Unisys, one of the companies bidding for involvement in the UK's ID cards scheme, has defended the programme following a critical report by the independent body appointed to oversee the project.
The report, issued on Wednesday by the Independent Scheme Assurance Panel (ISAP), appointed by the Identity and Passport Service (IPS) to oversee the National Identity Scheme, was critical of the government's lack of specifications for information assurance and the lack of clear architectural specifications for the project. Unisys claimed the report was based on an out-of-date analysis.
"The scheme would benefit from a robust and transparent operational data-governance regime and a clear data architecture," wrote ISAP. "These must recognise the value of data and the risks associated with inappropriate access to and use of data."
The report also revealed that the government had no clear data-management standards for the National Identity Register, the proposed database that, according to the government, will hold all UK citizens' identity details securely. These standards should have been "addressed in advance of procurement", stated the report. The procurement process for the National Identity Register began in early 2007.
ISAP criticised not only the lack of clear government guidance for the data architecture of the scheme but also said that the government had no idea how the system would be managed across departments.
"The panel suggests the programme should verify that it has the capability to manage integration and that the complexity of integrating increasingly interdependent systems across government is considered," ISAP wrote. "The flexibility demanded of the programme is useful but does not excuse the programme from the need to adequately detail the requirements for ICT systems, processes and operations."
Systems integrator Unisys, which is involved in the procurement process, insisted that the government had precisely specified the scheme. It also said the report, which covers the whole of 2007, did not take account of the scheme's current progress.
"The 2007 report is out of date," said Neil Fisher, Unisys' vice president of identity management. "We have a clear idea about the National Identity Scheme, and have a close strategic framework for architectural procurement."
Fisher declined to give any more details about the procurement, as it is an ongoing process. Last year, in a BBC Radio 4 broadcast, he described the relations between government departments, including the Home Office and IPS, as unco-ordinated, likening Whitehall to a "herd of cats". On Thursday, however, he said government departments had now started to act in a more co-ordinated way.
"Up to a point, it was fair to say that the visibility of coherence between departments was not that clear, but the procurement process has been wonderfully refreshing. [Whitehall] were a herd of cats, but now they're following a food trail. I've been impressed by [their] pragmatic thinking in a difficult public-expense environment."
However, Peter Tomlinson, a government IT consultant who has been involved in the scheme, disagreed that the government had a clear idea about what it wanted from the technology involved.
"Never has there been any sign of technical specifications, and never has there been any detailed 'requirement' (as required by EU procurement rules, including the ones that they are now using) seen; at least not in the public domain, not in the Chatham House Rule meetings that I have been to over several years, and not in the early stages of the National Identity Scheme procurement programme [apart from biometrics]," wrote Tomlinson on Friday in the cryptography forum UK Crypto. "They just are not designing this scheme, but are expecting it to come together with the help of suppliers (who, this time, because of the Act, will be culpable if it goes wrong)."
A separate report, issued by the IPS last week, revealed that the cost of setting up the National Identity Scheme has risen by 37 percent.