Your SlideShare is downloading. ×
  • Like
BwDBC IT strategy
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

BwDBC IT strategy

  • 303 views
Published

 

Published in Business , Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
303
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
8
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Blackburn with Darwen Borough Council IT Strategy Document file name: bwdbc-it-strategy3990.doc Date of Issue: 16 June 2008 Author(s): Karen Sharples & Gary Ennis Version Number: 1.2 Final 1
  • 2. i. Table of Contents 1. Introduction..............................................................................................................3 2. Vision, Goals & Principles........................................................................................5 2.1 Vision & Mission..................................................................................................5 2.2 Goals...................................................................................................................6 2.3 Principles.............................................................................................................7 3. IT Strategy Definition................................................................................................8 3.1 IT Sourcing .........................................................................................................9 3.2 IT Organisational Structure..................................................................................9 3.3 IT Service Delivery.............................................................................................10 3.4 IT Infrastructure.................................................................................................14 3.5 Network.............................................................................................................14 3.6 Communication..................................................................................................15 3.7 Applications.......................................................................................................17 3.8 Emerging Technologies.....................................................................................21 3.9 IT Refresh..........................................................................................................21 3.10 Governance and Compliance...........................................................................22 ii. Document History Version Description Author Date V0.1 Initial Draft Karen Sharples 10/06/2008 V0.2 Updated following comments Karen Sharples 12/06/2008 V1.0 First Version Karen Sharples 16/06/2008 V1.1 Final version (incorporating comments from Exec) Karen Sharples 21/08/2008 iii. Document Ownership This document is owned on behalf of the Council by the Director of Business Transformation & IT, and is reviewed by: For Cllr Michael Lee For Alan Cotton Sign-off: Review: 2
  • 3. 1.Introduction This IT Strategy document details the overall IT Strategic Roadmap for BwD over the next 5 to 6 years showing how IT systems and services will be transformed to support the Council Objectives and Corporate Priorities in a cost effective and efficient manner. It describes: • The strategic principles and vision surrounding the IT strategy and the background to the selection of these, referencing current IT strategy best practice and IT industry trends and initiatives The IT Strategy will be underpinned by a set of policies and standards which will evolve in line with the Council Objectives and Corporate Priorities and IT industry trends and best practice. IT must deliver a stable, secure and robust infrastructure services in a repeatable and cost effective manner to a level of service that underpins the Council’s objectives and Corporate policies (above). This means that that IT must: • support the existing requirements of BwD staff and its Citizens, and • provide a standardised, flexible and cost effective framework that can be used to expand and adapt in a timely fashion as new requirements evolve Delivery of the IT Strategy will result in IT being an enabler for the council to: • Meet the efficiency and value for money challenges of CSR07 • Deliver key central government initiatives such as the neighbourhood agenda • Realise more efficient ways of working that will deliver enhanced services to both staff and citizens • Improve citizen access to council services and information e.g. the ability to offer transactional services via the self service on the web / telephone • Respond quickly to changing citizen, business and legislative requirements • Drive forward its Organisational Development, Property and Carbon reduction strategies 3
  • 4. • Realise current investments in IT • Ensure compliance with regulatory obligations • Reduce the Total Cost of Ownership (TCO) for IT and/or provide more effective IT services for the same TCO • Work more effectively with partners organisations such as the PCT, the emergency services, the 3rd sector etc.. to deliver joined up services for the citizens of the borough These improvements require transformation of the existing IT estate within BwD. This transformation will make use of current IT industry best practice in strategy development and implementation and exploit new, but mature, trends in IT technology. These proven new trends in IT technology offer significant improvements to end users in terms of flexibility of operations and speed of response, while providing improved service levels at similar or better running costs to today’s disjointed operational model. 4
