Page 1 of 20
Sophie Callahan [email protected]
Date: 30 September 2019 Our ref: FOI_1355 Your ref:
Dear Sir / Madam
Freedom of Information Act 2000
Your Request for Information relating to ICT strategy
Thank you for your request for information concerning the above. The Council does hold some of the information and our response is detailed below:
• Please can you direct me to the authority's current ICT strategy? • Does the authority use or is planning to use Azure or any other cloud hosted services? • If you are currently using, or planning to use Azure, AWS or Google; what are your main drivers and goals? Response I have attached the ICT Strategy as Appendix A With regards the remainder of your request, it has been considered and although the Council may hold the information you have requested, your request is refused under Section 31(1)(a) (The prevention or detection of crime - Law Enforcement) of the Freedom of Information Act 2000. Provision of the information you have requested, when taken in conjunction with information already publicly available, could be used to identify strengths and weaknesses of Sunderland City Council’s ICT security and allow the security of public organisations to be rated against each other, thus being prejudicial to the Council’s ICT security. The public interest test has been considered and it has been decided that the damage that could be caused as a result of providing the information outweighs the public interest in providing the information.
I hope this is satisfactory. If, however, you remain dissatisfied with our response to your request for information, you may request a further review within 40 calendar days of the date of this response. FOI reviews are removed from the Directorate and coordinated by the Information Governance Team. A request for further review should be addressed to the Information Governance Team, Commercial and Corporate Services, PO Box 100, Civic Centre, Sunderland, SR2 7DN. If this fails to resolve your concerns then you have the right to apply to the Information Commissioner for a decision.
Yours faithfully
Page 2 of 20
Liz St Louis
Assistant Director of Digital and Customer Services
Page 3 of 20
Appendix A
ICT Service
ICT Strategy to 2021 Version 0.2
July 2019
Page 4 of 20
Quality Control
Audience ICT Internal and External Stakeholders
Purpose To describe the strategy relating to the ICT Service
Document Title ICT Service-ICT Strategy- 0.1
Reference ICT Service-ICT Strategy- V0.1.doc
Document Status Draft
Version 0.2
Issue Date 11/07/2019
Prepared By Liz St Louis
Governance and Review
The delivery of this strategy is the responsibility of the Assistant Director
Digital and Customer Services and the ICT Leadership Team. The document
will be formally reviewed and updated annually, and the action plan
continuously updated with progress monitored by the ICT Leadership Team.
Version Name Comment Date
0.1 Liz St Louis First draft 09/07/2019
0.2 Liz St Louis Final draft 11/07/2019
Page 5 of 20
Section 1: The Strategy
1.1 Introduction
This document sets out the Strategy for the ICT Service to 2021. It describes the service
we want to provide for our customers and the actions we are going to take to achieve
this. It will help us focus our efforts and align our resources accordingly.
We aim to deliver an accessible, responsive and professional service for our customers
and this is how we would like our customers to describe us;
To achieve this we will deliver an ICT Service that places the customer at the centre of
what we do and;
• Protects our customers’ data;
• Focuses on opportunity and development for our employees;
• Recognises the need for horizon scanning and research and development;
• Provides quality and consistency across the service offers;
• Is more commercially focused; and
• Provides value for money.
1.2 Context and Key Drivers for Change
This Strategy will ensure the ICT Service is aligned with the direction of travel for the
Council and the wider city to 2021. The ICT Service will continue to aim to be a provider
of choice, serving the future Council, alternative service delivery models and, where
appropriate, partner organisations. The context within which this Strategy operates and
the drivers for change are as follows;
a) Supporting the Delivery of and becoming ambassadors for the City Plan and the Key
Priorities;
I trust and respect ICT because they are approachable, supportive and honest, they explain things and when I want to do something they help me make it happen. The
service is great value, reliable and they keep me and my data safe.
Page 6 of 20
Link to City Plan
b) Changing Business Needs;
• Analogue to digital;
• Increasing requirements for a more mobile workforce;
• Increased compliance (GDPR, PSN, ISO27001, PCI, DSP Toolkit);
• Greater requirements for internal and external collaboration;
• Increasing requirements for internal and external self-service; and
• Expectation for ICT to be ‘always on’.
c) Developing Technologies;
• On-premise, Hosted or Hybrid solutions;
• Security – developing software and ‘security as a service’;
• Keeping all of our hardware and software up-to-date and
• New technological advancements.
