Justice Sub-Committee on Policing

Meeting date: Thursday, May 30, 2013

Official Report 337KB pdf

---

Information and Communication Technology

I welcome everyone to the Justice Sub-Committee on Policing. This is our sixth meeting in 2013. I apologise for the delay in starting, but Alison McInnes and I were in the members’ business debate, which just finished at 1.15. That is one of the problems that we face, but we might resolve it in due course.

I ask everyone to switch off their mobile phones and other electronic devices completely, as they interfere with the broadcasting system even when they are switched to silent.

No apologies have been received.

Item 1 is on information and communication technology provision. I welcome back to the sub-committee Martin Leven, chief information officer for the Scottish Police Authority, who gave evidence on this issue earlier this month. Mr Leven is joined by Deputy Chief Constable Neil Richardson, designated deputy for chief constable, Police Scotland. That is a mouthful.

We will move straight to questions because time is tight.

I think that we should just cut to the chase here. Where are you with the ICT blueprint?

I gave evidence here a few weeks ago and there was a meeting immediately thereafter at which Neil Richardson and I presented to the members of the Scottish Police Authority our plans for the blueprint and application-level technology.

We were given guidance by the members and we re-presented earlier this week. I think that it is fair to say that there is support from the members for the blueprint and the i6 application stream. We will be presenting formally to the SPA board at the public board meeting in June. There is a little bit of work to do on the paperwork and how it is actually presented, but we have made good progress with the delivery of the blueprint.

You mentioned i6, Mr Richardson. Obviously, some of us round the table are more aware than others of that. Could you expand on i6 please and where it fits into the blueprint?

By all means; I am happy to do that.

My input to the ICT blueprint, which Martin Leven has described, was in effect to identify the business requirement now and what it will be in future. A central strand of that contains a number of what I would describe as mission-critical supporting elements that are contained in the i6 proposal and that relate to issues such as crime and the management of crime through the criminal justice process. It is almost an end-to-end process that has interconnections and dependencies that enable a maximum end-to-end process to be slickly managed through the use of information technology. The i6 proposal has been many years in the making. It has gone through a competitive dialogue process that was started long before the changes were initiated for Police Scotland. It has reached a decision point and that decision is currently sitting with the SPA.

Before we go on, I have realised that the witnesses have the wrong nameplates in front of them—it has been very entertaining to see the deputy chief constable sitting there in his suit. Could you just swap the nameplates? I was getting a bit confused there. I wondered whether it was part of the new strategy to confuse us.

It is part of the strategy.

You did not know it, but I could not quite follow what was happening. I am sorry, Kevin.

That is okay, convener. I was not really paying attention to the nameplates, but there we go.

Gentlemen, in the past, the Association of Chief Police Officers in Scotland has had some difficulties with managing major ICT projects. The one that springs to mind is the common performance management platform, which cost £7.7 million and was abandoned. Was that also known as platform?

It was, yes.

What assurance can you give the committee that what you are doing now will not end up in another platform-type fiasco?

That is a valid question. I suggest that there is a world of difference between the i6 programme and business proposal and what happened with the platform process.

A number of things make it different. It should be borne in mind that an analysis of that particular journey is, I understand, imminent, although it is not yet in the public domain. Having been a chief officer who has lived through the experience that you describe of trying to deliver ICT projects within eight forces and at a central agency, I know that the circumstances that led to the failure of platform have been addressed in the way in which business has been conducted around the i6 programme. In other words, there was an ill-defined understanding of what was required at the start of the platform programme process and the learning from that led to an absolutely locked-down appreciation of our business requirement as we move to i6.

The journey for i6, which has been externally evaluated and assured on a number of different occasions, including three gateway reviews, effectively followed a pretty clear path that involved about six months of detailed work to lock down the business requirements so that we know absolutely what we need as we move forward.

There was then a period of competitive dialogue. It was the first time that Scottish policing has engaged with such a process, but it has proved to be extremely valuable. The learning that we have derived from that has been quite outstanding. In other words, once we know exactly what we require and we expose that to the market to enable the market to provide potential solutions, and then work through a series of meetings to challenge and test that, we go through an iterative process until we reach an absolutely clear definition of what we require, how it will be delivered and what it will look like.

I have one final question, which is about the processes themselves. Having been involved in some ICT projects in the past at local government level and having seen some of the policing stuff before, I know that one difficulty that often arises is when, in the middle or at the end of the process, the users say to the vendors that they want something a little bit different. They suddenly decide that they want all the bells and whistles and other add-ons. I take it that we are not going along those lines and that the gateway processes that you have described have ironed out all of that kind of nonsense.

