Home Office renews £200k subscription for out-of-support software for internal forms

Written by Sam Trendall on 15 March 2022 in News
News

Department has been ‘made aware of the risks associated’ of continuing to use technology to process sensitive information 

Credit: Pxhere

The Home Office has spent £200,000 renewing its subscription for software used to build internal forms – despite having been “made aware of the risks” of continuing to use a system that is no longer in support.

Newly published commercial documents indicate that the department entered into a one-year software licensing contract on 1 November covering the provision of an “e-forms” tool for use in its Horizon intranet system. The deal will be worth £197,225 to specialist provider Granicus. The annual fee covers the submission of 100,000 forms per year.

Procurement archives reveal that, since at least 2016, the Home Office has used forms-building technology from Firmstep – a London-based software house that was acquired by US firm Granicus in 2019.

The latest contract extension indicates that “Granicus has notified [the department] that the solution is discontinued and no longer be supported” by the company. 


Related content


The supplier has also sought to make the Home Office “aware of the risks associated with [its] continued use of the solution… and [it] has determined it wishes to continue using the solution independently without any support from Granicus”, according to the contract.

The terms of the contract state, in continuing to use the software system, the department accepts that the software publisher “will only provide limited ongoing or future support or assistance of any kind related to the administration and functionality” of the product.

The technology will be used in an “Official-sensitive (IL3) environment” – meaning one in which the relevant security standards have been met to process government information. 

Although still considered to be sensitive, ‘Official’ is the lowest of the three levels of classification of government data, and is applied to “the majority of information that is created or processed by the public sector”.

This “includes routine business operations and services, some of which could have damaging consequences if lost, stolen or published in the media, but are not subject to a heightened threat profile”.

Products that are “considered an end-of-life product, out of support from the supplier, impossible to update” are considered to be legacy technology as per guidelines from the Cabinet Office, which also covers systems that are “no longer cost-effective [and] now considered to be above the acceptable risk threshold”.

The guidance recommends that government entities “use continuous improvement planning to implement an iterative or phased migration, and help prevent the accumulation of future legacy technology”.

This will result in the “reduction of risks to your systems and infrastructure”, departments are advised.

Tackling legacy IT across government was a key focus of the November spending review, which pledged £2.6bn to help update ageing systems and improve cyber resilience. This came on top of £600m committed to address legacy tech during the one-year spending round of 2021 – which included £232m for the Home Office.

The Central Digital and Data Office is also currently working across government to develop a consistent view of the costs and risks of legacy systems through the rollout of a common legacy IT framework”, according to an update recently provided to parliament’s Public Administration and Constitutional Affairs Committee. 

 

About the author

Sam Trendall is editor of PublicTechnology. He can be reached on sam.trendall@dodsgroup.com.

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Home Office and BEIS first departments under the microscope in pilots of new independent cyber audits
16 January 2023

External supplier brought in to run the rule over government systems as rollout begins of ‘GovAssure’ programme

EXCL: HMRC reviews contact-centre resilience after ‘multiple service incidents’
13 January 2023

Assessment was commenced shortly after five days of outages – but identified ‘no immediate concern’, according to supplier

Home Office signs £40m deal to support data and analytics
9 January 2023

Department looks to enhance use of data products

Government plans to expand departments’ powers to share personal data to support One Login
5 January 2023

Proposals will allow for more information – potentially including highly sensitive special-category data – to be processed in identity-verification