UK's new public sector IT strategy focuses on cyber security and open source approaches

Big Ben at dawn
(Image credit: Shutterstock)

Open source approaches to software and a heavy focus on cyber security are two aims at the forefront of a new UK government “playbook” designed to help technology suppliers understand what the government is looking for when procuring new technologies.

The Digital, Data and Technology (DDaT) Playbook was published on Monday and marks a change in the government’s procurement strategy having learned from mistakes of the past.

The playbook focuses on “getting things right from the start”, meaning that the government will commit to investing more time at the procurement and early stages of a project to set comprehensive plans that will, it believes, help to “avoid costly mistakes later on”.

The playbook outlines 11 key policy reforms that reshape the way vendors are selected to maximise long-term investment and ensure the best possible performance.

Cyber security is at the heart of the strategy’s reshaping as vendors applying for procurement contracts will now undergo a more thorough cyber security assessment to better safeguard public data and ensure security by design.

Vendors will have to prove they meet the minimum cyber security standards, such as the NCSC’s Cyber Essentials checklist, and the results of the assessment will shape the design of the contract.

All applicants will also have their products scrutinised for any legacy IT or out-of-date products that may lead to costly overhauls later in the contract. Vendors will be tasked with demonstrating their products and services will have mainstream support for the duration of the contract.

The government is also placing greater importance on open and interoperable data and code. All new projects should be open source and be platform-agnostic since the ability to share information between contracting authorities and across government is “key for long-term success,” said the Cabinet Office.

To facilitate effective data sharing, projects need to use well-documented APIs that conform to government standards since it’s believed that interoperability will lead to greater innovation.

Among the other core focuses of the playbook, environmental sustainability, disaster planning, and market health assessments are also included.

Publication of commercial pipelines is another of the government’s key aims for the playbook and will see contracting authorities will provide vendors with insights into its long-term demand and how to prepare properly to respond to contract opportunities.

The government recognised the value of informing a range of potential vendors in the supply chain, including SMBs, well ahead of the time it expects to start procuring contracts.

It said it expects to see wider participation in contract applications which could lead to greater diversity in supply chains.

The minimum forecast for commercial pipelines should be 18 months but a period of three-to-five years would be “truly effective,” the government said.

“We recognise that priorities and plans change and pipelines must be kept up-to-date in order to be effective,” said the government in its rundown of the re-worked procurement strategy.

“However, contracting authorities should recognise that it is often more helpful to give a forward view of procurement and indicate a high level of uncertainty than not publish at all. Visibility of demand will make government a more attractive client for suppliers, including SMEs in the DDaT sector.”

The government has published forward-looking procurement pipelines for other projects and similar playbooks for other industries like construction and national infrastructure.

The Infrastructure and Projects Authority included a 10-year look ahead at potential investments in its most recent pipeline analysis - a model the government could follow for IT spending too.

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.