Absolutely, and that is another valid question. The simple answer is yes. We have been keen to stick to the initial requirements. We have not allowed mission creep to enter into the process at all. As the senior reporting officer, I have guarded against that at every single stage. The scope of the project changed on two occasions, but those changes were to our mutual benefit and were easily embraceable as part of the journey, so they did not distract us from what we originally intended to do; they just added more benefit. We were mindful of the fact that that is a common reason for failure and we were keen to make sure that we did not allow that to creep in with i6.

13:30

Do you wish to comment, Mr Leven?

I agree completely with Neil Richardson on that. A remarkable amount of diligence has been put into the project and the scoping to date. The gateway reviews that have brought us to this decision point have been pretty thorough.

Mr Richardson, when you use a term such as “mission critical”, I am sure that you do not use it casually and that the projects are treated as significant. I make no apologies for revisiting the issues that my colleague touched on and with which both our witnesses will probably be familiar. Last year, Audit Scotland produced a report that covered the management of ICT contracts. Although the police were not involved, people in the justice sector were, such as Disclosure Scotland and the Crown Office and Procurator Fiscal Service. As the committee’s briefing states,

“The report found significant weaknesses with the programmes around business case quality, governance and control.”

The report also comments on the

“lack of in-house specialist knowledge”.

Will you comment on those specific aspects in relation to the current process? It is important that we learn from the past, but it is even more important that we have a positive view about what will happen in the future.

I am aware of that report and I anticipate that members of the Scottish Police Authority might well ask similar questions, so I have prepared answers in that domain.

The business case has in its own right gone through a long and detailed journey. It had to secure the buy-in and support of a number of different stakeholders, who have changed because the landscape has changed. Initially, eight chief constables, the Government and the Scottish Police Services Authority needed to be convinced that the journey towards what was, at the time, called IM—information management—and is now i6, was worth while. We have been successful in doing that. When we embarked on the outlying stages, following the presentation of a strategic plan, all the people whom I have just mentioned were signatories to that journey and contributed assets and finance to turn the aim to reality.

Latterly, that journey was undoubtedly different, through a slavish adherence to Treasury guidelines on business case protocols and by ensuring that strict governance was in place. We allowed no diversion from that; we were mindful that we—indeed, I personally—had battle scars from when we tried to go through processes previously and became victims of the slippage and mission creep that we have already discussed. The business case has been subject to external assurance, not just through gateway reviews, but from a learning environment that was created so that colleagues who have gone through similar processes could share their learning with us and vice versa. Because of that, the business case was as robust as any that I have ever seen, in ICT and policing terms.

The skills base is a critical component. The lessons that we have learned as i6 has progressed will undoubtedly stand as the benchmark as we move forward. We deliberately brought in the appropriate skills. Where there was a need for independence, we brought in independent specialists, of whom one provides technical input and has worked as a bridge, if you like, between the bidders—and, as we moved through the process, the preferred bidder—the SPSA and the business. Those individuals provide consistency, given that they have been there for the duration of the programme and have not moved in and out. That is a significant component of the success that we have enjoyed to date.

As the Justice Committee previously, and now as the Justice Sub-Committee on Policing, we have been interested in the relationships. When you talk about an independent element, that adds another relationship to the equation. Given the systematic way in which you have gone about the project, is it working cohesively as you move forward?

Absolutely. As the chief information officer, Martin Leven sits on the board that is chaired by me and which has progressed i6 all the way through. For the duration, 25 SPSA technical members of staff have contributed to various elements of the business case and to the proposition as it has moved forward. That has worked well and the business case has been taken through a fairly detailed and rigorous process.

Is that your position, too, Mr Leven?

I absolutely agree. I guarantee to the committee that I have been sitting on the programme board and that senior members of my team have been involved in technical evaluation of the product. During that process, we have robustly challenged all the technical assumptions that have been made. The technical team and I fully support the project, which to date has been an exceptional piece of work.

That is all positive. We often learn from mistakes, so my questions are not about the historical matters that have been commented on. Have any operational difficulties arisen out of the assortment of IT systems?

Would you clarify what you mean by “operational”?

Have front-line police operations been affected by the fact that a myriad of systems had to come together on 1 April this year?

Front-line policing operations operate very similarly to the way in which they operated prior to 1 April. A set of priorities called the day 1 deliverable projects was delivered to the SPSA ICT function at the time. A significant range of projects was delivered as a result of that. I can touch on those later.

Front-line policing operations continue as before. People are still on the street and are still operating. Certain aspects of policing require some manual intervention to share information across the legacy force boundaries. We have some systems that were previously national systems and they continue to operate nationally. However, one purpose of i6 is to join up more than 100 different and completely separate systems in the previous force areas to provide one suite of systems that will enable more efficient use of front-line officers.

