Contents
Report 15 of the 19 March 2009 meeting of the Finance and Resources Committee and updates on the progress of the Identity and Access Management (IAM) Programme.
Warning: This is archived material and may be out of date. The Metropolitan Police Authority has been replaced by the Mayor's Office for Policing and Crime (MOPC).
See the MOPC website for further information.
Identity and Access Management
Report: 15
Date: 19 March 2009
By: Director of Information on behalf of the Commissioner
Summary
This report is an update to the members of the progress of the Identity and Access Management (IAM) Programme. The Identity and Access Management Programme is intended to run over a 5-year period of which one year has been completed.
A. Recommendations
Members are invited to:
- Note the progress achieved and work remaining on the IAM Programme.
- Approve the IAM Central Back-End contract award as detailed in section C.1 - Procurement projects, and exempt Appendix 1.
B. Supporting information
Introduction
1. The IAM Programme aims to enhance and simplify MPS security by joining up identity management and access control, by enhancing security governance and by enforcing better security through improved processes and technology. IAM aims to ensure that the right people have access to the right buildings, areas, systems and information.
2. Currently, identity and access management in the MPS is not sufficiently “joined-up”, and is potentially open to abuse. Much of the technology in use will soon be obsolete and governance and enforcement is not as strong as it should be.
3. This programme presents an opportunity to facilitate national initiatives and to strengthen existing controls giving us a robust security infrastructure based on current technology.
4. The current building access system is also not sufficiently equipped to meet business needs as higher volume and integration requirements emerge. In addition, IAM is a mandatory requirement for retaining the accreditation of the tactically deployed single sign-on (SSO) initiative. SSO provides access to all system entitlements with only a single presentation of credentials, e.g. user id and password. The IAM Programme will give the MPS the means to fully control and audit access to MPS buildings, systems and information.
5. A budget of £19.6 million was approved via MPA Finance Committee on 21st February 2008 for the delivery of the complete IAM Programme.
Progress
6. Programme activities - The programme has been split into:
- two internal developments;
- a limited tactical technology refresh;
- four distinct procurement projects, and;
- a subsequent rollout to the full estate.
7. Internal developments - The first internal development relates to the delivery of the information security foundation to support 2-factor authentication. The second internal development relates to the integration of information about all MPS workers in order to determine appropriate minimum access rights. Both internal developments are due to be delivered in the third quarter of 2009.
8. Technology refresh - A limited tactical technology refresh for building access technology has been delivered in this financial year for a small number of locations where building access technology needed to be aligned. This tactical project has allowed the affected users to access all old and new locations with the same warrant card and ID pass. This project has also provided some extremely valuable lessons-learnt to help the full IAM rollout.
9. Procurement projects - The first procurement project - For the IAM Central Back-end (central IT infrastructure) project the Development Service Framework (DSF) Lot 4 was deemed the most effective route to market. A tender exercise was undertaken and after an assessment of the solutions and prices offered, it is now recommended that the contract should be awarded to the preferred supplier (supplier 2), as it is predicted they will provide the best overall value-for-money solution. The preferred supplier’s bid for hardware, software and professional services amounts to £4.6m capital, whereas the 5-year support at a total of £969k will be awarded directly to the Original Equipment Manufacturers (OEMs) via CapGemini.
Two other procurement projects, relating to smart card technology and PC smart card reader technology will be completed in the financial year 2009/10.
The fourth procurement project - Building access control infrastructure and services will be procured as input to the rollout to the MPS estate for each location or group of locations.
10. IAM Rollout - The IAM rollout can now only start in the financial year 2010/11, due to funding constraints.
The IAM Programme has also had to defer activities due to funding constraints in 2008/09 and 2009/10 and is now planned to complete in 2012/13.
Benefits.
11. Other MPS initiatives are set to recognise more uses for the IAM deliverables, e.g. improved communication security for existing and new devices, use of digital signatures for higher integrity and more streamlined processes and as enablers for new secure applications.
12. The cashable benefits will increase during the 3-year rollout up to £0.9m per annum as per business case, and remain as expected from the following sources:
- Reduction in support operational costs
- Reduced system maintenance costs (economy of scale savings).
Together with non-cashable benefits of:
- Reduced risk of a physical and computer attack;
- Improved management information, audit and tracking of users;
- Improved quality of IAM information;
- Reduced re-keying of IAM information;
- Retention of SSO accreditation;
- Saved staff time and improved accessibility to authorised staff.
These benefits will be realised as soon as the IAM Rollout starts and increase as the rollout moves towards completion.
13. IAM will deliver to other MPS and national projects because it will be the method by which user access will be granted to all MPS and national systems in the future. The new Police National Database is one example.
C. Legal implications
Not Applicable
C. Race and equality impact
Individuals requiring additional assistive technology to gain access to building or systems as a result of the change delivered by the IAM Programme will be provided with these by the IAM Programme.
D. Financial implications
1. The IAM Programme funding at the time of business case approval as well as current funding and spending are being shown in the following table.
2007/08 £m |
2008/09 £m |
2009/10 £m |
2010/11 £m |
2011/12 £m |
2012/13 £m |
Total £m |
|
---|---|---|---|---|---|---|---|
Capital Cost from bus. case | 0.5 | 4.0 | 5.0 | 5.2 | 5.0 | 0.0 | 19.7 |
Funding for IAM shown in latest draft of Capital Funding Programme | 0.5 | 1.3 | 3.6 | 5.8 | 4.6 | 0.0 | 15.8 |
Current Capital Spend Profile | 0.5 | 1.3 | 3.6 | 5.8 | 4.6 | 3.9 | 19.7 |
Capital funding gap | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 3.9 | 3.9 |
Revenue Cost from bus. case | 0.0 | 0.3 | 0.2 | 0.2 | 0.2 | - | 0.9 |
Current Revenue Funding | 0.0 | 0.0 | 0.1 | 0.2 | 0.2 | 0.2 | 0.7 |
Current Revenue Spend Profile | 0.0 | 0.0 | 0.1 | 0.2 | 0.2 | 0.2 | 0.7 |
Revenue funding gap | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 | 0.0 |
2. The IAM Programme work and its spend profile have been adjusted to match the funding available up to 2011/12, by re-prioritising and deferring programme activities, but there remains a funding gap in 2012/13 compared to the latest version of the draft capital programme. This remaining cost will be accommodated through further reprioritisation of the capital programme.
3. As a consequence of the deferring of the IAM programme activities to date the programme is now planned to complete in 2012/13.
E. Background papers
- Exempt Appendix 1 - MPS Contracts Board paper for Procurement of Identity and Access Management Central Back-end
F. Contact details
Report author(s): Roger Saint, Head of ICT Infrastructure Development & Estates Support, MPS
For more information contact:
MPA general: 020 7202 0202
Media enquiries: 020 7202 0217/18
Send an e-mail linking to this page
Feedback