CybersecurityRead This

UK security vetting delays mount, as IT system faces “regular outages”

One third of “Developed Vetting” (DV) security clearances now take over 180 days to process – frustrating critical government hiring for sensitive roles, the National Audit Office (NAO) has warned in a new report.

One contractor told The Stack that they had been waiting over 10 months for a clearance.

NAO said that the UK Security Vetting (UKSV) organisation is being held back by reliance on legacy IT which “is old and unstable, with regular outages that slow down and stop the clearance process for extended periods”.

UKSV provides Counter Terrorist Checks (CTC), Security Checks (SC) and Developed Vetting (DV); handling approximately 164,700 CTC and SC and 17,900 DV clearances annually. The organisation was previously part of MOD, in April 2020 it moved to the Cabinet Office, where it is part of the Government Security Group.

Can new Atos CEO Nourdine Bihmane fix the troubled outsourcer?

A £19 million vetting transformation programme “ended in failure” and was abandoned in 2021 after going £9 million over budget without anyone noticing that it had done so without approval, the report said.

The figures, revealed in an investigation published on January 18, comes as GCHQ (among the organisations requiring DV clearances) managed to recruit just 397 staff against a target of 859 in its last reported year. 

“National security vetting is of vital importance to the effective functioning of government. If… clearances are not processed quickly then government departments risk being unable to progress work relating to national security” NAO said — urging the Cabinet Office to “recognise the importance of modernising the national security vetting process and work quickly to design an implementation plan with key milestones in place.”

security vetting delays, UKSV, developed vetting, audit
The proportion of DV clearances that are taking more than 180 days to clear has increased from less than 4% in 2019-20
to 30% in 2022-23. Credit: National Audit Office, January 2023.

A “Future Vetting System” (FVS) programme was due to complete in February 2020 before being written off. 

UKSV as a result is “still using the old National Security Vetting System (NSVS) that it wanted to abandon in 2018 because it lacks capacity, is slow and requires many manual workarounds” auditors said this week. 

NAO’s investigation into its performance comes as restless departments continue to chafe at how long security vetting takes. In April 2022 just 7% of Developed Vetting clearances were made within “UK Security Vetting”’s (UKSV’s) 95-day target. UKSV also managed to handle just 15% of CTC/SC clearances within a target of 25 days in September 2022, introducing further hiring friction to government departments at a time during which the IR35 tax legislation targeting personal services companies has also deepened public sector hiring challenges.

Security vetting delays: UKSV too reliant on contractors

NAO said that UKSV “still has a heavy reliance on IT contractors despite deciding to move to a largely in-house approach after the failure of the previous attempt to reform the IT system. Its current resource modelling shows it has a shortfall of 68 FTEs for digital roles,” but earlier transformation failures have clearly left the Cabinet Office wary of committing more spend without a more robust business case and improved assurances.

The NAO report into security vetting delays shows that in September 2021 a full business case for £71.6 million over three years to “complete delivery of a transformed national security vetting operation” was made — the government awarded UKSV interim funding of just £3.4 million in response” and rejected a subsequent proposal outright, with subsequent reviews of the UKSV proposal suggesting that the IT architecture for it is not fully documented and that it reflects “limited alignment with government digital service standards

This reluctance to approve spending “reflects its [Cabinet Office’s] concerns over the clarity of the end vision for the programme, how UKSV intends to achieve it, or the tangible benefits reform will bring” NAO said.

“Three reviews of the Vetting Transformation programme in 2022 have also raised serious concerns around the deliverability of the programme, including clarity around the end state vision and target operating model, UKSV’s governance structure and financial constraints. The three reports made 121 recommendations covering all areas of programme management. UKSV has logged all these recommendations and is seeking to implement them, with 44% closed off by December 2022” — customers meanwhile will presumably just need to be patient.

Are you following The Stack on LinkedIn?

Tags

Ed Targett

Ed Targett is the founder of The Stack. He previously served as editor of Tech Monitor, Computer Business Review, and Roubini Global Economics. He has 15 years of experience in newsrooms and consultancies and an unrivalled network. His interests span technology, foreign policy, and sustainability. You can reach him on [email protected]

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Close
Close