I ask Mr Richardson to comment on whether criminal intelligence is one of the things that does not recognise the historical boundaries and is shared throughout the country.

The reality is that the move to day 1 did not expose front-line policing to any heightened risk. We were already carrying a fairly significant risk in a number of domains. That is just the reality of life.

The ICT landscape throughout Scotland is extremely challenging. We have some extremely ageing and dated systems. A number of core processes that I would again describe as mission critical still operate on a manual basis. Books and form filling apply across the board. I think that only one force has a technical solution to productions, for instance. We take hundreds of thousands of productions every year. They are significant and instrumental in the criminal justice stream.

For some extremely important bits of business, we rely on dated ICT or no ICT. There is a pressing need, as there has been for some considerable time, to try to converge and modernise those systems. The move to a single police service provided a fantastic opportunity to do that, and i6 is a stand-out opportunity to make a significant step in the right direction at this early stage.

You talked about some of the processes still being done manually. Personally, I do not think that that is a bad thing because, in other spheres, I have seen the move from manual collation of data for whatever reason to an ICT system that has taken much longer to deal with the process and, beyond that, restricted access to information even further.

Is the attitude being taken that ICT is the answer to everything? In real life, that is not always the case.

No. There is absolutely no question that ICT will be a silver bullet, but there is also absolutely no doubt that there is a need to modernise the core systems that police officers on the front line require to do their job.

At the moment, when a police officer starts their duty and hits the street, if they go to an initial call—this is bread and butter; it happens every day of the year—they might become involved in some kind of incident and be required to arrest somebody. In processing that individual, they are required to support a number of disparate processes and systems. They need to record it on the criminal system; they need to lodge intelligence; and they might need to lodge productions. They need to ensure that a custody record has been completed. If there is a vulnerable person element, something needs to be completed for that.

We have done detailed analysis and determined that, to support some basic and routine activities, police officers are spending an unreasonable amount of time in the office out of the public eye simply feeding bureaucratic processes. We need—we are duty bound—to do everything that we possibly can to streamline that.

With regard to the bureaucratic processes that were mentioned, how many—

Please bear with me, Mr Stewart—I have a wee list of members who want to come in. I should tell the witnesses that Mr Stewart is a committee convener in another world but I will have to contain him for a moment and let Graeme Pearson, Margaret Mitchell and Alison McInnes ask what might very well be the same questions.

It is a pity that we have only a limited time for this evidence session, but I welcome the move that seems to have happened over the past four or five weeks and the degree of urgency that it seems to reflect.

I want to ask a couple of questions that I hope do not spoil things as we move forward. First of all, we have been plunged into i6 right from the outset. From the intelligent customer’s viewpoint, the need for which was alluded to at our previous meeting, is i6 the priority for Police Scotland?

There is no doubt that, at the moment, it is the stand-out priority for Police Scotland. However, it is not the only priority.

No, but if you were pinned against a wall and asked, “What is the one thing you can deliver that will be important to the service’s efficiency and effectiveness?”, would your heart lie with i6?

Yes.

Secondly, at our previous meeting, we discussed the need to wait for the current executive to get in post, settle down and tick the box for the way forward. Can you assure us that if any of the current executive leaves we will not go back to the intelligent customer process reassessing what i6 is about? Is it felt that, no matter who sits on the executive, there is a generic need for i6 in Scotland?

I have to say that I do not recognise or support the comment that you referred to. I do not think that anything on the ICT landscape has changed significantly; indeed, the strategic requirements of policing are pretty consistent and nothing has changed significantly in the not-very-rosy picture that I have just painted of ICT support. If you walked into a police station, you would be very familiar with what you saw there because very little has changed since you left. I suppose that some aspects of the delivery of policing have sharpened with the move to a single service, but the requirements are the same today as they were before.

So the approach is business led, not personality led.

Yes.

I know that last year you and Martin Leven—from the SPSA side—were part of the SPA project team developing the arrangements for i6 and that an agreement to go forward with its development was reached back in October. Are there any other pressures that we need to bear in mind with regard to reaching a decision in June? Are we getting to the stage where we either need to go with i6 or decide to find some other alternative?

Undoubtedly, i6 is reaching a pressure point where a decision has to be made, and there is no doubt that the authority is actively engaged on the matter. The timing is perhaps unfortunate; the procurement journey for i6 started two years ago—

Indeed.

—and it is perhaps unfortunate that it is reaching a conclusion now, given that it means that a brand new authority will have to make what is a major financial investment decision. Nevertheless, given the criticality and importance of the project, the decision has to be made.

I do not want to go into detail about private sector involvement, but I presume that people in the private sector will be quite tense about the timings and decisions.

Absolutely.

Mr Leven, you talked about a blueprint and the discussions that were being had about it. Is there an ICT strategy yet?

