Supplementary written evidence submitted
by Hewlett Packard (HP)|
On 23 March, Craig Wilson and Howard Hughes from
Hewlett Packard gave evidence to the Public Administration Select
Committee's inquiry into the Effective use of IT.
During the course of this session a number of requests
were made by members of the committee for further information.
This document provides notes in response to these questions as
a supplement to both the verbal evidence given by HP and the written
submission made in January 2011.
2. COST OF
In questioning HP, Mr Bernard Jenkin mentioned a
recent report by the Network for the Post-Bureaucratic Age which
suggested that unit costs in central Government were typically
higher than in local Government. He asked HP for its view on why
a workstation in local Government costs only half what it costs
in Central Government, and whose fault this might be.
2.1 Basic Purchase Costs
HP can confirm that it would not expect to see any
significant variance in the basic price paid by local government
and central government organisations for a device of the same
specification. Indeed an analysis of the typical costs involved
in provision by HP of the core desktop product reveals only minor
difference between supply to central and local Government clients,
with the lower price being paid by central Government.
For example, under two supply arrangements we have examined for
the provision of the same model of PC of a broadly similar specification,
the device is sold into the supply chain by HP at £356 to
central government and £372 to local government. The differences
between these prices are a reflection of some minor differences
in specification and different volumes purchased under each arrangement.
2.2 The Network for the Post-Bureaucratic
Our understanding is that the report cited by Mr
Jenkin is "Better for less: How to make Government IT deliver
savings", published in September 2010.
We note that the comparison drawn in this report
is between the costs achieved by a single local council (the Royal
Borough of Windsor and Maidenhead, which states that its cost
per device is £345 per annum as noted in an internal council
document) and a range of central government departments where
the cost per device ranges from £800 to £1,600 per annum.
The report goes on to say that this second set of figures is "not
publicly available but was calculated after analysis of a number
of let contracts and we have been re-assured by reputable, senior
government sources as to its accuracy."
Whilst a cost of £345 per year is a good baseline
for a local authority, it is not possible from comparison of a
single well performing local council and a range
of un-named central Government departments to conclude that any
variance is completely unjustified. Any objective comparison must
address the question of whether the requirements or contractual
terms are the same in each case (in the examples above, they are
almost certainly not).
In practice, there may be a number of reasons why
the price might vary between different organisations. The price
of a "managed workstation" will typically be made up
of a number of components, including the basic purchase cost of
the device itself, charges associated with configuring it to meet
a given organisation's needs (including additional software or
facilities required to meet security requirements), plus charges
associated with provision of shared facilities such as email services
and ongoing support (eg helpdesk services and IMACsInstall,
Move, Add, Change). The nature of these charges vary significantly
between different contracts, depending on the type of work undertaken
by the users of the workstations and the specifications demanded
by the commissioning organisation.
2.3 Security Requirements
The "Better for Less" report states that
"the difference in cost cannot be explained by additional
security requirements in central government". It then goes
on to suggest that much of the current security practice is in
effect unwarranted, specifically that the rules set out by the
Government's own computer security experts, CESG. It suggests
that "Security has become a smokescreen behind which Whitehall
and the Communications Electronics Security Group hide a multitude
of objectives, groundless policy decisions or poor system implementations".
It concludes that "For systems operating at 'CONFIDENTIAL'
or belowwhich covers the vast majority of government ITcommercial
security techniques and tools can offer effective information
assurance without the unacceptable overheads."
The report in effect draws two connected but different
conclusions on this topicfirstly that the security requirements
which are currently enforced when supplying desktop services to
central government drive significant additional cost, and second,
that many of these requirements are unwarranted.
Firstly the question that security drives additional
cost. This is undoubtedly true. The principles of IT security
as they apply to the UK Public Sector are defined in the Cabinet
Office's Security Policy Framework (SPF). The SPF defines "mandatory
security policy requirements that all departments and agencies
must meet". It then goes on to set out that it should be
"extended, where necessary, to any organisations working
on behalf of, or handling HMG assets, such as Non-Departmental
Public Bodies, contractors, emergency services, devolved administrations,
Local Authorities". Compliance with the SPF for example,
may require that software used must have been verified and approved
by CESG, they may demand the use of "two-factor" security
controls (eg using both a password and a physical token such as
a smart card), they may lead to a requirement for additional security
networking hardware to isolate systems from the Internet or other
organisational networks, they may proscribe that certain controls
are placed over support staff who have access to the system (eg
they may require clearance). They will almost certainly require
that any system designs are subject to a complex accreditation
HP's experience is that whilst central Government
departments do comply with these mandatory policies, adherence
within Local Government organisations is somewhat less consistent.
