|
|
|
|
Introduction
Primary Inspection Recommendation 8
"HM Inspectors recommend that the force carries out a detailed review of its resource and skills requirement to produce a plan for ensuring that the IT Department, including radio communications, is prepared for the continuous development of new applications in the years ahead in support of its IS/IT strategy."
Review Inspection Findings
4.1 In response to this recommendation the force contracted a firm of IT consultants to carry out a detailed review of the IT Department's resource and skills requirements following which a report was presented to the chief constable in February 1999. Since this review the force has appointed a project manager, a communications manager and, as discussed in paragraph 1.39 of this report a new post of Head of Finance and IT has been introduced. This latter appointment also addresses Recommendation 5 in the Primary Inspection report concerning the status of senior civilian staff in the force in various specialist posts including IT.
4.2 In addition to the above recommendation the following observations were also made:
Need to apply new IS/IT strategy (paragraph 4.3)
4.3 The Primary Inspection report suggested a need for the force's new IS/IT strategy (which was noted to contain several elements of good practice) to be applied. This related to the finding that the force relied heavily on suppliers for the provision of contracts, project plans and other business documents. The Review Inspection found that this observation had been noted by the force but that emphasis had been placed on the recruitment of new staff which was seen to be the best way of addressing this comment. The nature of the posts which have now been introduced to the department suggest that this should assist in addressing this observation and HMIC will review this at the time of the next inspection.
Commitment to introducing PRINCE (paragraph 4.4)
4.4 The Primary Inspection report stated that the force's commitment to the PRINCE project management methodology would be revisited during the Review Inspection. It was found that following this comment the force had appointed a full time projects manager who, along with two other managers in the IT and Communications Department, had been trained in the PRINCE methodology. In total the force has trained seventeen members of staff in this methodology in response to the comment. Evidence of its application can be seen in the force's Year 2000 project.
Need to formulate own terms and conditions for maintenance and supply contracts (paragraph 4.5)
4.5 This comment was related to that discussed at paragraph 4.3 above and the same response applies. The force has to date lacked the necessary expertise to undertake these tasks and has relied on the resources of its suppliers in this respect. It is expected that the appointment of a new Head of Finance and IT will bring the necessary skills and qualifications to the force to address this observation in the future.
Need for IT Department Business Plan (paragraph 4.6)
4.6 A new IT Department Business Plan for 1999/2000 has been introduced which details the force's priorities in relation to IT and Communications over the current financial year. The remaining costs for each project are included where known and HMIC notes such costing as good practice.
Need to capitalise on revenue gathering potential of hilltop sites (paragraph 4.7)
4.7 The Primary Inspection report stated that the force had in the past failed to fully capitalise on the revenue earning potential of its hilltop sites. Since then the force has commissioned a mast for the new sub-divisional headquarters site at Inverurie and the appointment of a new Communications Manager has ensured that this observation is actively addressed. Unpaid rental charges due to the force had already been identified and negotiations were taking place to maximise the revenue earning potential of these sites.
Need for public telephone facilities at appropriate offices (paragraph 4.11)
4.8 HMIC at the time of the Primary Inspection considered that telephones outside police offices would, when the station was unmanned, be of value in providing what might be a vital communication link to the nearest manned office. The force remains unconvinced of the value of providing these facilities however and it was noted during the Review Inspection that some police offices now display a notice informing visitors, in the event of that office being unmanned, the location of the nearest manned office and a telephone number. The force is also giving consideration to the introduction of video/internet kiosks at remote locations to fulfil the same role as suggested in this observation.
Need for review of mobile data project (paragraph 4.12)
4.9 At the time of the Primary Inspection a pilot of mobile data terminals was taking place involving vehicles in the Queen Street sub-division of the city. The inspection found that a high level of faults was being reported, unfavourable comments were received from officers using the system and there was a low level of usage. Efforts were made in July 1999 to eradicate the faults reported and stabilise the system prior to a three month evaluation. This revealed that staff were generally supportive of the concept but believed that the technology needed to be improved. The force expressed its commitment to the use of the equipment and the evaluation report was being considered at the time of the Review Inspection as to how the force should now progress its use.