I was talking about an investment blueprint for the ICT that will enable us to deliver the priorities that Police Scotland has passed to the SPA for delivery either this year or as soon as possible. The number 1 priority is i6, but other priorities include systems for centralised command and control, and back-office human resources, finance and payroll systems.

But do you have a strategy? I believe that when you took up your post, one of your functions was to deliver an ICT strategy for policing in Scotland. Do you now have that strategy, or do you still have a way to go before you can deliver it?

13:45

The blueprint provides a strategic direction with the information that we have now. I am not trying to avoid the question; I am trying to explain where we are going.

The full business strategy is dependent on our setting the ICT strategy. At this point, the SPA does not have an estate strategy or a fleet strategy. Those strategies are being worked on to get them ready for submission. We must also bear in mind other areas and put in place other strategies. If the SPSA had delivered a strategy—it was not in its remit to do so—in October or November last year, it would almost certainly have been completely changed and rewritten by now, because the environment that we operate in has completely changed.

We have still to get full clarification of our funding streams and the amount of money that is available to us to invest in technology. Whatever strategy I put in place has to tie in with “Scotland’s Digital Future: A Strategy for Scotland”, and it has to be compatible with criminal justice ICT strategies and with the wider UK policing ICT strategies. Unfortunately, we cannot realistically deliver a strategy that is fit for purpose and will please everybody within 60 days of the launch of the SPS, but the blueprint that we have put in place will deliver the absolute investment required to enable the priorities that Neil Richardson and his team have submitted.

When do you hope that you will be in a position to say, “I now have a strategy”?

It is difficult to say. I am not avoiding the question, but it is an evolving situation. The route changes, the requirements of policing change and the requirements of the SPA will change. I certainly anticipate that in six months I should be delivering a strategy.

In that context, given that your current budget is less than 1 per cent—I think that it is less than 0.5 per cent, which seems a paltry sum of money—is it realistic to imagine that you can deliver on i6 as part of the blueprint and thereafter deliver your strategy?

Police priorities are absolutely dependent on the investment requirements in the blueprint going forward. We need that investment to be put in place, or we will not be able to deliver the police priorities. I6 has been designed based on the lowest common denominator—the IT that we have in place now—but that carries with it some risk from single points of failure that exist now and from some very aged equipment across the estate.

However, command and control, centralised finance, payroll, HR and forward intelligence systems could not operate on our existing infrastructure as part of a centralised manor, so we need to make the investment. I am afraid that I cannot comment on whether we have the money to make that investment, as that is above my pay grade. I believe that the SPA is still pulling together the figures for what it takes to run operational policing. There is a capital pot that is not dedicated to ICT and is split among all policing priorities, whether it is estates, the fleet, the crime campus, i6 or the blueprint. I believe that the SPA has some decisions to make about how that money is invested.

In terms of the allocated sum of money, I think that the answer to my question would be no, but there is a possibility that moneys elsewhere in the budget could be reallocated.

Again, we do not have any allocated money pointing at ICT. There is a capital pot that IT can bid for and the SPA will decide what happens. There has been no specific money other than the operational budget, the revenue budgets—

Is that the £12 million that we were told about previously?

The £12 million was the money that I believe the Government predicted would be required for the first three years to enable ICT to merge. The figures that I am submitting as part of the blueprint are in excess of £12 million.

I have a final point, before I allow other members to come in. You mentioned system change on 1 April and the various historical systems that are still in place. If I understand the situation properly, the systems that you alluded to at the previous committee meeting—for HR and so forth—are essentially still the old systems and do not function as one single system across the whole network. Nevertheless, you have managed to arrange for various systems and human beings to fill in the gaps. Would that be a more accurate description of the system, rather than describing it as one national system?

We have eight different HR systems around the country—nine, if you bring the SPSA into the equation. We decided with the police in the summer of last year that merging those into one single system was not achievable. That was not only about technical restraints, although it would have been a very challenging technical project and, as Mr Stewart has alluded to, technical projects are very difficult to achieve in a very short period of time.

Moreover, we were dealing with eight police forces with eight different sets of terms and conditions. With one system, those all have to be merged. We were also dealing with eight different command and control systems, with automatic links for duty management and resource allocation, involving a whole variety of interfaces. Merging those was not going be achievable before day 1.

The instruction that we got from the police reform team at the time was to supply a system that can indicate where everyone is, how to contact them and who they are, and which should be compatible with the new badging number schemes and the new unique identifiers. If, for example, Central Scotland Police had the same badging numbers as Lothian and Borders Police, it would be necessary to separate out all the officers. We could consider a national solution thereafter.

