, NCFE, SQA, TDA and WJEC.


Tel: 01274 203250E-mail: [email protected]: www.btl.com

Developing and delivering leading e-Assessment solutions

B

Based on Microsoft Office Communication Server, InTechnology’s hosted Unified Communications solution is a unique set of integrated hosted voice and messaging services including e-mail, instant messaging, presence, shared calendars, shared desktops,

video calling, conferencing, and as a UK first… integrated IP telephony.

To find out more on how inTechnology can help your business unify its communications,

call 0800 983 2522 today.

Voice - the final link in the chainInTechnology’s managed Hosted Unified Communications Service with integrated IP telephony offers businesses a lifeline.

www.intechnology.com INT100001

Gov ad.indd 1 18/01/2010 10:58



The publishers accept no responsibility for errors or omissions in this free service

360°IT 16

Advance ITSM 63

Asforprint 70

BTL Group 77

Capgemini 20

Call Centre Expo 74

Cherwell Software 58

Condico Mobile 63

EMC 6

Enline 14

EquaTerra 19

Equanet 8

Experian 43

Experience Kiosks 70

Exponential-e 34

Future-Tech SCI OBC

Hornbill 64

Idappcom 17

IP UserGroup 36

ITopia Consulting 22

Kingston Technology Europe 53

Kodak 4

LogRythm 40

Midas FMS 48

Minerva Business Systems 48

MRG Systems 2

Nedap Aeos 10

Netsupport 60

Nexidia 75

Nice Systems 75

Plantronics 71

Qology 70

Rugged Mobile Systems 63

Sage CRM Solutions 68

Socomec Sicon 10

Sourcefire 24

The Phoenix Partners 72

Touchstone Group 8

txttools 55

Wellkom Corporate Services 72

World of Learning IBC

Xerox (UK) 44

ADVERTISERS INDEX

Register for FREE ENTRY at www.learnevents.comor call +44 (0)20 8394 5171

Your essentialL&D event

28 & 29 September 2010 • NEC Birmingham

The World of Learning will provide you with: Valuable insights from high profi le experts and case studies in the world class conference

The latest products and services on the market from a wide range of leading L&D and HR suppliers

An invaluable opportunity to share experiences and learn from others

Inspiration, advice and ideas to tackle the challenges facing L&D and HR in a tough market

Save up to 30% on your conference

booking before

27 August 2010!*

*Terms and conditions apply; see website for details

WORLD OF LEARNING CONFERENCE IS A CERTIFIED CPD EVENT

IN ASSOCIATION WITH:

SUPPORTED BY:

PUBLIC SECTOR MEDIA PARTNER:

Interested in increasing your energy efficiency?

0845 9000 127

Whether you are looking to improve an existing facility, design and build a new Data Centre or sign up to the EU Code of Conduct, working with Future-Tech ensures you have a partner with the experience and expertise to make your project a success.

For further information call or visit our website

Government Technology volume 9.5

Documents

Transcript of Government Technology volume 9.5