  • 5. 2.Vision, Goals & Principles 2.1Vision & Mission The detailed design of the IT strategy has been driven by a strong vision of the future for IT within the Council. This vision is: • The transformation of IT infrastructure, systems and services within BwD from the current disjointed support function to become a key business enabler, supporting the delivery of the Council’s goals and objectives, both now and going forwards. This will be achieved by:- • The delivery of a “joined up”, standardised IT infrastructure wholly managed by BwD IT department and capable of quickly and cost effectively adapting to the changing needs of the Council, its Citizens and Partners. • Ensuring that deployed and managed IT Infrastructure and applications are supported to a level that delivers an availability that meets the requirement outlined by the business and its citizens. The strategic vision for IT will transform the IT infrastructure, systems and services with the Council into a strategic asset. This vision will be built using a 6 step methodology: Business Time and Transformation Automation alignment Cost to from Cost Centre and deliver To Strategic Value Virtualisation Asset Migration Consolidation Each step builds upon the steps below. Certain parts of an ICT Infrastructure can “climb” Rationalisation all the steps faster than others . e.g. Server virtualisation is here now. Asset management and Discovery Step 1- Asset Management and Total Cost of Ownership Understand the fundamentals of every IT asset including manufacturer’s information, BwD owner, location, value and support / warranty status. Automate the collection and management of this information wherever possible. Step 2- Rationalisation Use a standard set of “Lego block” components and suppliers to reduce cost and complexity and improve speed of response. Spend less time worrying about what technology to use and more time delivering business solutions. 5
  • 6. Step 3 – Consolidation Centralise systems and data to a single location with standard processes and procedures for maintenance and operations. Build resilience and security into this single location. Step 4 – Migration Migrate onto more cost effective platforms where possible. Decommission legacy and non-standard applications and systems, porting functionality onto strategic platforms. Step 5 – Virtualisation Replace large numbers of small servers with a small number of large virtualised servers. Create an infrastructure where resources can be allocated and re-allocated to applications in a dynamic fashion without hardware re-configuration. Step 6 – Automation Automate standard IT operations and procedures. Provide Self diagnose and self help tools to the user community to enable quick resolution of simple IT problems, i.e. password resets. 2.2Goals The Goals for the IT strategy are: • Delivery of cost effective and high quality IT systems and services to BwD staff and Citizens. • Improve IT Service and value for money - Provide better, more repeatable levels of service at similar or better operating costs • Reduce IT Incurred Business Risk - Reduce the security, resilience, back-up and disaster recovery risks associated with the current infrastructure • Meet Growing User Requirements from IT - Support remote/location independent working while delivering new functionality in a quicker, more agile manner 6
  • 7. 2.3Principles 2.3.1Core IT Strategy Principles The Core Principles underpinning the IT strategy are: • Rationalisation of the IT estate - provision of IT services using a limited set of industry standard systems, vendors and components • Consolidation of core IT providing centralised ownership, control and management of all IT assets • Use of mature technologies and industry standards. wherever and whenever possible • Achievability - any IT strategy for the Council must be achievable. This comes through a number of principles: o Maximise the use of current IT knowledge within BwD and its partners o Incremental transformation, take a logical approach (through the IT Strategy Roadmap) to transform the current estate. Implement the changes that add the most value to the overall infrastructure/service and support the Council’s objectives first o Adoption of a security model that is capable of being implemented across the estate • Maintainability - adoption of change management controls to future changes to the IT strategy, policies and standards to ensure that the IT vision adapts to meet the changing needs of the BwD. Ensure that all new IT systems and processes are delivered in accordance with the IT strategy wherever and whenever possible These principles are core to the implementation of this IT strategy, all strategic recommendations within this document have been assessed against each of these core principles. Any proposed changes to the strategy should be assessed against these principles before being adopted. All of these principles are driven by the need to improve flexibility and service while controlling the overall Total Cost of Ownership (TCO) of IT to improve value for money. All major studies of IT costs show a number of key factors affecting TCO: • Capital/Purchase costs of IT assets are a fractional percentage of the total cost of the asset over its lifetime. Maintenance and support costs outweigh the initial costs by a significant margin, often five, ten or even 15 times the initial purchase costs. • The level of standardisation of hardware, software and processes (greater standardisation drives lower maintenance and support costs) • The degree of consolidation/centralisation of the rationalised systems (greater concentration of systems in the centre drives lower maintenance and support costs) 7
  • 8. 3.IT Strategy Definition This section provides details of the IT strategy for all the key IT processes, services and systems and covers: • IT Sourcing – The sourcing strategy for IT in BwD, including suppliers and technologies. • IT Organisational Structure – The Organisational structure for IT in BwD including staff and training. • IT Service Delivery – The IT service delivery strategy within BwD including; services delivery ethos, processes, continuity & resilience and security • IT Infrastructure – IT infrastructure strategy for BwD including; end-user computing, servers, storage, network and environment. • Communications – The IT communications strategy for BwD including; telecoms, electronic/data communications and convergence. • Applications – The IT applications strategy for BwD including; application design, legacy applications, data and information. • Emerging Technologies – BwD IT strategy for emerging IT technologies. • IT Currency – The IT strategy within BwD for the ownership and replacement cycles for hardware and software assets. • Governance and Compliance– The IT governance and compliance strategy for BwD. Each of these subjects is covered in detail in the following sections. Each strategy section contains an overview of the strategy and a series of strategy statements. 8