1.3 Improvements
In recent times we have been getting better in a number of areas including;
- Communicating and collaborating - with customers and - Information security
within the Service - Delivery
- Leadership – enhancing our reputation and relationships - Managing projects
- Resilience, reacting quickly and working together - Working with data
- Learning from others
Page 7 of 20
- Workforce development - Incident Management - Contract management
opportunities - Change Management - Finance / providing value
- Succession planning - Patch Management for money
- Involving the right people - Business Continuity / - Account management
- Training Disaster Recovery (3rd parties)
- Application utilisation - Investment in technology
We must now continue the effort and maintain the focus with continual improvement
embedded as standard.
1.4 Areas of Focus
The areas where we do now need to focus our efforts include;
- Early engagement and - Research and development - Workforce development
forward planning: - Technical Architecture - Resourcing for projects
- Bringing people with us Strategy (TAS) - Providing more opps
- ICT role as enabler - On-boarding/off-boarding of i.e. volunteering/service
not driver Services & user adoption ambassadors
- Project completion & closure
- Collate/act on customer insight - Problem Management - Documentation
- Third party account delivery - Release Management - UAT and sign-off
- Proactive Monitoring - Consistency across
- Asset Management service offers
We will build these areas of focus into our action plan or embed them as standard within
the service offer and within our existing policies and working practices.
1.5 The Service we Offer
The inner circle of the diagram below shows the individual components of the service we
offer to our customers. There are some underlying themes which apply to these
components such as ‘information security’; these are set out in the pink boxes. In
addition, we have some processes and working practices which govern the way we
Page 8 of 20
Intelligence & Reporting
Proactive Monitoring
Customer Support Information Security
manage our business, such as TAG. These are set out in the grey boxes. Finally, the
blank boxes represent the processes and working practices we will be defining and
delivering in the future as part of our action plan, such as ‘problem management’.
1.6 Measurement of Performance
We continuously monitor and measure the service we deliver to our customers against
key performance indicators approved by the Chief Executive's Performance Clinic, and
which we report against quarterly. Our actual performance for 2018/19 and our targets
for 2019/20 are set out below;
Network Service -Firewalls, Switches,
Routers
Desktop Service - local, VDI
image, desktops
Application Management & Delivery - Build, Support, Secure,
Maintain
Communications Service -
Telephony, Skype, IM, Mail
Data Management - Access, Storage,
Back-ups, Recovery
BCDR Incident
Management
Technical Advisory Group
(TAG)
Change Approval (CAB)
Page 9 of 20
Measure Performance 2018/19
Target 2019/20
End to end core application availability at core sites
99.64% 99%
Availability of core data networks at core sites 99.31% 99.9%
Number of severity 1 incidents 5 <5
Severity 2 incidents not fixed or workaround in place within 10 working hours
2 <6
Incidents resolved within agreed timescales 97.23% 96%
Service requests resolved within agreed timescales
99.10% 96%
System or device unavailability as a result of a cyber-attack
11 0
1.7 Guiding Principles
We have developed a number of principles to guide our work though to 2021. These
principles will help us deliver our aim and our objectives set out in section 1.1;
• Customer focused and enabling – ensuring our technology solutions are
designed around our customers’ needs;
• Forward thinking – embracing new technologies and providing opportunities
for staff through training, development and horizon scanning;
• Secure by design – ensuring security is integral to all technology decisions
from the outset;
• True to the TAS (Technical Architecture Strategy) – designing technology
solutions that are platform appropriate and align with our technology
architecture strategy; and
• ICT rules of engagement – ensuring all of our customers and suppliers
operate in accordance with our operating model and standards.
Page 10 of 20
Section 2.
2.1 Improvement actions
To deliver the Strategy we have identified a number of improvement actions which will help us deliver our aims and objectives. The action plan will continue to be reviewed and updated on a quarterly basis and will be governed by the ICT Leadership Team.
