In praise of HMG's new "Digital, Data and Technology Playbook"
Listen up...
IT projects across Her Majesty's Government (HMG) do not always go according to plan. Whilst private sector digital transformation projects have also been known to fail dismally, they typically do so less publicly and arguably often with more consequence for those responsible -- shareholders are less tolerant than taxpayers.
The National Audit Office (NAO) -- reviewing 25 years of attempts to “deliver digital business change successfully” -- has described a “consistent pattern of underperformance” across HMG and “shifting business requirements; over-optimism; supplier performance; and lack of capability at the senior and operational level.”
Stories of massively over-budget, under-performing and much-delayed government IT projects are, unfortunately for taxpayers, not hard to come by and regular fodder for the publications that pay attention.
Time for change...
Now a comprehensive "Digital, Data and Technology Playbook" -- published this week via the recently established Central Digital and Data Office (CDDO) and its Cabinet Office partners -- sets out 11 key policy reforms which aim to "transform how we assess, procure and manage our products and services" across HMG and tackle a government IT project procurement and management malaise that has long appeared hard to shift.
The playbook is being "mandated for central government departments and arm’s-length bodies (ALBs) on a ‘comply or explain’ basis." Can it help make that "consistent underperformance" a thing of the past?
Government CCO Gareth Rhys Williams and CDDO Executive Director Joanna Davinson certainly hope so, vowing in its forward to "work together across government and industry to implement and drive the consistent application of the best practice and policies set out in this Playbook and deliver transformational change."
(The playbook includes a direct call to prioritise open source software: "The ability to exchange and share information and data between contracting authorities and suppliers and across government is key for long-term success. Software should be open-source and designed to allow access in a platform-agnostic way.")
Digital, Data and Technology Playbook: 12 key points
1: Pipelines
Policy 1 is designed to ensure that public sector buyers have a documented commercial strategy "aligned to organisational objectives incorporating both short and long-term targets in line with leading industry practice" -- and include plans to develop in-house digital capabilities. It also calls for government organisations to engage the market early, noting: "Publishing commercial pipelines enables suppliers to understand the likely future demand across government. By sharing early insights on planned activities, we can expect to achieve wider participation and greater diversity in our supply chains, including SMEs, and support capability-building for the longer term" adding that "Effectively signalling upcoming demand across government will drive better innovation."
2: Relationships
Policy 2 is designed to ensure that HMG digital leaders are building programmes on a "robust contractual relationship overseen by an appropriately qualified contract manager with a clear operational understanding of the contract" [we hear the faint gnashing of teeth in the distance at this: the absence of competent folks with a "clear operational understanding of the contract" is precisely where so many projects go wrong and this is a resource issue that will not fix itself through cracking of whips but is, arguably, part of a bigger governmental story...] Regardless, the playbook rightly calls for "clear and agreed reporting, change management and dispute resolution mechanisms" in each contract, and, intelligently, for each relationship to "start with an initial workshop, bringing together the delivery team, leadership, and key stakeholders to set expectations... and ways of working, align success measures and objectives, and outline how the individual project is supporting an organisation’s goals."
3: Governance
Policy 3 urges buyers to build cross-functional teams, get senior leadership buy-in and if in doubt, consult the Cabinet Office Continuous Improvement Team (CCIT), HM Treasury and the CDDO. Contracting organisations should also ensure that they are aligned with the TCoP -- a cross-government standard setting out the key considerations for how the government should design, build and buy technology. (It is focussed on avoiding vendor lock-in and on creating interoperable and standards-based procured services, through common standards.)
4: Engagement
Early, transparent engagement with the market primes it for opportunity and helps to inform clear outcome-based specifications, the playbook notes, as well as supporting buyers to "actively seek out suppliers that can help to improve service delivery, including start-ups... who may be experts in the needs of service users and widely involved in the delivery of DDaT services." It will also help with the delivery of specifications "informed by supplier product and service roadmaps including plans for obsolescence, maintenance..."
5: Delivery models
Government's digital leaders need to think carefully about the right mix of insourcing, outsourcing, or mixed-model delivery and do this "early enough to inform the first business case stage." They should also benchmark "key project deliverables including cost, schedule, GHG emissions and agreed outcomes at each stage of business case development. This will be supported by a new data IPA benchmarking hub in 2022."
6: Agile.
Agile needs little introduction (although Agile Theatre is rife).
Policy 6 urges where appropriate an Agile approach to include:
- Setting clear, measurable objectives and success criteria.
- Identifying the scope and scale of what will be tested, and where they will be run.
- Putting in place the right resources.