This can be justified in part by the fact that the threat profiles
to the two types of organisation are very different and in some
cases that the sort of information systems they operate and data
they hold are differentdemanding less stringent controls.
Nevertheless, because of the different security practices adopted,
there are requirements which do appear when providing desktop
services to Central Government organisations which drive additional
cost when compared with those which occur in Local Governmentand
hence contribute to a price differential between the two types
Second, the question of whether the additional controls
are unwarranted. This is a somewhat more controversial statement.
It is true that the security requirements placed by Central Government
departments are at a level beyond that encountered in many (but
by no means all) commercial organisations. However, the nature
of Government organisations does unquestionably make them a more
attractive target for those (whether domestic or foreign) with
malicious intent. It is also the case that Government organisations
tend to hold data which, by its nature is more sensitiveregarding
people's health, financial status, criminal records and so on.
Finally, whilst in general citizens have a choice of private sector
provider (and could change provider if they were not happy with
the security provisions made by them), they generally have no
real choice of Government, and as a result, it can be argued that
Government owes a greater duty of care to protect the information
There may be a case that significant quantities of
the data held by Government organisations tend to be Protectively
Marked at higher levels than it truly requires (and hence could
be held on systems with less stringent security requirements).
However, HP is also under no doubt that that the threats faced
by Government information systems are increasingly complex, occur
with increasing frequency, and that the repercussions, as more
public services rely on IT, are increasingly serious.
Ultimately HP believes that one of the responsibilities
of Government organisations in acting as an intelligent client
(both collectively and as individual departments) is to develop
an informed view of the threats that might face them, and the
level of protection required in their IT systems that they believe
those threats warrant. They then have a responsibility to ensure
that the suppliers from whom they purchase products and services
are complying with these requirements.
2.4 Variance in other contractual terms
One final potential factor which should not be overlooked
when comparing the costs of different desktop services is variance
in the prevailing commercial terms and conditions which apply.
Many of HP's contracts with Government have, in the past, contained
very different terms and pricing models for the provision of desktop
services. For example, one contract may cover just the provision
of the desktop, software and a support service, with the associated
network being the subject of a separate contract with another
supplier. Another department may have a contract which bundles
the networking costs with workstation provision.
Similarly, it is not unusual to find, particularly
in older contracts, that what may appear as a "per workstation"
charge is also used to recover the costs associated with the provision
of other services. These can include bespoke business application
systems, document management or collaboration software, printers
or even fixed line or mobile telephones. Given that the "Better
for less" report states that the data on central government
desktop prices was "not publicly available but was calculated
after analysis of a number of let contracts" it is difficult
to provide an objective view on the extent to which this type
of commercial construct might contribute to the variance. However,
we would acknowledge that gathering data about IT spend and comparing
like with like in this field is not straightforward, as has been
pointed out, both by the Minister for the Cabinet Office in his
evidence to the committee, and by others who have examined the
issue, such as Dr Martin Read, who undertook the Operational Efficiency
Review into Government ICT for the previous Government.
2.5 Conclusion on workstation pricing
HP would agree that there is often much redundant
customisation in the provision of workstation services to the
public sector, and that purchasing decisions have not always been
made in a way which properly leverages the Government's purchasing
power. HP's experience is that economies of scale continue to
be gained by pooling the provision of workstation services at
levels up to between 30,000 and 50,000 seats, depending on the
complexity of the underlying infrastructure and the extent to
which the user populations are distributed.