  • 9. 3.1IT Sourcing BwD’s IT sourcing strategy is built around a set of common approaches: • Selective sourcing of key IT services, processes and systems to ‘best of breed’ IT service partners where there is a clear demonstrable value to BwD. Leveraging the expertise, skills and economies of scale available from these key partners • Rationalisation of IT technologies and technology suppliers to enable lower cost of ownership and better levels of service • Use of standard, mature, robust and resilient IT technologies and solutions • Adoption of existing proven, standard solutions and applications before considering any bespoke development work, “buy not build” wherever possible BwD’s sourcing strategy is to control cost and improve service by leveraging the IT skills of key suppliers while rationalising the number of suppliers and technologies deployed within the IT estate, BwD will: • Reduce the number and type of technologies and technology suppliers used within the IT estate e.g. server consolidation • Reduce the overall number of technology suppliers where ever possible to leverage discounts and other benefits that arise from higher levels of sourcing from a smaller number of suppliers. e.g. one manufacturer/supplier for desktop and laptops etc. • Work with proven IT suppliers with a recognised track record and proven adherence to IT industry standards and procedures whenever possible • Build its Supplier Management processes and capabilities to extract maximum value from its 3rd party relationships • Leverage existing Office of Government Commerce framework contracts where appropriate to minimise risk and maximise value due to the economies of scale within these agreements. • Work in collaboration with other authorities to ensure BwD is taking full advantage of existing procurement processes and lessons learnt. 3.2IT Organisational Structure BwD’s IT organisational structure is built around a set of common approaches: • Building and committing to a highly skilled IT organisation within BwD that has the training and expertise required • Use of 3rd parties wherever appropriate to leverage the economies of scale and skill base available to professional IT suppliers 3.2.1Organisational Structure – People BwD’s IT Organisational Structure recognises the need for the Council to have the staff and expertise available internally to deliver the IT solutions and service it requires to meet it’s needs going forward, whilst bringing in skills from key suppliers and partners when designing and adopting new solutions. 9
  • 10. Most IT functions will be performed by BwD’s in house IT team, however where specialist skills and/or experience are required then the Council will use independent 3rd party “point experts” to provide the relevant advice or resources on an as required basis. e.g. where skills are required that are not available in-house these should be “bought in” on an “as required” basis from independent suppliers with appropriate skills transfer to ensure ongoing support of systems in a cost effective manner. 3.2.2Organisational Structure – Training Successful implementation of the IT strategy will require that BwD’s IT organisation and suppliers have the necessary levels of training, skills and experience. BwD will: • Reduce the complexity of the training requirements for all parties by standardising on a reduced set of “off the shelf” technologies and solutions that are deployed, operated and maintained in a standard manner • Invest in development and training in the skills required by BwD delivered to IT staff and the end user through a variety of delivery methods that maximise the use of technology where possible. • Ensure all 3rd party IT suppliers deploy trained staff in any work undertaken for BwD 3.3IT Service Delivery IT service delivery within BwD will be focused around a number of key service approaches: • Delivery of value for money services measured across the total IT lifecycle i.e. Total Cost of Ownership (TCO), not just the purchase/capital expense • Provision of core IT functionality, across all parts of the IT estate, to all BwD staff in a consistent, standardised, cost effective and efficient manner. e.g. deliver what is needed to meet current and future requirements, not necessarily what is “wanted” • Business/customer focused service agreements and service delivery processes. e.g. service levels defined in business transaction terms rather than on an IT system by system basis • Repeatable and consistent delivery of fit for purpose functionality and service levels through a standardised and rationalised IT estate; suppliers, technologies, methodologies and processes. e.g. adoption of ITIL • Provision of Citizen Access to BwD services in a consistent and efficient manner across all IT channels provided e.g. For data available across more than one channel there will be data consistency on the web, when a citizen comes into a BwD office or calls with a query • Delivery of a secure and resilient IT infrastructure built around standardised IT systems and protocols • Improved delivery speed to BwD staff and Citizens through the use of this standardised, robust and resilient estate These service principles require specific service strategy steps but can only be delivered through the implementation of all aspects of the IT strategy e.g. implementation of ITIL processes on a non-standardised/non-rationalised IT estate would be a high cost exercise with a limited impact on service improvement for BwD staff or its Citizens. 10