Need to exercise contingency plan for disaster recovery of force operations room (paragraph 4.13)
4.10 The force contingency plan in the event of loss of communications facilities in the force operations room had not been exercised at the time of the Primary Inspection. This has since been done. A disaster recovery control room at another main police office in the force area allows the force full business continuity in the event of a loss of communications at headquarters and this was tested recently as part of the force's millennium preparations. In addition to this full-scale disaster recovery facility the force has produced a phased contingency plan to address different scales of communication problems which can arise from the loss of a single facility to the total loss described above. This is a realistic and sensible approach and constitutes good practice.
No IS/IT Training Strategy (paragraph 4.14)
4.11 The lack of an IS/IT training strategy was highlighted during the Primary Inspection and was said to have contributed to problems which had been experienced in relation to timescales, lack of training staff involvement in system development and training taking place on a faulty system. HMIC suggested the force should learn from these lessons before more new systems were introduced. However the Review Inspection found that an IS/IT training strategy had not been developed. A number of new systems were being delivered and discussions were taking place to decide the approach to training. The development of a strategy is now to be delayed until the current set of applications has been delivered. HMIC would repeat the suggestion that a training strategy should avoid similar difficulties in the future and encourages the force to progress such a strategy as part of its deliberations over current IT training issues.
Commitment to audit force systems (paragraph 4.15)
4.12 The Primary Inspection highlighted that no auditing of force systems was taking place. This was partly due to a lack of resources at that time within the Data Protection Section. The Review Inspection found that there is an awareness of the need for the force to start auditing its internal systems but despite two new members of staff in the Data Protection Section at the time of the inspection no auditing of internal systems had started. A list of systems had been drawn up for intended audit in 1999 but some slippage had occurred, partly due to the training requirements of the new staff. Only three of the systems listed were internal force systems and none of these had been audited at the time of the Review Inspection. HMIC has since been told that progress has been made and that six systems, two of which are local, have been audited. This is reassuring and the force is encouraged to maintain a high level of attention to this important area of responsibility.
Data Protection
Primary Inspection Recommendation 9
"HM Inspectors recommend that the force reviews the resource requirements of the Data Protection Section without delay in order that the force's responsibilities in respect of IT systems audit and new legislation are property addressed."
Review Inspection Findings
4.13 A review of the resourcing of the Data Protection Section was undertaken following this recommendation and two additional members of staff, an Assistant Data Protection Officer and an Audit Officer were appointed in December 1998. Both appointees had limited experience in data protection issues and at the time of the review inspection both were undergoing training in their new roles.
4.14 The force is urged to involve these new members of staff in the auditing of internal systems at an early stage to allow their experience and confidence in this role to develop. In addition to the comment at paragraph 4.12 regarding the need for auditing of force systems, HMIC would also stress the need for such audits to include integrity auditing in terms of access to systems and their usage as well as the auditing of recorded information. Operating rules to guide staff in the use of new systems have been developed in respect of systems recently or soon to be introduced and these should provide an important audit tool.
4.15 The Review Inspection found that the force had no up-to-date Data Protection Policy or Strategy documents in place. The most recent document made available during the inspection was a force order dated 1989. The Data Protection Officer was developing Force Guidelines on Data Protection but these were not at an advanced stage at the time of the inspection. This officer has only recently started giving inputs to training courses again after a period where this was done by training staff and his personal input should be encouraged in order to raise the profile of the Data Protection Officer within the force and raise awareness within the force of this important legislation.
Year 2000
4.16 A thematic inspection on the preparedness of Scottish forces for the new millennium was underway at the time of the Review Inspection. The force's response to Year 2000 IT issues will be included in that report. At the time of the Review Inspection however the force was making progress towards achieving low risk status.
|
|
|