Supporting the SIA on Major Digital Services Contract

Taking Over Support for STeP

In 2018, The Security Industry Authority (SIA) awarded a major digital services contract to Version 1, to take over support for STeP, the SIA’s online licensing system, in May 2019.  The SIA’s contract with BT, the original supplier of STeP, was coming to an end on 26 May 2019. The tender for a replacement supplier was sent out to eligible providers using a Crown Commercial Service framework on 14 June 2018.  The new service conforms to UK Government and Home Office IT strategies.

Client Profile
Security Industry Authority
Established:
2003
Client Since:
2018
Employees:
250+
Industry:
Non-Departmental Public Body

SIA: Customer Background

The Security Industry Authority is responsible for regulating the private security industry in the United Kingdom.  It licenses individuals undertaking designated activities within the private security industry, and manages the voluntary Approved Contractor Scheme, which measures private security suppliers against independently assessed standards.

It is crucial for the SIA that we provide a dependable, consistent, and high-calibre service to the private security industry. We were impressed by the quality and competitive value offered by Version 1, and by their understanding of our business and our requirements.
- John Neil, Security Industry Authority

The Customer’s Challenges and Concerns

There were several primary challenges and risks that were identified by the SIA based on a previous migration experience and by Version 1’s own experience across many previous projects such as this. Version 1 was responsible for overcoming these challenges and mitigating risks and concerns that the customer raised.

These were as follows:

• Data migration and data integrity: (over 228 million records are within the STeP solution).

• Blob-based storage of documents was also part of the solution: Azure Blob storage stores massive amounts of unstructured object data, such as text or binary data.

• 3rd party management and integration; over fifteen 3rd parties interact with the STeP application (four of which are real-time).

• Disruption to the day to day operations for both the SIA staff and the public users of the application would have to be kept to an absolute minimum.

• The new service needed to conform to UK Government and Home Office IT strategies and the solution needed to be fully Home Office accredited before going live.

• The timeframe for delivery was extremely tight based on contractual obligations with the incumbent supplier.

• No changes or improvements to the application could be accommodated during the migration, including any updates to then out-of-support components.

Like for Like Solution Rebuild

Version 1 proposed a Microsoft Azure-based solution.  The solution would be re-built like for like in Azure.  The project comprised of 7 primary stages.

1. Analysis of Solution and Current Environment

2. Azure Network, VM And Storage Design

3. Migration of Application Code and Re-Build of Application

4. Migration of Application Data (Structured and Un-Structured)

5. Application and 3rd Party Integration Testing

6. Home Office Security Accreditation

7. Service Transition

The project wasn’t without its challenges, but challenges are made to be overcome, and it is a tremendous tribute to the Version 1 team members that all the obstacles were overcome without disrupting the SIA’s operations – and without ever descending into acrimony. Today we are commending the teams’ efforts, notably, the attention to detail throughout the project and the relationships built with SIA stakeholders.
- John Neil, Security Industry Authority

Major Milestones Achieved

With the new service successfully going live in September of 2019, the SIA and Version 1 hosted a lunchtime session to mark this key milestone in this major digital services contract. On the 7th of November 2019, at this gathering of Version 1 senior management, Version 1 consultants working on the major digital service, and SIA representatives, the Security Industry Authority commended Version 1 for the successful go-live and Version 1’s commitment to minimising risk while working on this project, which was a crucial requirement for the regulatory body.

This project with the SIA began in late November 2018 and completed in September 2019; this was in line with the existing contract for hosting services. The Design stage consisted of 1 month, followed by 3 months in Build (including time for an initial pen test so Version 1 was able to proceed with an Azure AD sync).

The SIA requested rigorous quality assurance and testing activities throughout the project. Detailed milestone acceptance criteria were agreed during the early stages allowing the SIA to give assurance to senior stakeholders and the Home Office that the solution was fit for purpose and that any risks identified were proven to be mitigated. A rigorous Test phase took place over 4 months from the start including the test strategy, test plans, scripts, environment setup, and execution. The Test stage had several phases: System, System Integration, Data Validation and UAT.

Version 1 worked closely with the SIA and its partners to achieve successful delivery of all project objectives. Following the validation of the migration tools by the customer, the data migration activity itself took place within a month, concluding the full project from initiation to migration within 8 months.

Additionally, a backlog of future improvements was identified to allow priority application changes to be implemented quickly once the migration was complete and planning has begun on application architectural transformation.

Real Differences, Delivered

Version 1 successfully migrated 220 million files (11TB) during this 8-month project, in addition to 2TB of SQL databases, with no disruption to day to day operations.

The new platform now enables the SIA to:

– Leverage the modern Cloud capabilities to optimise hosting costs.
– Take advantage of AI and Machine Learning more easily.
– Build next-generation services quickly for both the public, security professionals, businesses and other public bodies.