Priority Action
To Do List Update
1. Customer Priorities Martin Duncan/Chris Bartlett/Sharon Lowes
At a Glance We will act as an enabler to deliver the ICT elements that support our customers' service plans. We will work to align our priorities with theirs in order to help deliver the desired outcomes. Success Outcomes
• Managed programme of work with clear areas of ICT involvement
• Appropriately timed ICT involvement
• Delivery of customer defined outcomes
❑ Support the various programmes of work with an ICT element across all areas of the Council – ongoing to 2021
❑ Develop the Relationship Management and Customer Engagement functions to better understand our customers and their future plans – ongoing to 2021
❑ Ensure that the ICT programme aligns with our customers' priorities and delivers maximum value for their investment – ongoing to 2021
❑ Manage our customers' expectations in the light of our own capacity to deliver them – ongoing to 2021
❑ Stay abreast of current trends and best practice with regard to how ICT is being used in the public sector – ongoing to 2021
❑ Constantly develop communications and levels of understanding between ICT and our customers – ongoing to 2021
Quarter 1:
• ICT Service Offer to schools shared as part of the corporate SLA process
• Springwell Dene relocation continues; including supporting the Link School to replace their kit
• Work with Neighbourhood Directorate in relation to the Regional Health Information Exchange (HIE) including procurement of HSCN connection.
• Continue with implementation of ICT requirements for The Beam (Vaux Building 1)
• Development of the work programme to implement the new Enterprise Agreement with Civica for Revenues and Benefits
• Implement the new Registrars system for archive records and certificate ordering
Page 11 of 20
• Work with the Port of Sunderland and its partners to establish a programme for ICT infrastructure improvements
• Continued work with Neighbourhoods Technology Forum.
2. Deliver the ICT Requirements for the new City Hall Martin Duncan At a Glance Gather requirements and define the phases of work required to provide state of the art ICT facilities at City Hall for staff and public. Success Outcomes
• ICT enables Council staff in City Hall to adopt the new, more flexible ways of working consistent with the vision set out for the building
• ICT enables high standards of customer service to be provided for the public who will visit and make use of the building
✓ Definition of requirements and delivery of WAN specification Q1 / Q2
❑ Definition of individual service area ICT requirements Q2
❑ Definition of Public Realm ICT requirements Q2 / Q3
Quarter 1
• Complete work packages for Wide Area network, comms room and cabling design
• Begin to gather requirements for individual service areas
• Initial consideration of public realm ICT provision e.g. WiFi
3. Security
Richard Wright At a Glance Build a security culture across the organisation that protects our data maintaining
• Confidentiality
• Integrity
• Availability
Success Outcomes
✓ Passwords – target users with weak passwords
Patching – fundamental requirement to have systems patched.
❑ Obsolete software and hardware is a risk
✓ Mobile Security
❑ Compliance - PSN, ISO27001, GDPR, PCI, NHS Data Security and Protection.
GCSX email and PSN replacement. SIEM (NCSC LME)
Quarter 1 • MDM/MAM rolled out alongside elements
of Office365 such SSPR
• Increased support and guidance for procurements involving hosted data
• Successful use of Apprenticeship scheme to recruit and train staff
• Continued ISO27001 Certification
• Further security certifications for staff
Page 12 of 20
• Complete the basics moving them into ongoing process
• Build up a Security Operation Centre – monitoring, analysing, testing and reporting
• Weak password checker used to lock accounts.
• PCI Completed (Museum)
• Ongoing targeting of obsolete Software
• GCSX email removed.
• NHS DSP Toolkit
4. Technical Architecture Strategy (TAS) Liz St Louis
At a Glance The TAS will inform deployment and lifecycle planning of technologies with full consideration for financial, resourcing and procurement implications to ensure the ICT service offering remains fit for purpose and continues to meet our customer's needs. Success Outcomes
• Current technical architecture fully understood and documented
• Lifecycle planning of all technology components identified - mainstream/containment/retirement
• Forward planning in place informing financial, resourcing and procurement implications for changing technologies
• TAS informing technical decisions and maximising enterprise investments
✓ Agree all of the technical components to be included - Complete
✓ Define the template for data collation and complete for each technical component – Complete
✓ Collate the individual components into an overarching technical architecture position – Complete
✓ Agree the rationale, principles and key considerations for the TAS – complete
✓ Undertake an initial review of the infrastructure side of the TAS – complete
Agree the roles/responsibilities to be included within the administration and management of the TAS – underway
Define the standards and processes – underway
Agree the reporting mechanism/frequency – underway
Undertake an initial review for the Applications as part of the TAS
Quarter 1
• Workshop held to review and build upon the rationale, principles and key consideration for the TAS
• Action plan for the infrastructure components of the TAS reviewed and updated
• Next steps agreed, and further session will take place in October
5. Service Mapping Scott Butler
❑ Implement Mapping management system – Q2 2019
Quarter 1
Page 13 of 20
At a Glance Create service maps that show the associated mix of IT components both hardware and software and their interdependencies that make up each IT service
▪ To be service driven, not solution or specific technology driven. I.e. E-mail, calendaring, document sharing, collaboration, Instant messaging etc.