  • 11. 3.3.1Service Delivery Ethos BwD’s IT Service Delivery Ethos recognises the need for the IT to deliver value for money IT services that meet the expanding service expectations of its staff and Citizens. Delivery of improved service levels and controlling IT complexity and cost has been an issue facing almost every organisation over the last decade. Fortunately common, proven approaches have evolved and been proven in the IT industry – and these approaches are embraced within the BwD Service Delivery Ethos. BwD will: • Provide consistency of service through the use of a rationalised range of standard technologies, approaches and processes, and delivery of value for money in IT through the use of these rationalised approaches • Delivery of service levels and processes that relate to real-life business transactions and underpin the delivery of the Council’s services – including the development of business-focussed service levels • Provide speed of delivery and flexibility by implementing solutions using these standard technologies and approaches. • Analysis of business requirements to shape the delivery of IT systems and services that deliver what is needed, not necessarily what is wanted • Design systems, applications and processes to support location independent and secure access to BwD systems and data, underpinned by a service/availability levels that meets the requirements of the business 3.3.2Service Processes Successful implementation of the IT service delivery strategy will require that consistent and appropriate service processes. BwD will: • Adopt and implement a full range of consistent service processes using the industry standard ITIL framework. ITIL has become the industry standard for service provision in IT, its best practice guidelines have been adopted by both public and private sector organisations. As such it covers a wide range of elements across service management, delivery and support Service (Level) Management Service Delivery Financial & Resource Strategic Management Planning Capacity IT Service Management Continuity Availability Service Support Release Change Service Management Management Desk Configuration Problem Incident Management Management Management 11
  • 12. • Deliver ITIL processes in a prioritised and phased manner, focusing on core elements early in the delivery. Implementation of ITIL across an organisation of BwD’s size is a considerable undertaking. As such it will require time and effort to deliver. It is important that the delivery of ITIL service elements undertaken in a prioritised manner to ensure that the most effective aspects of ITIL are delivered first. A number of key ITIL elements have been identified and allocated categories 1, to 3, with respect to the order that these should be implemented. Research from Gartner shows that organisations that attempt to implement more than 3 ITIL elements at any one time run a significant risk of failure compared to those that deliver in waves of 3 or less, as follows: • Delivery of standard levels of service and consistent service delivery mechanisms equally across all BwD departments. Exceptions to the standards and consistent mechanisms will be will be granted where: o There is a positive net business case for BwD as a whole o The impact on other services for other departments is neutral or positive o The department requesting the exceptional service or delivery mechanism pays for any incremental costs for the lifetime of the exception o IT risk is maintained at the same levels or reduced. • Focus delivery of service processes around the Key Objectives of Service Management defined in ITIL, namely: o To align IT services with the current and future needs of the business and its customers o To improve the quality of the IT services delivered 12
  • 13. o To reduce the long term cost of service provision. 3.3.3Continuity & Resilience Continuity and resilience are key aspects in the provision of IT service. BwD approach to these issues is multi-layered starting with physical (location of data and systems) and then extending to; systems (locked down and standardised systems), processes and data archiving. BwD will: • Locate all core systems (servers and data) within a central, physically secure environment (the Data Centre) • Provide secure access to these systems over resilient network connections from essential business sites to the Data Centre. • The service levels required by each unit/office within BwD will dictate the levels of resilience required in the network connections to the Data Centre • Implement a secure and resilient data back-up and archiving solution at the Data Centre that will ensure that all essential data is backed up locally or remotely in a reliable manner that supports the data recovery needs of each business department • Ensure that all sensitive data not currently located within the Data Centre is replicated to the Data Centre for Back-up and Archiving. The Data Centre will be the primary location for the processing of all back-up and archiving of essential BwD data. • An offsite storage strategy for data backups will be developed and instigated, giving additional security to data backup mediums. • Use industry best practices and processes to minimise business critical outages while maximising our ability to quickly recover from an outage, • Develop, document and implement DR and IT continuity plans for core IT systems, these plans will include adequate and regular testing of DR technology, locations and processes 3.3.4Security Security of BwD systems and data is paramount. Much of the data held on BwD systems is of a personal and highly confidential nature and BwD’s systems and processes will be designed to provide a secure environment for this data and the systems that support it. BwD will: • Development of security policies covering virus prevention, connectivity of devices, privilege accounts (user and service), data retention • Implement BS7799-2:2002 (Information security management systems specification) and ISO17799:2000 (Information Technology - Code of practice for information security management) NB: the ISO standard has been revised and re-released as ISO27001:2005 future work may use this new name. Implementation of these security standards across an organisation of BwD’s size is considerable undertaking. As such it will require time and effort to deliver. The exact phasing of the delivery these standards will be laid out in the IT Roadmap • Conform to; the Freedom of Information Act 2000, the Data Protection Act 1998 and the Regulation of Investigatory Powers Act 2000 as they affect IT systems and data 13
