18 January 2021
The wiping of records from the Police National Computer database was likely due to best practice not being followed in three key roles, the professional body for IT has said.
The ‘coding error’ that has caused that loss of 150000 records on the Police National Computer database had been blamed on human error. Policing minister, Kit Malthouse, said earlier: “Unfortunately down to human error, some defective code was introduced as part of that routine maintenance earlier this week and that’s resulted in a deletion of some records and that’s currently under investigation.”
It is likely that a developer, test analyst and release manager would all have been part of the process leading up to the failure, according to BCS, The Chartered Institute for IT.
The incident highlights the fact that IT practitioners should be accountable to independent professional standards, the organisation added.
Adam Leon Smith, Chair of the Software Testing Group at BCS, The Chartered Institute for IT said: “Modern complex systems are resilient, failures rarely occur because of a single decision or error. In order to delete data from a live environment through a coding error, a failure needs to occur not just in the coding, but in the test design (or one of its supporting processes, such as making sure the right version of the software is in the testing environment).
Even the non-critical systems are typically backed up daily, so either a failure has also occurred in the backup process, or something about the backout plan for the software change wasn't tested properly and has failed.
In many sectors, including the public sector, at least three segregated "roles"; a developer, a test analyst and a release manager would have been involved in this event. Three different roles that have best practices and professional standards that haven't been followed or met.”