Success Outcomes
• Clear and concise core ICT services mapped and articulated within ICT service and to the customer base
• Enable efficient and effective service delivery, meeting the customer requirements
• Clear understanding of the services provided by ICT
❑ Map all core service components with clearly defined end-to-end services - Q2
❑ Alignment of supporting service components, processes and dependencies - Phased tbc 2019
❑ Alignment of resourcing and skillsets to enable service delivery - Phased tbc 2019
❑ Ensure services are documented, processes are articulated, and ICT staff are engaged in the delivery and support of core services as per the service maps - Phased - commenced Q3 2018
❑ Deliverables
o Service map documentation o Resource requirements/roles o Research & Development
requirements defined
o Communications plan for the services
o Training requirements captured
• 3rd party engagement prior to installation of solution
• Review of supplied documentation to determine technical requirements
• Installation of iQuate applicance / firewall configuration
6. Transition to Windows 10 (including end user device refresh) Elaine Redpath
At a Glance Windows 10 to be rolled out to all customers on desktops, laptops and Wyse devices. Thus providing a supported operating system which can run Office 365 Pro Plus suite which is required to take full advantage of Office 365 functionality.
✓ 1 year Head-Start Engagement with Microsoft to assist with creating a base operating system that meets security standards - commenced Q1
❑ Package all applications using System Centre to be delivered on the Windows 10 platform by end of Q3
❑ Introduce a new two factor authentication method for all customers. Kicks off with a Microsoft engagement Q2
Quarter 1
• Device procurement issued via framework
• Application Packaging continues
Page 14 of 20
Success Outcomes
• Windows 10 to be fully rolled out to our customer base with a scheduled programme of work to maintain to latest release levels
• Applications all delivered via System Centre and within VDI via Application Layering
• Secure two factor authentication
✓ Upgrade Citrix environment to latest long service release Q2
❑ Procure devices to commence the Windows 10 rollout
❑ Commence rollout out of Windows 10 on physical devices by end of Q3
❑ Develop and document Windows 10 on-boarding process to allow us to adopt an annual update
7. Office 365
Liz St Louis At a Glance Implementation and adoption of Office 365 including;
• One Drive • Exchange on-line
• Enhanced mobility & security (EM&S) • New Intranet Site & Service Hubs
• Teams Success Outcomes
• Office 365 fully rolled out across our customer base
• New features and functionality fully understood and maximised
• Smarter ways of working implemented and efficiencies realised
✓ March 2019 – O365 desktop &One Drive released
✓ April/May – Exchange On-line, MDM/MAM, open calendars released
✓ Active business champion network in place
Release of Phase 3 functionality; intranet/service hubs and Teams
Review and creation of policy documentation
Focus on effective change management and end user adoption
Quarter 1
• Exchange On-line, MDM/MAM and open calendars released to all business areas with the exception of Elected Members who will follow in July
• Significant preparation for Phase 3 activity including a two day workshop with Sword
• Ongoing development of the business champion network
• Ongoing communications, training and user adoption activity
8. SAP Optimisation
Dave Bulmer At a Glance
✓ Deliver a technical update of the SAP ERP and SRM solution - complete
✓ Deliver a Unicode conversion via an upgrade and conversion process - complete
Quarter 1
• E-Payslip rollout o Together for Children o Sunderland Care & Support
Quarter 2
Page 15 of 20
Update and upgrade the existing SAP landscape to the latest available platforms and versions. Enable operational efficiencies.