  • 14. • Monitor and audit use of the IT estate by BwD staff and 3rd parties, and rigorously enforce the acceptable use policies. 3.4IT Infrastructure 3.4.1End User Computing User-based computing will provide reliable, fit for purpose equipment that allows Council staff to perform their roles in an appropriate manner. BwD’s strategy for end user computing is to reduce overall complexity in the number of different types of end user devices and their suppliers through a number of steps. BwD will: • Rationalise numbers of end user computing devices in use to a minimum by enforcing strict policies on the standards and types and configurations of end user devices available to BwD staff, thus maximising their supportability and reducing the TCO • Optimise end user device availability, stability and supportability by locking down all end user devices with a standard build that enforce asset management, remote management and software upgrade e.g. desktops and laptops will not have user administrator rights and will have standard Windows policies applied • Deploy “roaming user” profiles for connected end user devices through standard builds, profiles and the central directory, this process is significantly aided by the central storage of user data e.g. when a user logs onto a connected device their profile, applications and data “follow them” and are enabled on the device they are using 3.4.2Servers BwD’s strategy for the server estate is to reduce overall complexity in the number of different servers and the overall number of servers through a number of steps: • Rationalise servers onto a much reduced range of options to increase manageability, supportability and reduce the TCO • Buy larger servers and share server resources across applications using virtualisation wherever possible e.g. use Virtualisation approaches to segment large servers into multiple smaller “servers” for application use as opposed to buying multiple small physical servers • Locate all servers in a secure, fit for purpose Data Centre • Develop standard server builds for all servers that enforce the technology strategy with regards to OS asset management, remote management and software upgrade 3.5Network BwD’s network strategy is built around the deployment and adoption of standard technologies and protocols and providing acceptable security across the network. BwD will: 14
  • 15. • Ensure the design is flexible and aligned to meet the requirements of the property strategy • Deploy an Ethernet based IP LAN/MAN(Metropolitan Area Network)/WAN network solutions for all locations under its direct control. The capacity of the network at each location will be based on the business requirements at the time of deployment • Use a standard and limited range of Network switches. All network equipment should be capable of remote management to increase support capability. • Ensure all new network equipment is compatible with IPV6, convergence (VOIP) and with power over Ethernet • Deploy resilient network switches where service levels demand and whenever VOIP is used • Locate all network switches within a secure (i.e. locked) environment 3.5.1Environment BwD’s IT systems will be housed in secure, controlled environments, including appropriate provision for disaster recovery (DR) services. At the BwD Data Centre BwD will: • House all central systems in a single resilient Data Centre location • Ensure that the Data Centre is secure with controlled and auditable access • Provide a stable, controlled environment as dictated by service level requirements, including but not limited to; protected and resilient power, controlled temperature, fire protection • Provide capacity/floor space to meet current and projected future demands • Be capable of being monitored remotely during out of hour’s operation • Comply with Health and Safety Standards 3.6Communication 3.6.1Telecoms & Convergence Telecoms is and will remain a core aspect of the service delivered to BwD staff and its Citizens. BwD will invest in technology that allows maximum flexibility in business operations and provided high levels of Citizen access in a cost effective manner. • Leveraging the opportunities offered by convergence by strategic investment in VOIP as the LAN/WAN infrastructure within BwD upgraded to standardised, resilient, VOIP capable equipment. • Incremental transformation of the telephony estate. In implementing the IT strategy for telephony BwD will: • Standardise on VOIP for all future strategic investments in telephony within the council. Implementation of this strategy will require alignment with LAN/WAN upgrades and investments to support VOIP technology and power over Ethernet. 15
  • 16. • Minimise the range of equipment types purchased from telephony suppliers (VOIP and non-VOIP), in line with the rationalisation principles of the IT strategy • Invest in VOIP technology that supports end-user mobility. I.e. allows users to log on to a phone in an office and have their calls follow them to that location, working with end-user device roaming this will offer significant business benefits in terms of “virtual” call centres, mobility and business continuity • Transition from traditional telephony to VOIP in an incremental manner as budgets allow, aligned with portfolio planning for each period and office location and LAN/WAN upgrades. Standardise the mobile hand-sets models used by staff with mobile hand-sets that are mature “standard” models, under full support by the suppliers 3.6.2Electronic Communications – Principles Electronic communications has grown significantly in importance across all aspects of UK life. Growth in the use and uptake of electronic communications by BwD staff and Citizens is seen as being a major factor in the near, medium and long term. BwD’s strategy in this area is built around a number of key approaches: • Use of internationally agreed standards in all forms of electronic communications • Focus on a small number of core forms of electronic communications e.g. e- mail, intranet/Internet publishing and SMS messaging • Provision of a secure, robust and usable infrastructure for all strategic forms of electronic communications 3.6.3Electronic Communications – E-mail E-mail provision is core to BwD’s IT strategy. In implementing this strategy BwD will: • Standardise on a single E-mail server technology, from a single vendor for BwD E-mail • Standardise on a single E-mail client technology, from a single vendor for BwD E-mail • Enforce the use of agreed standards and restrict the use of vendor specific options for e-mail formatting, document attachment, etc within the server and client applications • Lock down and configure E-mail clients and servers to ensure maximum levels of security 3.6.4Electronic Communications – Instant Messaging • Until a clear business requirement is identified and approved Instant Messaging will not be used within BwD. • Clear usage policies on the limitations on staff using Instant Messaging from within BwD locations will be published. 3.6.5Electronic Communications – SMS Messaging SMS messaging is approved as part of the IT strategy for a very limited set of operational circumstances. BwD will support SMS messaging for: 16
