Maintaining standards for an organisation that never sleeps
IT Department Accreditation - case study
Michael Dean finds out how and why the Department of Justice, Northern Ireland became accredited to the NCC Standard for IT Departments.
The criminal justice system in Northern Ireland never sleeps, incidents and crimes can occur at any time of the day and often do. For The Department of Justice (DOJ) it is vitally important that staff have access to the information they need 24 hours a day, seven days a week.
The DOJ is a new Northern Ireland Department which came into existence in April 2010. It has a range of devolved policing and justice functions. The role of the Department is to support the Minister of Justice, David Ford MLA to help keep the people of Northern Ireland safe.
In addition to its statutory functions, the department provides resources and a legislative framework for its agencies and arms length bodies (which together constitute most of the justice system in Northern Ireland). Together with these organisations the Department is responsible for ensuring there is a fair and effective justice system in Northern Ireland and for increasing public confidence in that system.
The IS Division is one of the key enablers of the DOJ, providing support to apx 2,500 desktops, 5,000 accounts and maintaining 9 Service Level Agreements. The Division supports staff right across Northern Ireland, many of whom are served by a remote working solution that is secure to CESG standards.
Pauline Somerville is Support Services Manager, Operations Branch within the IS function at DOJ, working with a team of 16 providing first line helpdesk support, desktop deployment, management of IT Requests and managing the SLAs via Customer Relationship Management.
Pauline Somerville receives the ITDA certificate from the NCC's Dr Andy Hopkirk.
“We are very business focused here”, says Pauline, “We meet quarterly with our customer groups, including a regular user forum, to ensure we are delivering what the business need and to provide advice on up and coming issues. We believe we provide a good service and our annual customer survey backs up this view.”
The reputation of the IS function is a critical issue for Pauline and her team. As part of future IS Strategy a large amount of the services and support work is destined to be integrated into an organisation called IT Assist which provides shared services to all the other Northern Ireland Civil Service Departments.
“These are times of change with the progression of the shared services model across the NICS allowing better delivery of services to the frontline services in Northern Ireland. Whilst we are looking forward to integrating and aligning our services, we are aware that IT Assist has already achieved accreditation to NCC’s Standard for IT Departments, the IT Department Accreditation Scheme (ITDA). We wanted to show our customers and IT Assist that the DOJ worked to the same high standards, employing best practice and displaying levels of professionalism in every respect, so we decided to put ourselves through the programme too!” enthused Pauline.
The assessment scheme which underpins the NCC ITDA examines an IT department’s performance against 110 common controls (Lines of Enquiry), enabling the department to compare and understand its own strengths and weaknesses. The ITDA is also an accreditation scheme, so those IT departments who score well are awarded with a recognised accreditation to the NCC Standard. Another feature is the identification of a bespoke Action Plan which helps the IT function prioritise continuous improvement.
Pauline was assigned the task of identifying the evidence needed to complete the ITDA assessment. As part of the process she met up with the assessor prior to accreditation. He talked her through the scope and the methodology of assessment and discussed the criteria for compliance to the Standard and was on call to answer any questions prior to assessment.
“Initially I was a bit daunted by the evidence gathering aspect of the ITDA, but the assessor advised me that I didn’t need to document the evidence supporting our claims of compliance to the Standard, I just needed to show the evidence on the day of assessment. This worked really well for us as we have lots of documented processes in place maintained in a comprehensive Electronic Records and Document Management System. Where the evidence fell outside of the system I liaised with other managers in the Division, to obtain the proof required.” Said Pauline.
The day of assessment was not as scary as Pauline had originally thought. She sat down with the assessor and demonstrated the division’s evidence using a projector connected to the EDRMS.“The Assessor was very helpful, he took a project based approach to assessment which meant that we evidenced compliance to a number of Lines of Enquiry at the same time by working through a smaller number of projects and if a control wasn’t relevant to us we weren’t assessed to it.” Said Pauline.
“The ITDA has logical structure that made assessment comprehensive yet straightforward. You can see how processes fit together. For example Personal Development Plans being linked to project objectives and project objectives aligned to business benefits. The ITDA covers all of this.”
Alongside the Assessment visit NCC also undertakes an independent survey of stakeholder attitudes to IT services and in DOJ’s case feedback was very good, complementing the positive outcome of the Assessment day.
The Assessor’s recommendation for DOJ to be awarded the Standard was endorsed by the independent Moderator at NCC. He was able to point out that the overall performance of DOJ was excellent with a noticeable lack of any low scores in any aspect of the accreditation!
Pauline and her team were pleasantly surprised by the award and the fact that an independent assessment had found their service and customer focus to be excellent. “Now we have independent endorsement of our achievements, it’s a big morale boost for the team. We know we can always be better in some areas but we now have a better understanding of our strengths and an action plan to help direct development.