Improve functionality and overall user experience. Introduce self-service capability; Employee and Manager. Success Outcomes
• Stability and Support - achieve SAP standard levels for support and maintenance and consistent interfaces with third party systems
• Operational Efficiencies - remove unnecessarily complex operational processes, improve end-user experience, maximise use of available functionality, introduce self-service, as a minimum, for employee and manager
✓ Upgrade the Oracle data base to the most recent supported version - complete
Implement Employee Self Service and Manager Self Service – (Q2 ESS) (Q3 & Q4 MSS and Additional ESS)
Enable and configure access to new HR / Finance / SRM functionality including e-invoice capability / workflow approval processes - (Q3)
Reduce process complexity through form and input streamlining - (Q3)
Improve reporting capability and business warehouse integration with internal management systems - (Q4)
Provide a flexible and comprehensive catalogue management capability - (Q3)
Embed any additional controls from the upgrade to accounts payable and payment processes
✓ Review SAP licenses and support arrangements to ensure best value - complete
• ‘My Profile’ Applications (ESS – SCC AD Users) incorporating:
o My Profile o My Communication o My Bank Details o My Pay Stubbs o Personal Details o My Addresses o Employee Look-Up o My Services
• ‘My Profile’ Applications (ESS – Together for Children)
• Oracle upgrade to the full SAP estate
9. Telephony Replacement Brian Scott At a Glance Replace the aging Avaya telephony system with a cloud based telephony system incorporating;
• Standard digital telephony services utilising a One Cloud Cisco system
• Contact Centre facilities utilising Next Generation Contact Centre system
• Voice recognition.
✓ Continue the rollout of Cisco handsets to all smaller sites and work through any identified issues. Q1
Schedule 4 large handset deployments at major sites. Q2
On-board the Contact Centre onto the CCNG platform. Q2
Decommissioning of old Avaya service by the end of Q3
Quarter 1
• Over 1200 handsets deployed but the level of issues encountered have delayed the rollout to the larger sites until BT fix the outstanding problems.
Quarter 2
•
Page 16 of 20
Success Outcomes
• The replacement of the old Avaya service.
• Reduction in call charges incurred by the council
• Incorporation of current Featurenet estate into the service where possible.
• Reduction in maintenance & support overheads & the implementation of an “Ever-Green” solution
10. Network Refresh
Elaine Redpath
At a Glance Refresh the core network equipment which is beyond its end of life date and is no longer supported
Success Outcomes
• Replacement/update of end of life network kit including;
• Core/Distribution network routers at Moorside and Jack Crawford House Data Centres
• Juniper network equipment at both Moorside and Jack Crawford House
• Supporting Wireless infrastructure
✓ Revision of procurement document for review by peers and procurement by start of Q2
✓ Procurement process to be underway by end of Q2
✓ Award of contract by end of Q3
Rollout of all core kit including wireless to be completed by end of Q4
Rollout of optional sites during Q1 & 2 2020
Quarter 1
• Network procurement process commenced with supplier workshops and evaluation of bids completing in May/June 2019
11. Replacement of Back-up Solution Elaine Redpath At a Glance
✓ Revision of procurement document based on learning from network procurement exercise
Issue of procurement by end of Q2
Award of contract in Q3
Quarter 1
• Procurement document finalised
Page 17 of 20
Undertake a procurement to replace the back-up solution for the Council including an option for back-up for cloud based storage. Success Outcomes
• The ICT Service has a back-up solution which is fit for purpose and meets business needs
Implementation of new solution during Q3/4
12. Review of Virtual Desktop Infrastructure Elaine Redpath At a Glance Undertake a complete review of the desktop infrastructure to determine the most optimum desktop solution(s). Success Outcomes
• The ICT Service provides a fit for purpose desktop solution(s) which is fit for purpose, meets changing business needs and is future proofed
Discussion with Gartner around the future of Citrix and suitability for the organisation moving forward – Q2
Discussion with trusted third party around future Citrix developments – Q2
Review and feedback options around the Citrix estate to the O365/W10 technical group in Q3
Quarter 1
• n/a
13. Replacement of Secondary Data Centre Elaine Redpath At a Glance Undertake a full review of the options for a secondary data centre to provide resilience and business continuity for the Council. Success Outcomes
• The ICT Service has a secondary data centre which is fit for purpose and meets business needs
Map out considerations around the replacement of JCH from an infrastructure perspective in Q2
Engage with Gartner to understand trends around secondary datacentres in Q2
Further investigation of options based on the outcome of the first two points in Q3
Solutions Proposal submitted by end of Q3/start Q4 for discussion at TAG and LT
Quarter 1
• n/a
14. Replacement of the Server/Storage Infrastructure
Review current and projected requirements
Quarter 1
• n/a
Page 18 of 20
Elaine Redpath At a Glance Our server infrastructure will be 5 years old in 2021, so a full review will need to be completed to determine and inform how we replace this in a timely manner Success Outcomes
• The ICT Service will have a server infrastructure fit for purpose that meets the needs of the organisation
Soft market testing to provide understanding of new technologies
Determine requirements
Engage procurement exercise
15. Service On-boarding Steve Piercy
At a Glance Protect all systems' availability, throughout the lifecycle, by ensuring all relevant requirements, configuration details and support information captured is kept relevant.
