We hear so much about government procurement problems but it is good to hear about a success story.
Security Compliance
Any public sector organisation must ensure they are dealing with established suppliers. In IT procurement, that means security and reliability – both in terms of back ups and support and also general commercial robustness.
In other words, “no numpties”. Here is the problem. They are so expensive for the supplier to fill in and for the government security manager (if your departent can afford one) to assess. The result is patchy application of security audits. Perfection truly has become the enemy of progress! Competent, qualified Cyber security professionals are in demand.
What can a public sector organisation do?
Wokingham Borough Council did not send AXLR8 the usual long supplier security questionnaire this year. They sent us to RiskLedger.com.
How RiskLedger works
RiskLedger provide a centralised service for all government and other large organisations to check out supplier compliance with information security and governance. This takes a while for a supplier to complete but it beats having to fill out a form for every client you have! The cost of re-inventing the wheel at every government department is a time vampire for the rare and expensive beasts that manage information security. This goes for the creation of the questionnaire and assessment of the supplier responses as well as the duplicated time spent by an expensive manager at the supplier.
So, I am so pleased this duplication of effort by high value managers can be reduced. It removes a huge cost for the public sector and the commercial partners who service it.
AI use case
It is early days but the AI that takes an uploaded recent security completed questionnaire and attempts to fill in some of your anwers from it is a brilliant idea! Only a handful of AXLR8’s responses to Argyll & Bute Council’s security questionnaire were recognised. We spent many months working on it diligently with them. They were placed in roughly the right response boxes in RiskLedger.
However, it will improve.
There is so much potential.
Potential
In spite of teething troubles a few months ago, the support and responsiveness from RiskLedger has been great. We are happy to recommend them and hope they are more widely taken up. Neither I nor AXLR8 have anything to gain by these statements. If anything, we are jealous and we wish we had come up with the idea!
On a recent trip round Scottish clients in the summer a security manager at a large health board mentioned a similar Scottish system called Supply25. We will back that as well. “Duplication!” I hear from the glass half empty lot.
Well, some would say it creates a healthy redundancy in case one fails or gets too comfortable. A little competition will bring out the best in both teams. There is another one called Joscar for defence but it is not fashionable to cite MoD procurement as an example of best practice? I assume there is something in the GCloud questionnaires we are ploughing through.
All round winner
It is a win for suppliers, public sector security managers and the tax payer.
Please take a look. https://app.RiskLedger.com
