To protect and serve

John Suffolk John Suffolk, the government's chief information officer, spoke to Rupert Kendrick about the trials and tribulations of his work.

'It's my job to make it happen!' exclaims John Suffolk, when I ask him to describe his role as government CIO - and you certainly believe him when you see his track record.

He was appointed in June last year and in his wake left 25 years' experience in IT and major transformation programmes holding numerous directorships in multi-million pound national businesses.

'It's my job to lead the IT profession across the wider public sector and enable public service transformation through the strategic deployment of IT which includes driving the use of shared services.'

The roots of his motivation for this appointment 'lie in my position as director general of Criminal Justice IT (CJIT). I saw it as an opportunity to do something on a national scale - a challenge to deliver results in the service sector that beneficially affects people's lives.'

He explains the mission of the 50,000 personnel in government IT as threefold: to put the citizen at the heart of public services; to introduce shared services with horizontal processes; and to drive up standards in IT.

Beneath these core principles are subsidiary objectives, including the development of data sharing in the public sector (he cites the management of witness protection schemes), the challenge of effective information management (such as, the management of archived digital content), the monitoring or technical standards, and effective project delivery.

One of the greatest challenges is the management of IT in the government infrastructure. 'All IT known to man is to be found in government,' he says.

'We have to make it work. It's not viable, either practically or in terms of cost, simply to replace it and start again. We have to introduce standards and principles that can apply to its re-use. For instance, we have two secure email systems and different verification solutions. Ideally we would have a single solution for each, but instead, we have to standardise and reduce them.'

One example of his thinking in this area is what he describes as the common desktop. He describes this as 'a strategy for greater cost effectiveness, greater security and better for the environment. It's the thin client option - in other words, the dumber the desk, the better.'

But as he explains, 'I can't mandate this, I can only present the right way forward in terms of results achieved and potentially achievable. And this has implications for the many thousands of our contractors, the police and others. As the government changes its IT strategy in the public sector, this may be inconvenient for suppliers who have continuing contracts with us, so we encourage them to insert break clauses in their contracts.'

He sees his role as that of a 'watching brief' and 'support' for, for instance, 'permanent secretaries in the implementation and management and the output of ID cards.' He explains, 'I have to look at the practicalities of team-working across government, within a multi-level security environment and ubiquitous use. It's my job to enable that. I'm not concerned with operational issues, I look at the strategy - how to coalesce loosely federated government departments.'

He is concerned about the recent publicity over the development of public databases. 'There are already numerous different databases in the public sector - for drivers, passports and televisions - and databases are common in the private sector, so why the fuss at a proposal to consolidate databases to rationalise sharing where appropriate?' he asks.

'People get fed up with having to give details to numerous different organisations. It's both more sensible and practical and will improve service to the public if basic data is shared throughout government. We're not building a brand new database, we're just using what we already have.'

He explains, 'the Department of Work and Pensions database is being used to develop better public services. It is an alternative to developing a brand new database and it is a more practical approach. It is a good database with active reporting and verification functions. It offers a de facto standard on which to develop a wider customer database and it saves taxpayers' money. We shall use it as a starting point for other schemes.

'And contrary to some reports, I am highly conscious of security issues, most especially in critical cases such as witness protection schemes and medical histories. We are obliged to conform to data protection principles like any other organisation. I think it's fair to say that the security solutions implemented in government are at a far higher level than in the private sector and go way beyond in some cases.

'Our approach is to develop the appropriate infrastructure, then move towards the management of the information within that infrastructure, and finally provide appropriate information assurance.

'Information management is a trust issue and we need to engender trust in people that only the right people will see their data.'

Managing the changes his transformational strategy imposes, will involve the CIO council - the CIOs of large departments in the public sector. There are 35 CIOs and they meet quarterly for a day. The CIO council is accountable to the ministerial subcommittee on public services and public expenditure responsible for electronic service delivery (PSX(e)).

It involves fact-based reporting from representatives from the devolved administrations of Wales, Scotland and Northern Ireland. Its function is to chart the route forward, with the flexibility for decisions to be made at local level. It has a broad agenda and unless serious difficulties arise, such as time frames, compliance with the council’s decisions is expected.

One of the main problems is the sheer size of the government departments to be managed. While the vast majority of government IT projects are successful, he says, 'in view of the numbers involved, it's not surprising that on occasions there are glitches. But in terms of the user numbers involved, they are relatively rare.

'Our health broadband database is the largest in the world,' he claims, 'and we are coping elsewhere with enormous numbers - Revenue and Customs have something like 100,000-120,000 employees; the Ministry of Defence has about 600,000 employees and the Police have about 250,000. We are rolling out IT like no other country, but these numbers indicate the complexity of the strategy.

'We shall always have occasional failures, but we are striving constantly to match skills with the complexities involved and we work hard to keep projects developing and working smoothly. No other country in the world is proceeding at our pace, except perhaps Canada, which has a population of just over half the UK.

'We frequently consult experts in the private sector, including Microsoft and IBM to try and reach the highest levels of performance and I think we compare very favourably with the private sector.'

But he recognises that a key problem is the need for culture change. 'Any organisation going through transformation needs to change its culture. All departments have different cultures - and cultures can make or break a project. And there are different areas of culture change: for instance, IT change and process change.

'We are all to a greater or lesser extent fearful of change by nature and the tendency is for everyone to label it an IT issue, simply because people don't like change. It is a curious fact that change occurs most effectively and swiftly in a crisis, when it is a question of survival.

'And in the public sector everyone has to change. In the private sector, organisations can change according to their customers' requirements, but they can pick and choose their  customers. In the public sector there is no choice - we serve every citizen.

'So we have to work to make people believe that no change is not an option. We are in a period of constant change and we cannot depart from the route. That is our next great IT challenge in the public sector.'

This article first appeared in the summer 2007 issue of ISNow.

Blueprint for Cyber Security

Our vision is a world properly protected from cyber threat. This blueprint sets out how we can deliver that solution, starting in health and care.