Buying such services on behalf of individual organisations
with considerably fewer seats than this cannot reasonably be described
as cost efficient. Similarly, buying on behalf of individual business
units who themselves have requirements for smaller numbers of
devices despite forming part of a larger organisation (as has
historically often been the case, particularly in smaller departments
with multiple NDPBs or agencies) is a practice which cannot be
justified in terms of improved value for money. The Government
could take steps to improve the cost-efficiency in the procurement
of managed workstation services by pooling the purchasing power
of smaller departments through more proactive use of framework
contracts such as "Desktop/21". HP is one of three suppliers
present on this framework, which has set price points available
to any public sector organisation, which are closer to those at
the bottom end of the comparison in the "Better for Less"
report, despite being designed to meet the security requirements
of Central Government organisations.
3. HP'S USE
During HP's evidence to the committee, Mr Robert
Halfon asked whether a note could be provided on how much work
HP does with Open Source.
3.1 HP's commitment to Open Source
HP has a longstanding and wide-ranging commitment
to the use of Open Source technologies, as illustrated by the
is the world's leading supplier of Linux-based server hardware
and has been for eleven years.
has developed software management tools to allow customers to
integrate Linux platforms alongside systems running on proprietary
employs thousands of developers working on Open Source software
and is an active sponsor of key organisations and events in the
Open Source community. HP has donated its own Intellectual Property
to help Open Source initiatives get off the ground.
is the only major printer company to have made all of its Printer
Drivers (more than 1,900) fully Open Source.
is leading global efforts to develop Common Operating Environments
(COEs) for Linux, and to develop what's known as "Carrier
Grade" Linux, suitable for use in the Telecoms industry.
is successfully delivering Open Source solutions for Governments
elsewhere in the world. We deploy Linux-based solutions for the
US Government, and have undertaken a programme to migrate the
Brazilian Navy's HR, Payroll and Accounting Systems off a Mainframe
onto an Open Source platform running Oracle.
3.2 HP's use of Open Source in its UK Government
In most of our Government contracts, it is the Departments
themselves who maintain responsibility for technology strategy
and selecting the principal software products that they wish to
deploy in their businesses. HP is actively working with its Government
clients to exploit Open Source products where appropriate, and
indeed Open Source software is already used extensively by HP
across its central Government accounts in the UK.
It is however not practicable to provide a breakdown
of the commercial value of this work. Open Source software is
almost never used in isolation from commercial products, and the
costs associated with implementing the "Open Source"
components of a given project are therefore impossible to separate
from those associated with implementing the proprietary parts.
Nevertheless, we are able to provide an indication of the typical
Open Source products and tools in use across our key Government
contracts, to indicate the purpose to which they are put and the
business areas in which some of them are used.
3.3 Incentives for HP to promote Open Source
During the session, Mr Halfon also suggested that
it was in HP's interest to discourage Open Source as a mechanism
for ensuring clients are tied in to HP's own software. We feel
it important to put on record that we do not accept that premise,
for two principal reasons:
Firstly whilst it is true that HP does have a software
business, the majority of the proprietary software deployed in
the course of our government outsourcing contracts is provided
by other vendors and simply resold by HP at very low margin or
bought directly by our government clients. Where it is resold,
the act of including significant revenue from software sales at
low margin in an HP contract only serves to dilute the overall
profit margin which HP makes, and would typically be something
that the company would seek to avoid. There is therefore no financial
incentive in HP's services contracts to promote proprietary software
products where Open Source equivalents would lead to improved
value for money to our public sector clients.
Second, whilst Open Source software typically has
a lower acquisition price when compared with the equivalent proprietary
software, it typically demands greater effort to integrate the
various components to meet a given business requirement. In this
regard therefore, HP's interests could be regarded as being better
served by the promotion of Open Source, as its use would lead
to greater demand for services to effect a successful implementation.
In practice however, HP's experience is that on any
given project, the overall difference in costs between a proprietary
and Open Source solution are marginalthe additional costs
for proprietary software being offset by the additional cost of
integration effort for Open Source solutions. As HP's Craig Wilson
stated in our verbal evidence, the overall picture is mixed, with
some requirements better suited to Open Source, and others to
proprietary software. Where the difference is marginal, our view
would be that the decision about which route to adopt should be
taken on the basis of risk. As the Committee will recognise, projects
which involve the development of a lot of custom-written integration
software are not usually compatible with the lowest risk.
4. THE ROLE
Mr de Bois questioned HP regarding the proportion
of its Government revenue which is subcontracted to SMEs and the
processes by which SME subcontractors are engaged.