I agree, and I understood that from the first presentation. However, some members understood that there is now a national electronic, ICT-driven system. In fact, you have created a number of conventions where human beings make up the difference between the various systems, which are not all linked together.

Yes.

My colleagues have already been fairly thorough, but I want to tease out a couple of points that they have raised.

You indicated that it could be challenging to deliver the ICT strategy for consideration by the SPA board at its June meeting. Can you tell me about the timescale and the process for individual business cases to be submitted to the SPA board? You have said that there is a central budget, but there is presumably still work going on in that respect.

The purpose of the blueprint that we are delivering to the SPA board is to give the board an indication of the cost of investment in the enabling ICT that is required to deliver police priorities and nationalise the ICT set-up. Further to that, the blueprint will give the board an idea of the money that should be kept aside from its capital budget allocation this year.

I anticipate that there will be individual business cases for every ICT investment that we make. I welcome that—we should be cross-examining everything that comes in. Some of the ICT investment that I want to make this year is in the millions of pounds for particular items and types of technology to enable the delivery of police priorities. My understanding is that we will have a business case for every bit of technology. I fully support that—it is an environment that I am very used to working in. Whether it involves risk reduction or efficiency gains, each business case will be based on the return on investment for every single piece of technology that we put in.

My question is whether that work can proceed now, without having to wait until the board meets. If you know how much money you are going to get, you could have a kind of wish list. Once you know how much you have, you can tailor things, and at least the groundwork could be done now, which would seem a sensible way forward.

The groundwork is heavily being done at present. As soon as we get the go-ahead and support from the board, we will submit business cases very quickly so that we can start getting the technology in.

So, the individual business case work is being done now.

Very much so.

Does ICT feature as part of local plans?

Yes, although not from a funding perspective. For example, the website that we launched on 1 April has very in-depth details that the public have never had before. They can go in and find out who their local community officer is, and they can see full details of the local policing plan, including national contact details. People can use a postcode look-up to find information. In that respect, ICT has been heavily involved.

If there was any disagreement, for instance about ICT and what was contained in the local plan, what would happen? What is the mechanism for resolving such disagreements?

That is part of the governance set-up, and we are working closely with Neil Richardson’s team to get there.

Let me take you on a little historical journey to let you know how things worked beforehand and compare that with how we deal with issues now. Prior to 1 April, there were eight legacy constabularies with eight different ICT strategies. The national ICT system and strategy was controlled by ACPOS. That resulted in an ICT department that, around the country, reacted to things in diverse ways. For example, people were instructed to put in completely different sets of technologies in different environments.

Now, we have the opportunity to ensure that all technology is approved. If a divisional commander would like a little bit of technology in their division that is not available in any other division, we would not recommend that. We think that all investment should be in national solutions, so that members of the public have same experience across the country.

We are working with Neil Richardson’s team to pull together a governance function that allows the police—not the ICT team—to prioritise how we put in individual pieces of work, based on the availability of the ICT and on technical advice.

I, too, looked at the paper-based, manual system. Will you go into a little bit more detail about what will be involved? You mentioned exhibits and productions and talked about the priority in some cases, but our briefing paper suggests that converting some of the manual systems to computer systems is a priority. Will you tease that out?

Sure. I am looking to Neil Richardson for confirmation, but in the i6 project, most if not all paper-based processes are removed and made electronic in combination with the other business areas that come in, so that we have a single source of truth for information in one data set.

Neil Richardson is far better qualified to tease out the details on paper-based systems and how they impact on operational policing.

The best stand-out example is the production register. Although I take the point that technology is not always the solution, the reality is that, because it is a core process that is critical to the progress of criminal justice, officers effectively stand in a queue to fill in the single register. Certainly, that happens in the west of the country. We cannot have multiple registers because that increases risk. Particularly in busier stations, officers often stand around waiting for an opportunity to put vital information in a book. Because of legacy arrangements, the day-to-day inefficiencies with a number of systems are at the heart of the i6 business case. That is one of the reasons why there is such a compelling case for an opportunity to bring about change that will deliver strategic, operational and financial value.

I am perhaps not as optimistic as Martin Leven is in relation to his description about potential conflict and how we might resolve that. That is primarily because we have been developing the service over a number of years to do business in that way, with the SPSA arrangements that were in place. That has been extremely difficult. A lot of people have put a lot of effort into trying to make progress, but it is a matter of public record that progress was not great.

In fact, there are two public documents that summarise the position effectively—an Audit Scotland report and an independent review completed by Mott MacDonald. Both reports contained a reasonable description of some of the barriers, which relate to engaging governance and the problem resolution activities that the committee has asked about and which Martin Leven has responded on.

