Back to Meetings, agendas, and minutes

IS & Digital Development

Summary

Agency Board Report Number: SEPA 37/23

We have made significant progress creating technology infrastructure to support the work SEPA undertakes. There is still a considerable amount of work required to fully develop systems to support our regulatory areas. This paper outlines some of the key achievements and challenges surrounding our digital development to date.

Introduction

Communities at risk of flooding are often located in deprived areas. Strengthening the flood warning service will help ensure that communities and category 1 responders continue to receive adequate warning of flood events.The aim of this paper is to provide the Board with an understanding of our approach and progress around digital development since December 2020.

Background

After the cyber-attack in December 2020, SEPA followed three key stages in digital development:

• Respond and recover – securing our system against further loss or attack; data recovery; bringing back essential services such as flooding, AHERS, finance and communications.
• Create an operating environment for delivery of core services – procurement and implementation of MS365 as our primary operating system; purchase, configuration and rollout of laptops to all staff; rebuild servers; build a finance system; creation of interim systems to support SEPA core functions, for example tracking permits.
• Build better – we have bolstered our security infrastructure, incident response and back-up processes. We are building back resilient key systems including flood warning and permitting systems.

Our work programme for 2022/2023 was laid out in our Annual Operating Plan and was delivered via three programmes: Systems and Information, Regulatory Recovery and Rebuild and Flooding.

A comprehensive overview of the work carried out from the cyber-attack to the start of calendar year 2023 was prepared for the Scottish Government.

Key achievements

We have made significant progress in developing our technical capability and modernising our digital approach. We have:

• Adopted a cloud first approach, moving data and services onto the Azure Cloud and creating a framework that allows us to manage data and information in a cost- effective way. A number of key services have been moved onto the cloud, further work is planned this year.
• Upgraded our security and infrastructure; with a rolling programme of hardware replacement, improved connectivity and a new automated back-up process. Our enhanced security framework has achieved Cyber Essentials + accreditation.
• Developed new digital licencing systems; we quickly restored our digital licencing services and have developed a new platform on Microsoft Dynamics for registration under the deposit return scheme. This will serve as a key learning tool for developing digital services across regulation.

Issues

While the infrastructure work has progressed well and the fundamentals are in place, there is still a large amount to do, particularly in developing the end user regulatory systems that staff need to do their jobs effectively and providing access to our data. We have delivered a number of interim systems with basic functionality to let staff manage their work, for example a system to allow permitting to track applications, however these systems are not sophisticated nor integrated so are inefficient and are beginning to lead to frustration and impacting staff well-being.

Freeing up resource from operational units to shape and drive the development programmes remains a challenge. This resource pressure is compounded by the inefficiency of our interim and temporary solutions.

Providing in house IS support is increasingly difficult as we recover and build new systems whilst servicing and maintaining new and interim systems. Pre COVID and cyber our IS team would typically undertake business as usual maintenance and support the development of two or three projects per year. We now maintain a mixture of new and legacy systems and are involved in over 20 large projects.

Our new development projects are being taken forward using a blended approach of buying off the shelf solutions, configuring off the shelf solutions and developing new solutions with external contractors. New and legacy system maintenance is undertaken by internal resource.

The IS staffing market continues to be competitive. There continues to be a significant turnover of skilled staff within the department. CLT have recently approved a number of new roles and we are currently recruiting these.

Looking forward - opportunities

Our development work so far has highlighted that new systems have the potential to transform our business.

Our work programme for 2023/2024 is a key component of the One SEPA Modernisation programme. The key workstreams which have a strong digital component are Systems and Information Transformation and Future of Regulation programmes.

An overview of the Systems and Information Transformation Programme Board (SITPB) is available in appendix 1. This document is provided for further interest only, should you choose to make use of this material, figure 2 on page eight provides an overview of the work to be undertaken. The key objective of this programme is to make best use of the digital foundations that we have already put in place. It’s three objectives are:

• keep our systems are safe and secure,
• deliver IT capabilities which underpin how we work, and
• ensure our data and information are well managed and accessible to those who need it.

This programme has been considered in detail by CLT and the resources required to take this work forward have been made available and are currently being recruited.

The Future of Regulation Transformation Board is currently being finalised by CLT. Key elements of this programme are likely to include: consolidation of work to support the deposit return scheme, systems to support the implementation of the integrated authorisation framework (IAF), development of an end-to-end regulatory system, environmental performance appraisal, intelligence gathering and sharing systems, laboratory information system, customer portal and digital waste tracking. Resources for this programme are still being considered by CLT but a number of the workstreams such as IAF, intelligence systems and laboratory and information management systems are already resourced and underway.

Across our projects we are following the Scottish Government’s Digital First, design, delivery and assurance approach.

Recommendations

The Board is asked to note the work that has been achieved to date and that workstreams to drive forward the development of our systems are being actively progressed.

Systems and information transformation programme board overview

Purpose

The objective of the Systems and Information Transformation Programme Board (SITPB) is to deliver a digital transformation which will help SEPA achieve the targets set out in the AOP and the One SEPA Modernisation Programme. As part of the SEPA One Modernisation Programme, it will have close links with and provide the underpinning capabilities for our Future of Regulation, Flooding and Setting Future Strategies Programmes.

Figure 2 outlines the work planned for the current financial year. Each piece of work seeks to deliver one or more of our key objectives:

Keep our systems are safe and secure – As a modern regulator we rely heavily on our systems for communication, managing our information and managing our workflows. The S&ITPB will manage delivery of enhanced security monitoring, response and staff training to keep our essential systems safe and secure.

Deliver IT capabilities which underpin how we work – The AOP outlines how digital transformation will accelerate reforms in digital infrastructure to improve efficiency, accessibility and enable transformational outcomes for SEPA, service users and Scotland’s Environment. The S&ITPB will work across SEPA to develop modern systems which support the key objectives outlined in the AOP including (i) building organisational capacity and improved efficiency by automating and streamlining processes, (ii) supporting changes in how we regulate, for example through delivery of Integrated Authorisation Framework and (iii) building resilience in our essential flooding services. The board will drive an open data policy, making our environmental information and data easily accessible to those who need it.

Ensure our data and information are well managed and accessible to those who need it – The data SEPA generates and collates is key to understanding the state of Scotland’s environment and the duties and behaviours of those we regulate. Additionally, as a public sector organisation it is important to ensure the effective management, protection and accessibility of information, promoting transparency, accountability and informed decision making. The S&ITPB will build the governance and infrastructure required to store, manage and access our data and information. By providing easy, integrated access to data and information, we will support decision making and communication essential to protecting and improving Scotland’s environment. We will provide staff with the processes, guidance and training required to manage their information effectively.

Governance and delivery model

The Programme Board has responsibility for strategic oversight of the seven projects required to deliver the modernisation and digital transformation outlined in the AOP. This Board will remain strategic with the right infrastructure below it to enable delivery.

View Figure 1 - program board structure

The SITPB is accountable to the Corporate Leadership Team (this will change to One SEPA Modernisation once programme has been established) and will report to it directly via the Executive Director for Evidence and Flooding.

View Figure 2 - indicative systems and information transformation board workplan.