- Establishing clear timescales and embedding these in the overall project plan.
- Ensuring the right commercial mechanisms are in place.
- Allowing sufficient time at the end of tests for due consideration of the results.
"Where the new requirement is to replace a product or service, including legacy IT, testing should consider options including dual running and a focus on timely decommissioning and migration of data and services" it adds -- emphasising that pilot projects to help test the business case should be drafted to be supplier or technology agnostic, and include an "obligation on the supplier to maintain clear (and current) documentation during the pilot and as part of the handover/knowledge transfer process" -- warning of "pilot creep".
7: Going to market
An outcome-based contract "based on collaboration and which reflects a shared vision is likely to be more appropriate [than fixed price/time] and will enable scope, priority and sequencing decisions to be made without re-working commercial arrangements" the Digital Data and Technology Playbook suggests, adding that "outcome-based and gain share contracts will enable shared risk and reward for remediating legacy IT." It gives project outcome examples of "fewer non-emergency calls to an emergency service number"; "enabling staff that work remotely to access and store documents securely" and "reducing or offsetting environmental impacts." (Needless to say, this isn't always possible and sometimes direct awards to incumbents are necessary but should be based on legal advice -- remedies for poor or non-performance meanwhile should be "proportionate" and baked in early.)
8: Effective contracts with common data standards...
We will not try to recap the detailed contractual guidance in the playbook, but emphasise it notes that contracts should include data extract and sharing capabilities KPIs relating to legacy mitigation and remediation switch off/switch over plans; enable data extraction in a common format and ensure that performance and operational data is made available via APIs which meet CDDO API technical and data standards -- and when it comes to contractual terms and conditions for cloud, the playbook also notes that "issue logs should be kept of any unacceptable terms and conditions and/or variances, and legal advice sought as appropriate."
9: Evaluation criteria
Check security (ensure Cyber Essentials). Make full use of the most advantageous tender (MAT) methodology. Check supply chain resilience of the supplier. Conduct an effective evaluation of the licensing terms and conditions attached to various products, including the frequency of update and any relevant support offer... The guidance here is pragmatic. As with the rest of the report, ensuring a culture that acknowledges it and follows it across government under the threat of "comply or explain" is where the rubber will hit the road.
10: Due diligence...
Economic and Financial Success (EFS) checks against suppliers should be "tailored to individual projects... proportionate, fair and transparent and [ensure] that financial metrics are used as an indicator of financial heath and not as a pass/fail exercise" the playbook emphasises. The guide, in short, is sympathetic (within reason) to SMEs, recognising that EFS checks are often backward-looking and that smaller businesses may have a limited financial history to share -- although "minimum but proportional financial tests at call-off stage and warranties from the supplier to the contracting authorities to ensure that the latest financial performance is reflected prior to contract signature" should be gathered. Departments should also refer "any abnormally low bid that is more than 10% lower than the average of all bids or the Should Cost Model to the Continuous Commercial Improvement Team in the Cabinet Office prior to accepting it" the Digital Data and Technology Playbook notes.
11: Resolution planning
Gravity has a strong pull and things can fall down. Suppliers of the most important public sector DDaT products and services should have resolution plans in place to ensure the continuity of critical public infrastructure, the playbook notes, including -- critically -- a robust cyber incident response plan that "should be linked to disaster recovery, business continuity and crisis management plans." They should also include a supplier insolvency continuity element into these resolution plans that can be at corporate or service level.
12: Exit planning
Arguably one of the most critical elements of the many that the playbook addresses is how departments can extricate themselves from trouble -- including the issue of technical debt.
As the report emphasises: "Preparing for exit takes time. Plans for exit requirements should be regularly reviewed, not just at the end of life of the contract so that adequate time can be allocated for exit management. The exit plan may be separate or included within the contract management plan, and should include:
- "A clear outline of activities, milestones and required resources
- Roles, responsibilities and accountabilities for each activity
- A joint risk register
- Defined timelines, criteria and standards that each activity is required to meet
- Relationship and behavioural expectations
- Key interfaces and dependencies
- Asset registers and transfers including digital, data and knowledge assets and processes
The Digital Data and Technology Playbook, in short, is a welcome and comprehensive guide that deserves to be used by departments that have proven overly relaxed with IT project management in the past, as well as a useful touch-point for those already delivering effectively. It's not perfect, it may have gaps -- IR35 has done a lot of damage on the resource front and HMG's ability to put its sensible guidance into effect may rely in no small part on departments having enough skilled people and keeping them aware from the lure of a better paying private sector. But it's a welcome and detailed playbook built on real expertise. It deserves praise, and adoption.