Although some of that may be easier with a single service, it will not be as easy as it could be were ICT a part of that single service. It strikes me as anomalous that, while recommendations remain outstanding from the bits of work that were done to find a route to improvement, we have removed the opportunity that we had to embrace ICT back into the service and to streamline some of the activities, with a single decision maker and person in the chair—namely the chief constable—to direct HR, finance or ICT, which is a critical component of any business. Therefore, a concern remains about our ability to bring in line strategic and business ICT requirements to make that business work. My position has been consistent on that—it is something that should be urgently looked at and reconsidered, so that ICT is embraced back into the service.

I tend to agree. Unless there is a direct and clear line of communication, a lot of time and, potentially, money will be wasted.

A lot of members are itching to come in now that the discussion has opened up. I will let Alison McInnes in first.

Martin Leven spoke about developing a “single source of truth”, which is an interesting phrase. Will you talk us through the new system’s security safeguards? I suppose there are safeguards in relation to things such as authorisations and amendments as you move from manual, paper-based systems to logging in everything electronically. Public confidence in the system will need to be very high.

14:00

When developing any new system, you have to look at the fundamentals of information security—confidentiality and the integrity and availability of the information that is stored in the system. The i6 business model is built around those three fundamentals of information security. We must also be careful not only about ensuring that the information stored in those systems does not leak out, but about monitoring who accesses the information and for what reason. The i6 business model achieves an impressive level of auditability, by leaving forensic ICT trails, of why certain people would access certain information. I am confident about the information security that has been built around the system.

On the wider blueprint, we have to adhere to extremely strict information security. One of the challenges that we faced previously was that we tended to think of the police environment as being different from everywhere else. However, I fundamentally disagree with that view. I think that IT is IT across the board, and information security should be the same across the board, with appropriate levels of security. We sometimes tie ourselves up in too much information security, so that, although we absolutely nail the confidentiality and integrity requirements, we make the system so complicated and difficult to get into that the availability of data can be compromised. That is taken care of with i6, which is a very clever system, and we are certainly looking to have a far more balanced approach to information security with our blueprint, to ensure that we are not taking any risks at all with the data held within Police Scotland, while making the information easier for officers to access.

In practical terms, there are risks involved in the practice that I outlined of officers having to input the same information over and over again, because each time they do it there is an increased risk of them spelling something wrong or getting an inconsistency into the system, which can then cause problems with searching. The single premise of i6 is data re-use. It will not happen on every occasion, but ideally you should have to enter information only once, and then the system self-populates the same information, whether it relates to custody, vulnerable persons or other areas. That means that so long as the input is right the first time—the system includes clever built-in safeguards to ensure that officers do not go into the wrong field, and will tell them if something is obviously wrong—the data quality should be of a far higher standard. That has been included as part of the construction phase, so I have high confidence that the system will be significantly better than what we have now.

Will that also mean that there is no second chance to get something into the system in the case of a failure in data entry?

Data can be amended or adjusted, although, as Martin Leven said, there is a security trail for all entries so that every adjustment is recorded and can subsequently be audited.

Neil Richardson touched on relationship issues and ownership of responsibilities in connection with ICT, and that is one of the areas that the sub-committee will be interested in examining over the coming months, to see what works and works well.

Martin Leven described the history of governance, and seemed to indicate that, since April, we have entered a halcyon period, previous to which ACPOS was in terrible disarray and decisions were difficult to make because there were eight different chief constables in charge of the systems. However, is it not fair to say that the SPSA played a part in overseeing ICT delivery, that there was a new ICT kid on the block during the past four or five years, and that we still need to pay a great deal of attention to how governance is delivered? I am certain that, when Mr Leven joined the service as an SPSA employee, he did not feel that he had no governance round about him to protect decision making when he was in charge of information. Merely to state that things will be better from here on in is not going to cut it. Is that a fair picture of the history of your information systems?

I agree with part of what you said, but I disagree with another part. On the history of the system, touching on what Neil Richardson said, I am genuinely surprised that the issue of where ICT reports to has arisen. I thought that that was the one area that had been agreed quickly between the chief constable and the chair of the Police Authority, and it certainly has not been open to public debate, although I realise that the Association of Scottish Police Superintendents put out a statement about that last week. It should make absolutely no difference whether ICT reports to the Police Authority or to the chief constable. I currently sit as a guest on the senior management team, and I am in no doubt that, if the chief constable and the senior management team are not happy with the IT delivery, they will not miss me and hit the wall. I also sit on the SPA executive.

Before you move on from that point, I think that you would agree that, whether or not they vent anger at you, they have no power to instruct.

But that could be turned on its head. Previously, the SPSA was the ICT expert, but it did not control the strategy.

I do not doubt that.

The SPSA had to try to influence some of the decisions that were made, without having any strategic control or the ability to say, “No, we’re not doing that.”

Yes, I have no doubt about that.