4.1 Proportion of Government revenues subcontracted
HP's Craig Wilson stated in his evidence that more
than 30% of HP's government revenue is subcontracted to partners
of all sizes and offered a follow-up note confirming the value
of work which is subcontracted to SMEs.
HMRC's definition of a Small or Medium Enterprise
(SME) is a company with fewer than 500 employees, turnover of
not more than 100 million Euros and a balance sheet of not more
than 86 million Euros.
Based on this definition we have been able to identify
394 SME subcontractors which were used in the delivery of our
UK Government business during the HP financial year ending 31
October 2010. During this year, £110 million of work was
subcontracted to these SMEs in the discharge of our UK Government
4.2 HP's work with SMEs
HP believes that SMEs have an important and increasing
role to play in the delivery of IT services to Government. Globally
HP works with around 160,000 different SME partners. In the UK,
HP works with SMEs in many areas of its business. More than half
of HP's hardware sales, for example, go through an 8,000 strong
SME network. This distribution channel accounts for over 16,000
SME jobs in the UK.
HP recognises the benefits of working with SMEs in
terms of the speed, agility and innovation they offer. Our business
is heavily dependent on our partnerships with SMEs both in delivering
our products to market and in fulfilling our public and private
4.3 Becoming an SME partner of HP
HP is keen to engage with SMEs and actively seeks
opportunities to work with them. We try to avoid creating barriers
to SMEs working with us and believe that in many cases it is more
practical for SMEs to engage in the delivery of public sector
contracts as subcontractors to HP than by contracting directly
Prime contractors can provide a contractual and commercial
gateway for SMEs and third sector organisations that allow them
to work with bigger Government departments without going through
the formal procurement process, which can be a costly, time-consuming
and, for smaller companies, risky activity. In seeking to work
with SMEs, prime contractors can adopt accelerated tendering processes
that owe more to the procurement mechanisms found in commercial
contracts than usual government ones. SMEs can further benefit
from working as a subcontractor to HP in delivering government
work because typically, when subcontracting to SMEs, we would
not seek to flow down all the more onerous requirements of public
sector contract terms to our suppliers.
4.3.1 HP's Developer and Solution Partner Programme
To provide a mechanism for SMEs to work with HP,
we run a programme called the Developer and Solution Partner Programme
(DSPP). The DSPP is designed for Independent Software Vendors
(ISVs), System Integrators (SIs), developers and consultants.
It is intended to help small organisations sell to HP customers
by working in partnership with HP account teams. 570 firms are
currently part of the DSSP.
The Programme provides partners with resources to
support them throughout all stages of solutioning, planning, development,
marketing, selling and customer support. By working with HP, DSPP
members benefit from access to information, resources and assistance
designed to accelerate time to market, shorten sales cycles and
improve customer loyalty.
The Programme is free for companies to join. HP DSPP
representatives offer assistance with programme services, queries,
helping partners obtain the required resources and streamlining
the marketing process. Members of the programme are eligible for
HP product discounting and have access to software downloads and
development kits. HP DSPP also offers information and programmes
geared to help partners find new ways to cultivate business and
opportunities, as well as providing access to benefits in the
areas of awareness creation, demand generation, sales support,
tools and business information.
4.3.2 Recruitment campaigns
HP has, in relation to certain large public sector
contracts, undertaken specific publicity campaigns directed at
the SME community to attract their involvement in delivery. For
example, in 2004 HP ran an awareness raising programme targeted
at SMEs to encourage them to become partners in the delivery of
the Defence Information Infrastructure programme. This included
holding a conference, with workshops on the five key work areas
where SME support was being sought. It was attended by 66 different
companies and the feedback received was extremely positive. This
campaign contributed to identifying some of the 100 or so SMEs
that today help HP to deliver the Defence Information Infrastructure
4.3.3 Supplier diversity
HP is keen to ensure that it is as open as possible
in terms of working with SMEs, including a diverse range of suppliers.
HP has a long history of encouraging SMEs to work with usour
first small business programme was established in the US in 1958.
Since the late 1960s there has been a strong focus on ensuring
that under represented businesses have equal opportunities to
work with HP.
