EURIM Security
Procurement Subgroup
This group was previously focussed on public sector procurement. Given that the
private sector spends very much more (estimates of 5 to 10 times as much for
organisations of equivalent turnover/spend) and given the stated ministerial
objectives of learning from the private sector, the group is now (Q3 2011)
looking to revise its terms of reference.
1 Introduction
1.1 Why is security procurement important?
Central and Local
government are under great pressure to reduce costs by sharing or outsourcing
services. “Security” is often used as an excuse for not doing so, even when there
are clear opportunities to improve accuracy and security and reduce cost by
migrating duplicated services to shared networks and databases run by those who
follow better practice.
The
profitability of much of the private sector depends on confidence in the
security of online transactions and personal details but the business case for
action to actively remove vulnerabilities and improve confidence, as opposed to
ticking compliance boxes, is rarely well made.
1.2 What is the problem?
The recent study
by the
Audit Commission and the National Audit Office into collaborative procurement
indicates that significant
savings could be made from rationalising the fragmented and duplicated
activities of nearly fifty public buying organisations in the UK.
OGC has since issued a guide to buying through Framework Agreements.
Intellect has identified over a hundred such agreements relating to ICT products  .
Almost all were produced since the issue of the
OGC guidance on framework agreements .
Most entail overhead charges to the organisers of between .6%
and 6.0%, (more if there are chains of subcontracting). Few cover more than
three or four suppliers. A handful account for most of the business placed and
these, like most
current security
guidance, fail to recognise or re-use security checks and accreditations done
by others. The consequences
include
duplication of effort and reduced security compared to that of those private
sector organisations which have to protect themselves and their customers from
regular attack.
1.3 Why is the procurement problem important?
There are a large number of public sector procurements active at
any given time. Many are cancelled, but often not before those suppliers who
took them seriously have spent many thousands or millions (in the case of some
central government projects) in wasted bid costs. This overhead is said to be
one of the reasons why prices are between 10% and 30% (depending on whose
guesstimates are used) higher in the UK than the rest of the EU.
Meanwhile there are chronic shortages of those accredited to
provide security advice and security is often not 'designed in' from the start.
In consequence, procurements large as well as small, can be either delayed
awaiting such advice or go ahead with security implemented as a late 'bolt-on',
not realising economies that could have otherwise been made.
1.4 How can this subgroup help?
-
By
identifying and publicising those already available frameworks which can be
used to bring forward investment which will deliver rapid savings and
benefits at the same time as reducing costs and improving delivered
security.
-
By helping
set priorities and objectives for the overall review of public sector
procurement processes that will follow the current moratorium.
2 Subgroup Objectives
This subgroup
is tasked to identify which existing frameworks represent current good practice
so that they can be used and replicated, pending the production of new guidance.
Strategy
To bring together leading suppliers and customers to identify the frameworks
currently in use, to check them against good practice and to publicise those
which can be re-used with confidence that they meet current mandatory
requirements (e.g. state aid rules).
Work Programme for 2010-11
Quarter 3 2010
Identity frameworks/tenders/processes worthy of serious
consideration.
And review those which could/should be publicised as case studies.
Quarter 4 2010
October/November: organise activities to publicise case studies and plan follow up to ensure that good practice is embedded in
policy from the top down, not just treated as implementation add-ons.
Quarter 1 and 2 2011
Report on
recommendations and future plans
The consolidating security market brings procurement efficiency and
effectiveness opportunities
Quarter 3 and 4 2011
Consider how best
to expedite industry-led action given that other priorities mean that little or
no experienced resource is available to support the updating of Central
Government guidance with regard to security procurement.
Currently
planned and future public sector procurements are therefore likely to go ahead
using guidance that is known to be seriously deficient and/or advisors whose
skills have not been updated in line with current practice.
Target
participants
Those
willing to share their experience of procurement under different frameworks,
whether as bidders or buyers and of what happened afterwards.
Those
willing to share private sector experience from industries which spend heavily
on the security of their own systems (people processes as well as technology) at
all levels (e.g. financial services, telecommunications, pharmaceuticals,
petrochemicals, and aerospace).
Those with
“authority” as policy makers, performance auditors and regulators so that they
can work together with customers and suppliers to help encourage (or mandate) better practice
in future.
Benefits to participants
Mutual education of buyers and suppliers, both public and private sector, to
help bring forward new projects which will help meet the cost and risk reduction
targets of both public and private sectors.
A fair
and open, but also rapid and efficient, public sector procurement regime which
helps deliver more for less, including more benefit to the citizen and more
profit to the shareholder at lower cost to taxpayers.
Forthcoming Meetings
Recent Meetings
|
Date |
Description |
Papers |
|
03 May 11 |
Subgroup Meeting |
Summary Report |
|
10 Jan 11 |
Subgroup Meeting |
|
|
03 Nov 10 |
Subgroup Meeting |
Summary Report |
|
06 Sep 10 |
First Subgroup Meeting |
|
Subgroup Outputs
Other Relevant Documents and
Links
|
