View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Auditors Slam UK Security Vetting IT Failure

"Nearly 8,500 files containing personal data (attached to cases) were unreadable and 93% of automated checks against the police national computer failed"

By CBR Staff Writer

A poorly planned centralisation of security vetting processes by the government, intended to drive efficiency savings by merging IT systems, performance metrics and funding models, has ended up costing taxpayers £17 million extra annually.

That’s the conclusion of the National Audit Office (NAO) today, after an investigation into the creation of “United Kingdom Security Vetting” (UKSV).

This was set up to replace the MoD’s “Defence Business Services National Security Vetting” (DBS) and the FCO’s “National Security Vetting” (FCOS).

See also: New “100% UK Sovereign” UKCloud Service Takes Pot Shot at US CLOUD Act

In dryly damning 40-page report, the NAO said: “In November 2015 government announced that it would establish a single vetting provider in 2016, but this decision was not supported by an assessment of the expected benefits, costs and risks.”

More Expensive, More Staff Needed, Slower

Among the biggest issues were the creation of dysfunctional IT solution for the new, centralised security vetting entity.

The NAO said: “The risks associated with the merger of DBS and FCOS to create UKSV were consistently reported as high. The [UKSV programme] Board considered that there was a high risk that UKSV would inherit an IT project that was under-resourced, under-funded and unplanned.”

security vettingThe auditor added: “The National Security Vetting Solution (NSVS) IT upgrade was intended to create a single system accessible to both DBS and FCOS by August 2016, ahead of the merger. UKSV was created in January 2017, four months later than expected, and without NSVS fully implemented across both of [the former] sites.”

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

As a result, in its first week, 10 out of 13 essential functions of NSVS did not work properly.

“During its first four weeks, nearly 8,500 files containing personal data (attached to cases) were unreadable when accessed, and 93% of automated checks against the police national computer failed. Officials had to reprocess failed checks manually, reload files and recover data, and conduct additional assurance checks.”

Just two years after its launch, the government has decided to wash its hands of the combined IT system. In May 2018, Cabinet Office began developing a replacement for NSVS. It plans for the replacement to be in place by January 2020, the NAO said…

National security vetting allows individuals access to government information,
locations or equipment. In 2017-18, government considered more than 170,000 applications by civil servants, contractors and specialist staff such
as those in the armed forces.

More than 25,000 security vetting cases remained open by July.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.