A formal Supplier Diversity Programme was established
in the UK in 2004. HP works with Minority Supplier Development
UK and WEConnect, an NGO that increases opportunities for women-owned
enterprises to compete, to encourage businesses that might not
readily approach HP to consider working with us.
4.3.4 Payment terms
In 2010 HP signed an agreement with the Cabinet Office
to pass on 30 day payments to subcontractors. This is to ensure
that the benefits of swift payment are passed through the supply
chain to the supplier base that most require them.
4.4 Increasing the involvement of SMEs in
the public sector supply chain
Many major public sector contracts in the UK already
place requirements on prime contractors to involve SME suppliers
in delivery where possible. In many other countries where HP operates
this requirement is more closely defined and the involvement of
SME suppliers is a key criterion in the selection of prime contractors.
In some countries, including Australia and the US, quotas for
the involvement of SMEs in delivery are a common requirement in
major contracts. HP would be supportive of measures to require
the greater involvement of SMEs in the delivery of public sector
contracts in the UK.
5. VME MIGRATION
In discussion regarding the use of SMEs in Government
contracts, Mr Jenkin discussed the DWP's ongoing reliance on the
VME operating system, and suggested that it might be worth considering
getting "a dozen or two dozen SMEs to brainstorm how to convert
the data into a modern operating system".
HP has an interest in reducing the dependence that
its customers have on aged proprietary operating systems like
VME. Over several years we have worked with a variety of SMEs
to look in detail at potential strategies for moving DWP benefit
systems off VME. However, the business case for such a change
is far from clear for the Department as dependency on VME is declining
as new systems come on stream.
Whilst HP acknowledges that there are SMEs who may
be able to suggest innovative solutions to similar problems, we
believe that this specific suggestion fails to comprehend quite
how the DWP's reliance on VME arose and why moving away from the
platform has seemingly presented such problems. In summary, it
is not a technical problem per-se, or merely a question of converting
the data to a modern system, but rather a question of balancing
the scale of both technical and business change required to effect
the change against the benefits that might arise from doing so.
The VME-based range of legacy benefit systems that
are still in use today was produced as a result of the "Operational
Strategy" Programme, started in the early 1980s by the Department
for Health and Social Security. These systems were built to automate
the manual processes of the previous benefit delivery departments
within Government. Essentially, the approach adopted for the Operational
Strategy Programme was to create a single system for each individual
benefit. However, in order to deliver the best value for money,
the various benefit systems shared IT components and infrastructure;
additionally, there were many business and data interfaces due
to the interactions between the various benefitsfor example,
entitlement to one benefit raising income levels and hence impacting
entitlement to other benefits, and so on. This led to a highly
integrated set of business and IT systems for benefit processing
that were optimised to maximise the efficiency of case workers
within the then, benefit-focussed, or "Product Centric",
Over the last few years, the problems resulting from
a "Product Centric" model have been the focus of a number
of Government reports and this has led to the modern view that
benefit systems should be focussed on the claimant ie be "Customer
Centric"this requires a set of delivery systems that
look across all the benefits delivered to an individual. Consequently,
this requires a set of business systems whose flow is at "right
angles" to the structure of the current legacy systems. This
issue and legacy systems' lack of easy adaptability to the more
efficient, new communication channels (ie telephony and intranet),
have resulted in the need to modernise the existing VME-based
5.2 The Modernisation Challenge
Since the 1990s many different companies and experts
on legacy system transformation have looked at how DWP's VME-based
legacy systems might be modernised. As a result, a number of approaches
to modernisation have already been attempted and/or considered,
including replacement of the legacy infrastructure, the use of
Commercial, "off the shelf" (COTS) products and the
creation of "Presentation Layers" or Front Ends to "mask"
the legacy systems.
The key problem with migrating to more modern technologies
however is not the absence of an appropriate contemporary IT solution,
but rather that because of the highly integrated nature of the
legacy benefit systems, converting any single benefit to
a new model requires that all the business and data interfaces
need to be rebuilt and/or replaced at the same time. As a result
the proposition of migrating to a new system is, for one benefit,
very costly. This, coupled with the risks associated with this
change and the ever-present need to successfully implement a policy
on the agreed date, has always hampered efforts to implement effective
modernisation of the legacy systems on a piecemeal basis.