  • 17. • Transmission of time critical alerts/messages to BwD staff and Citizens where business operational considerations require that those targeted can be contacted when not at home, in the office, etc. 3.6.6Electronic Communications – Intranet The Intranet provision is core to BwD’s IT strategy. In implementing this strategy BwD will: • Use the Intranet as the primary form of electronic communications for internal broadcast (i.e. one to many) forms of communication between BwD staff • Standardise on a single range of Intranet publishing technologies from a single vendor. E.g. Microsoft web server and Sharepoint servers, etc. • Limit the use of vendor specific enhancements to web standards when deploying Intranet technology • Invest in technologies that allow “self publishing” of documents, web pages on the Intranet and reduce the operational/editorial overheads involved • Publish clear policy guidelines on the acceptable use of the Intranet by BwD staff 3.6.7Electronic Communications – Internet The Internet provision is core to BwD’s IT strategy. In implementing this strategy BwD will: • Use the Internet as the primary form of electronic communications for external broadcast (i.e. one to many) forms of communication between BwD and its Citizens • Standardise on a single range of Internet publishing technologies from a single vendor • Use non-vendor specific, agreed web standards deploying Internet technology • Use defined web standards for all BwD documents published on the Internet • Publish clear policy guidelines on the acceptable use of the Internet by BwD staff 3.7Applications Application strategy is a key component of BwD’s IT strategy. The application strategy covers a wide range of issues relating to applications: • Application sourcing and support, • Application design, • Legacy applications and • Data and Information Strategy The strategy in this area is driven by a number of key approaches: • Rationalisation of application estate to decrease the number of applications used by BwD and the number of vendors and maintenance suppliers involved 17
  • 18. • Transition from legacy applications to a new application infrastructure as a long term aim • Buy not build policy, unless there is a good business case to do otherwise, with future potential use of utility based application service provision when that becomes more mature in the local government arena • Limited customisation of all purchased application packages to reduce development cost and timescales and to improve cost effectiveness of application maintenance • Use of Service Oriented Architecture (SOA) in new and developed applications to maximise business alignment of future application estate • Data is a key asset and needs to be treated as such in all aspects of BwD’s IT strategy 3.7.1Application Sourcing and Support New and existing application support is built around the primary principles of buy not build and use of standard application processes, unless there is a good business case to do otherwise. These two principles coupled with the aim to rationalise the existing application estate drive the over all strategy in this area. The primary business driver in this area is a total cost of ownership of bespoke application development, mostly in the maintenance phases after initial delivery but also in over-runs on development estimates for time and cost of development. Application design is covered in the next section. In implementing the IT strategy BwD will: • Standardise on a single range of shrink wrapped office productivity programmes and deploy this application set as standard builds with defined version levels for all applications • Seek to rationalise functionality demands from multiple departments into a range of generic services that deliver standard functionality to all whenever possible • Buy rather than build new applications unless there is a good business case to do otherwise. Any new application requirements will be checked against available products already available in the market-place. Bespoke creation of new applications will only be considered when no existing products fill a minimum sub-set of the business requirements • Source only mature products that have a track-record of deployment and support within the UK and wherever possible within local government in the UK. • Include the costs of application support and maintenance over the expected life of the application within the business case for the purchase of any new applications • Whenever possible look to leverage Government wide software licensing programmes in any new application purchases • Manage and audit the Council's current software licensing position on its business applications to investigate whether more cost-effective licensing agreements can be obtained 18