I am sure—in fact, I have absolutely no doubt—that, when we had eight different chief constables with eight different strategic directions, there were circumstances in which ICT said, “That’s a bad idea”, and was told to do it anyway because someone else said, “This is what we want to do.” That is a difficult situation in a command and control environment. It was before my time, because, after I turned up, reform was fortunately the focus and we worked collaboratively.

IT and industry can be nurtured better when IT is left to the IT guys, who provide enabling technology to deliver the operational priorities for whatever the business line is. It should be a case of, “You tell us what we want, and we will tell you the best way to deliver it.”

Indeed.

That is a good model. Given that purpose, it makes no difference whether my team and I report to the SPA or to the police service. It should make no difference whatsoever, if we have the freedom to express ourselves.

To save any doubt, I have no view on where that duty should lie; we will discover that in the years ahead.

It seems that we have painted a picture that indicates that we are moving forward and everything is sorted out, and that we know where we are. There has been a great deal of movement in the past six to eight weeks, as you would acknowledge. I like to hope that this sub-committee has played a role in concentrating minds in that regard, and I have no doubt that next month will be significant. Neil Richardson has given his view on how critical it is. Do you see it as being equally critical to get a decision one way or the other next month?

The sooner that we get a decision, the better. There are commercial reasons for requiring a decision to be made sooner rather than later. In addition, some of the systems that i6 is scheduled to replace were out of date when the process started, which means that they are even more so now.

Very much so.

The longer that those systems remain without being replaced—either by i6 or by another system—the greater the increase in the risk of failure in those systems.

In the past, there has been a bit of a guddle in some regards. Guddles always come to pass when the customer does not listen to the ICT experts, and says “We want this, this and this”, even if they are told that it will not work. In a past life, I was involved with many ICT systems and with HR systems in particular. I used an adjective in front of the names of those systems, for which Mr Richardson would probably arrest me if I used it in a public place today.

So would I.

We have not discussed the fact that some of the systems are still in place, so the legacy is still there.

My question is for Mr Leven. Would any of the HR systems and other systems that are currently in place in the previous eight force areas work across the whole country? If they would, is there any way to use procurement methods to export them throughout the country, or are we talking about systems that are basically outdated anyway?

Our HR system is an interesting example among the unlinked systems, because it was built in-house. I believe—although it was way before my time in policing—that the system was originally designed by a policeman, and put in place in Tayside before being pooled throughout the country.

It might have been a policewoman—who knows?

Our HR systems are proprietary software, and we now have the opportunity to nationalise those HR systems.

Are better products available in the marketplace? I think that we should investigate that. However, a model that involved licensing an ERP—enterprise resource planning—solution that combined HR, finance, payroll and duty management into one system would involve quite an expensive marketing plan.

Would we get better bang for our buck from developing our current systems to make them national? Possibly. We have a team looking at that issue 100 per cent to see what the best possible solution is. Again, any solution would be designed not just by the ICT guys but by collaborative working with the HR functions of Police Scotland and of the Police Authority on what they want to go forward to see how we can link the system into finance, duty management, command and control and the various different pension pots throughout the country to provide a good national solution.

With those combined systems for finance, HR and so on, the customer often wants all the bells and whistles on as well. In my experience, those projects are often doomed to failure right at the start. As an IT professional, do you think that the best way forward is to introduce those joint systems or to keep some of those functions separate and just live with that?

I think that we would need to ask our customer exactly what it is looking for.

As an IT professional, of course I want the technology to do the job, so I think that a joint system would be a great project to take forward in the policing environment. Would that be the best use of resource and money? I am sure that you all understand the size of the project that would be required to deliver that. Would we have the money available to do it? I am not too sure. I think that we should have one combined system that links into the i6 product set so that we can start bringing the information much closer together. Is that achievable? That is what we are trying to find out at the moment.

Obviously, we hope that your customer will listen to your very good advice.

I am sure that it will.

If I understand you, you are saying that the SPA should make the decisions on ICT, even if that is more costly and takes from other budgets.

No, that is certainly not the impression that I meant to put across. One thing on which I have tried to work very closely with Neil Richardson and his team is that any ICT business case should be a collaborative piece of work between Police Scotland and the ICT function.

Is that the case, Mr Richardson?

There is no doubt that, as Martin Leven said, he is trying very hard to work with the business. As I said, that is increasingly difficult and always has been difficult, and I am not convinced that it will get easier moving forward under the current arrangements.

As I described at the outset for i6, I think that the sequencing of all activities should follow the business by nailing what we require, looking at the possibilities and taking off the luxury extras—the bells and whistles that we do not need—to ensure that we have an absolutely rock-solid requirement. We should then not go to a particular supplier, but extend the opportunity to the market. I think that competitive dialogue that engages the whole market is a sensible option. For any significant financial investment, although that takes a bit longer and costs some money, it is absolutely worth doing that to determine the best technical solution.