Where only one benefit is being changed, a combination
of the adaption and re-use of a similar VME-based application,
along with a modernised front-end system (optimised for use with
that particular legacy benefit) are the only examples that exist
in DWP for successful "modernisation". It is questionable
as to whether this is "true" modernisation, as the underlying
benefit system is still "Product Centric" and operating
on the VME platform.
5.3 Successful Modernisation and Universal
The complete modernisation of any benefit requires
that all related benefit systems (or at least the majority) are
replaced and modernised at the same time. The only other approach
is to rewrite all the links (interfaces) between the benefit system
being modernised and the legacy systems with which it is interfaced.
This would be expensive and not reusable as these same interfaces
would need to be rewritten again when the next benefit system
HP believes that the current policy of introducing
Universal Credit offers a realistic modernisation opportunity
as for the first time, it represents a programme of change that
will replace all the major Working Age benefits simultaneously,
and is therefore of sufficient scale that the risk and cost of
updating the infrastructure is smaller (both relatively and absolutely)
due to fewer interfaces being required (through amalgamating benefits).
Public and private sector project performance
Mr Jenkin questioned HP regarding the relative performance
of projects delivered for public and private sector clients. Craig
Wilson stated that data collected by HP indicated there was no
evidence of a worse overall performance in public sector contracts
relative to the private sector, and offered a follow-up note.
5.4 How HP monitors project performance
HP has a number of internal tools for collecting
and monitoring the performance of projects that it conducts for
its clients. These tools collect two key indicatorsthe
CPI (Cost Performance Index) and SPI (Schedule Performance Index)which
are objective measures comparing actual project time and cost
versus budgeted time and cost. An SPI score of 1.0 means that
a project is on schedule. A score of less than 1 means the project
is behind schedule, more than 1 means that the project is ahead
of schedule. Similarly for the Cost Performance Index, a CPI score
of 1.0 equates to a project being on budget, a score of less than
1 indicates that the project is spending more than planned, and
a score of more than 1 indicates that the project is spending
less than planned.
5.5 Comparison of Outcomes
For the purposes of this note, we have analysed project
CPI and SPI data for a total of 736 project reports spanning the
last two years intervals for our UK Clients. Of these projects,
42% are for Government clients, 58% for private sector clients.
5.5.1 Performance to Schedule (SPI)
Plotting the number of projects (as a % of the total)
at each SPI value for each of the Government (solid/blue line)
and non-Government (dotted/red line) groups gives the following
It can be seen that whilst the distribution for non-Government
projects is more tightly packed around a score of 1.0 (on Schedule)
than for Government projects, the difference is marginal at worst.
Although there is a slight "shoulder" on the "behind
schedule" side (0.9 to 1.0) for Government projects, there
is a similar (albeit smaller) "shoulder" on the "ahead
of schedule" side (1.0 to 1.1). Both distributions (Government
and non-Government) flatten out very quickly, with only a very
small distribution of projects in the very bad (<0.85) or very
good (>1.15) areas in each case.
5.5.2 Performance to Budget (CPI)
Plotting the number of projects (as a % of the total)
at each CPI value for each of the Government (solid/blue line)
and non-Government (dotted/red line) groups gives the following
Similarly to the SPI data, whilst the non-Government
projects (dotted/red line) show a tighter distribution around
a CPI score of 1.0 (ie on budget) than the Government projects,
the difference is once again, marginal. The variance in performance
(eg the width of the distribution) overall is wider than SPI,
but, in contrast to the SPI, the "shoulder" on the ahead-of-cost
side of the curve is larger than the "behind" (<1.0)
side for Government projects.
In other words, the data suggests that, in comparison
to non-Government projects, whilst Government projects are marginally
more likely to be a little behind schedule, they are also marginally
more likely to be under budget.
5.6 Conclusions from this data
Clearly, this data is solely for HP's project performance
during the last two years. We are however confident that it supports
our assertion that there is not a significant difference between
the performance of Government and non-Government projects during
Based on real data, it can be seen that over the
last two years, it is very likely that a Government project will
come in between 30% under and 10% over on cost; and between 10%
ahead and 10% behind on schedule. Similar figures for non-Government
would be 20% under and 10% over on cost; and 2% ahead and 10%
behind on schedule.