  • 19. 3.7.2Application design The application design approaches here apply to both 3rd party sourced applications, bought in (the preferred sourcing approach to new applications) and to applications developed specifically for BwD. The aim here is to enhance the application estate over time to a reduced range of applications that interoperate with each other in as standard a manner as possible. Key to this approach is the Service Oriented Architecture (SOA) approach. The concept of a Service Oriented Architecture (SOA) can be described most simply as the mapping of application functionality and interfaces onto the services used by BwD staff and its citizens. The key aims of an SOA are as follows: • Developing flexibility in the way the BwD delivers its services • Rationalisation of processes across departments In an SOA environment, functionality provided by traditional IT business applications can be packaged and delivered as a reusable component that can be used in any business process. In doing this, a standard range of technologies and frameworks should be deployed whenever possible. In implementing this strategy BwD will: • Only develop new applications when no alternatives exist or there is a good business case to do so • Seek to rationalise functionality demands from multiple departments into a range of generic services that deliver standard functionality to all whenever possible e.g. a single Citizen database that holds address information as opposed to Citizens having their address stored in multiple application databases • Wherever possible only allow development of new applications when the development enables one or more existing legacy applications to be decommissioned. The cost and effort of decommissioning the legacy application will be borne by the business case for developing the new application. The only exception to this should be when an application requirement is totally new and does not replicate any existing legacy application functionality • Define an SOA for BwD at both a logical and physical level. This will involve transitional steps with early work including a significant legacy estate that has no SOA capability at all • Enhance the SOA strategy model with each new application deployment. E.g. each new project should extend the SOA model into the functionality given within the new application • Define a single vendor SOA integration/middle-ware technology for application deployment, ensuring that the vendor technology is mature and robust and is supported well in the UK. • Use 3rd parties for any new application development work required. While not undertaking the actual development work itself, BwD will be responsible for auditing that the approaches and technologies used in the development of the application align with the IT strategy • Audit any 3rd party development and enforce the SOA strategy on all new development work 19
  • 20. • Include the costs of application support and maintenance over the expected life of the application within the business case for the development of any new application 3.7.3Legacy Applications BwD has the opportunity to create cost savings and improve services provided to staff and citizens by rationalising its application estate. Many applications operate within an ageing environment that is becoming significantly more expensive to maintain and support. In addition many of these legacy applications limit flexibility, restrict opportunities for rationalising hardware and operating systems and duplicate functionality available in other applications. In some areas, businesses depend on software suites and operating systems where the suppliers either no longer support the product in question or will withdraw support during the lifetime of this strategy. BwD’s legacy application strategy is built around a number of core approaches: • Reducing the number and type of applications used by the council will reduce IT costs and improve flexibility and service levels to BwD staff and its citizens • All new application deployment and development projects should attempt to reduce the current legacy application estate whenever possible • Functionality duplication in legacy applications should be reduced and removed whenever possible • Cost and risk issues with legacy applications can change quickly and need to be reviewed on a regular basis • Transition from the current diverse estate will take place over a lengthy timeframe and be driven by budget and portfolio planning considerations each year In implementing the legacy application strategy BwD will: • Create an application register that list all legacy applications and clearly shows the risk and costs associated with each application • Annually review the application register to update the costs and risks associated with legacy applications. Where a legacy application has additional cost and risk, the full cost will be identified and passed on to the relevant department. • Any application that is not covered by a maintenance/support agreement will be targeted for decommissioning • Any application that severely limits or inhibits the deployment of the IT strategy will be targeted for decommissioning • When a department insists on retaining a legacy application against the advice of IT that department will be allocated the full costs of supporting and maintaining the application in question • Legacy application decommissioning will be a project item included for project portfolio approval on an annual basis. The most costly/risky applications will be prioritised for decommissioning • New applications that replicate existing legacy application functionality will only be allowed to be deployed when the business case and project for the new application includes the cost and effort required to decommission the existing legacy application 20
  • 21. 3.8Emerging Technologies BwD’s overall strategy on emerging technologies is driven by the strategic principle of only using mature, standardised IT technology. This approach limits the use of emerging technologies until a number of core criteria have been met, namely that the emerging technology: • Has been in place for a reasonable period of time and has an established and proven usage • Is supported by an acceptable range of IT vendors and service suppliers within the UK. • Is not vendor specific and uses agreed international standards, or has become the ad hoc standard within the technology area in question • Is shown to have a clear business benefit for BwD staff and/or its Citizens This approach, will lead to a cost effective take up of emerging technologies once they have risen to an acceptable level of maturity and will avoid costly investments in future technology areas that initially appear to offer significant advantages but fail to gain a critical mass in the market-place. 