Moving forward into a brave new world—again, if we could rescript things—I would move dramatically away from big in-house capability and look fully to exploit the market. I would look for the in-house technical experts, such as Martin Leven and his colleagues, to be very small and lean and almost specialised in providing a bridge between the service and that technical world in relation to those requirements.

Right. The next question is from John Finnie.

Everything sounded straightforward earlier, but it can be good to have some tensions and competing demands. Mr Richardson’s phrase about the service’s ability to bring in line those requirements perhaps highlighted some of those tensions.

However, in my view, public money was wasted—a figure of £7 million was mentioned, but I think that it was nearer £14 million—simply because no one was prepared to say, “Chief constable, that is a nonsense.” We cannot have a situation like that again. Despite the hierarchical nature of the police, the idea that the person in charge could waste public money and no one would challenge it, has to be done away with. In decisions on IT, the relationship with the client or customer is terribly important, and we will be keen to monitor that.

I want to ask three brief questions, to which you might be able to give a one-word answer. Can you give us a timeframe for the fleet and estate strategies? If not, can you get some information on that to the clerks? A lot of people are interested to know how the estates strategy will tie in with ICT. Can you say whether the hand-held devices that were trialled by operational officers form part of the ICT work that is being talked about?

14:15

I cannot comment on the fleet and estates strategies.

It is not what you are here to talk about.

No, but it links in, because—

We can be written to about that.

Sure.

On mobile data, I received some questions from the researchers that were difficult to understand, so I have brought with me a brief on mobile data. We have two different mobile data projects. We have one in Lothian and Borders, which is a product set that is an electronic notebook so that an officer can take things—

I have seen it. You just plug it in.

You dock back at the station and put things in electronically.

A pilot has also been taking place in G division in Strathclyde. That pilot was funded by the national police improvement agency, with Home Office funding, to provide devices that could give officers on the street access to some police databases and background databases going forward. That project was successfully deployed last year and there are moves to have a business case brought forward—for January 2014, I believe—to make the next investment in national mobile data, if we decide that we want to do that. Again, although ICT resource is involved in it, it is a police-led project and the recommendations on what we want to do would come more within Neil Richardson’s remit.

Thank you. Can I confirm that we will get the information back on the progress with the fleet and estates strategies?

Yes, we will be written to about that. Does anyone have anything else to ask?

May I just ask—

I am not rebuking you—you will get to ask your question—but every time I ask that question, somebody puts their hand up.

We could be here for the day.

No, we will not be. We are finishing in four minutes.

It is not about a contentious issue. I almost faint at the prospect, given the difficulties that you already face with the police service, but has there been some thought from the ICT environment about linking with the fire service in identifying the crossover savings that might be achieved from the mutual pipes that are necessary for shifting information around the country? Perhaps some thought has been given to what software is available that could maintain security separately within the systems. The two services might be able to piggyback on each other’s resources. Has that been thought about or is it just too hard?

Absolutely—it has been thought about. I gave a presentation at the Scottish wide area network conference in January—I put up a map of all the Scottish police stations and then I put up an overlay of the fire brigade stations and said, “Why are we paying twice for pipes that go into buildings that are inevitably next door to each other or a street away?”

Is there a future for that idea of linking?

In fairness, Sandra Aird—my equivalent in the Scottish Fire and Rescue Service—and I have both been kind of busy recently. We have agreed to talk about it but we have not pushed it forward—that will be coming up soon. It is not just about collaboration with that service, but about collaboration with the Scottish Ambulance Service and the entire blue light industry.

I was afraid to mention that service as well. Thank you.

The fire service and the Scottish Ambulance Service have been mentioned. What about local government across the country? I hope that you are seeking to collaborate with councils, in particular with regard to hardware procurement and beyond that in server sources. I hope that you are looking at that and trying to save the public as many pounds as you possibly can that can then be diverted into front-line policing.

Absolutely. I sit on a couple of Scottish Government programme boards. As regards industry relations and ICT strategy programme boards, the police are involved in the design work for the Scottish wide area network and some excellent work is coming out around “Scotland’s Digital Future”, which is all about collaboration and best value for money for the public. I absolutely guarantee that we will continue to look for every opportunity for savings in the entire public sector in Scotland.

I thank both the witnesses very much for their attendance and their evidence.

Our next meeting will be on Thursday 13 June, when we will continue to take evidence on ICT provision from the Scottish Police Federation, the Association of Scottish Police Superintendents and Unison. They have no doubt been paying attention to this evidence session.

Meeting closed at 14:19.