• Capture requirements for on-boarding (OAC)
• Identify key information capturing opportunities
• Embed within Service
Success Outcomes
• Robust, documented and repeatable process for on-boarding new services into the standard ICT service offering suite
• ICT Service staff awareness and compliance of the on-boarding process via clear communication and standard processes
✓ Kick off meeting to agree overall approach and responsibilities for OAC
✓ Identify core aspects of a service which, collectively, ensure the appropriate availability, stability and timely incident resolution of any given system – Q4
✓ Identify teams/roles responsible for collecting the information – Q4
Identify most appropriate location to
store information - Q2
Identify key stages where information will require amending – Q2
Embed requirements within ICT Service processes – Q2
Embed compliance checks within ICT Service processes (Change Management) - Q2
Quarter 1
• Work began to identify most appropriate location of each item; mainly Sostenuto and SharePoint.
Page 19 of 20
16. Problem Management Steve Piercy
At a Glance Create and embed processes to ensure underlying issues to systems are appropriately identified, prioritised and investigated to restore full service operational status within appropriate timescales.
• Identify issues
Success Outcomes
• Quicker identification of problems
• Reduced service impact through speedier resolution of underlying issues
Define a problem by, for example, no of incidents/impact of incident
Identify ownership of problem, throughout lifecycle
Prioritisation and allocation of resources to problem management
Reporting strategy of ongoing and resolved problems
Embedding within ICT Service
Quarter 1
• Scheduled to begin Q2
17. Asset Management Scott Butler
At a Glance Review and re-implementation of ICT asset management processes. Success Outcomes
• Efficient and effective management of all ICT owned / managed assets (hardware, software and licenses)
• Standardised processes for managing the asset register
• Staff awareness and compliance of asset management processes via clear communication
• Robust standard reporting solution
❑ Define the ICT service and organisational requirements in terms of asset management – Q2
❑ Perform Options Appraisal of Asset Management Solutions, based upon operational and ICT and organisational requirements - Q2
❑ Implement new processes based upon Options Appraisal - Q2
❑ Define roles/responsibilities - Q2 ❑ Implement periodic stock-take - Q2 ❑ Communicate and educate within the
ICT service - Q2/3
❑ Embed asset management processes into all relevant processes (starters, leavers, movers etc.) - Q2
❑ Deliver standard reporting solution - Q2/3
Quarter 1
• Review of ICT assets from HoS returns, Sostenuto Records and System Centre reports.
• Asset Management options appraisal work (review Q2)
Page 20 of 20
18. Workforce Planning Liz St Louis At a Glance Continual review of the workforce plan to ensure all resources are fully aligned to the current service offering with changes properly resourced and fully accounted for. Success Outcomes
• The ICT Service has the right people, with the right skills, in the right place at the right time
• Staff development opportunities are maximised
• The ICT Service provides value for money
❑ Identify training and development needs – across all Quarters
❑ Ensure appropriate performance managements arrangements are in place across the service
❑ Ensure the new appraisal system is deployed and adopted
❑ Ensure all changing technology and service needs are properly accounted for and addressed
Quarter 1
• New structural arrangements live wef 1st
May
• New Business Assurance post advertised and successfully filled with apprentice levy attached to the role
• New SAP Basis post created
• Training needs reviewed and new training requirements identified