3.9IT Refresh IT refresh within BwD will be focused around a number of key approaches affecting IT costs (TCO) and service levels (maintainability): • Software and hardware refresh policy needs to extract the maximum value out of IT investments by maximising the length of time that assets can economically be deployed • TCO models clearly show that the recurring run and maintenance costs associated with hardware and software significantly outstrip any initial purchase or capital investment costs • Maintenance and run costs are reduced and service levels improved through the deployment of standardised and rationalised IT assets. • Risks associated with the ownership of IT assets rise significantly when these assets go out of support. This is particularly true with software assets where security updates and patches can cease when a product goes out of mainline support. It can also affect hardware assets as spare parts become harder and harder to obtain • Hardware and software update cycles need to balance all of these factors and provide clear guidelines to how often and for what reasons hardware and software updates should be undertaken All of these factors need to be balanced against the cost of capital and the available funds at any point in time where an upgrade is required by the IT strategy. The IT strategy gives direction on when and why updates should occur. The actual decision to upgrade will be part of the budget planning process. Any decision to delay an update should and must however recognise that the deferred upgrade is likely to have an adverse impact on both IT run costs and service levels. • A yearly hardware/software review will consult with IT suppliers to identify, in advance, when existing models/types are likely to go out of production and support. 21
  • 22. • All deployed IT software/hardware assets should be in mainstream support with the manufacturer. Where this is not the case the asset concerned should be identified as “legacy software/hardware”. All legacy hardware/software will be logged in a “legacy asset register” and the IT roadmap should clearly show how the number of legacy assets is reduced over time. Steps will be taken to obtain secondary maintenance support from the manufacturer or 3rd parties for all legacy assets. Any costs incurred will be clearly logged against the assets concerned in the legacy asset register • The risks associated with the continued operation of all legacy assets will be reviewed and re-assessed each year. Those assets that carry the highest risks will be prioritised for replacement 3.10Governance and Compliance 3.10.1Change All change has to comply with the IT strategy. Alternatively, a conscious decision can be made not to comply when there is an overwhelming business case. Changes in the IT environment can only be delivered through one of 4 types of change: Category Criteria 1. Standard Service Change • Any standard operational change to IT systems (infrastructure, applications or network) 2. Standard Purchases • Any IT purchase (equipment, consumable, application) (not relating to projects) that is compliant with the IT Strategy and agreed standards 3. Non-Standard Purchases • Any IT purchase (equipment, consumable, application) (not relating to projects) that is not currently approved within the agreed IT purchasing standards, and will need to be reviewed for compatibility with the IT strategy, infrastructure and standards prior to approval and connection to the network 4. Projects • All changes that meet one of the following criteria: • Requires non-standard solutions • Impacts technical infrastructure & security • Dependencies on other change or service delivery • Cross functional impact or involvement By definition, standard service changes, standard purchases and small regular changes have to be IT strategy compliant and governance is therefore light. All projects are governed through the Change Delivery Framework (see below), which requires a project to seek ‘gate approval’ to move from initiation to definition (GG1), from definition to design (GG2) and from design into delivery (GG3). Initiation Registration Definition Design & Delivery Closure & & assessment Detailed Benefits Definition Build & Test Implement Assurance HL Requirements Business Detail Req’s, Application Integration Acceptance Delivery Handover, analysis & Solution Development & Testing & Warranty Technical Options & Design Testing Launch support & Initial Business case Project Infrastructure Closure Definition Development (PIR) Governance Gates GG1 GG2 GG3 Ongoing Monitoring/ Reporting GG4 Project Seek Seek Seek Provide registration permission permission permission endorsement to enter the to invest in to invest in to invest in to close the portfolio definition design delivery project Governance Documents Request for Change Request for Initial Full Closure (RFC) Excl. secs 5 & 6 Change (RFC) Incl. secs 5 & 6 Business 22 Business Report Case Case (IBC) (FBC) Supporting Documents Next phase: Next phase: Next phase: • PIR
  • 23. 3.10.2Legislative Compliance A raft of new legislation over the last few years has placed new obligations on all Local Authorities. There are regulations that require the Council to provide information within given timescales, to make information more accessible and to guard people’s rights. In order to comply, the Council must manage its information effectively, taking into account these new legal requirements. The strategic approach outlined in this document should have no adverse impact on the Council’s ability to execute its obligations under these regulations and in many cases should enhance the Council’s ability to meet any obligations e.g. through the centralisation of data and improvements to the security and back-up systems surrounding this data. 3.10.3Processes, Policies and Standards IT processes, policies and standards will be created, maintained, published and reviewed in line with Council requirements and industry best practice. Compliance with processes, policies and standards will be an integral part of each and every person working within IT. Compliance will also be checked by both internal and external audit and other independent review mechanisms. 3.10.4Risk Risk evaluation, monitoring and control will form an integral part of all processes, policies and standards and will comply with all relevant Council requirements. 23