Letter from the Department of Internal Affairs

We have reproduced below the progress report to us from the Department of Internal Affairs. We have not carried out any auditing or other work to test the veracity of the information provided.

19 April 2023

Kate Williams
Performance Audit Lead
Office of the Auditor-General

Tēnā koe Kate

Follow up on Performance Audit of Infrastructure as a Service

Thank you for your letter dated 22 March 2023 to Paul James, Government Chief Digital Officer (GCDO), regarding the 2018 Performance Audit of Infrastructure as a Service. Your correspondence has been passed to me for response in my capacity as Deputy Government Chief Digital Officer.

The Office of the Auditor-General (OAG) made one formal recommendation following the Performance Audit. OAG recommended that the Government Chief Information Office (now the GCDO) work with public sector organisations to:

  1. agree a set of measures for all of its shared information and communications technology services, including Infrastructure as a Service; and
  2. use these measures to consistently monitor the effectiveness and efficiency of the services and report information about their benefits.

The following information details how Te Tari Taiwhenua - Department of Internal Affairs (DIA) has addressed OAG’s recommendation and considered the other opportunities for improvement OAG identified.

The 2018 Performance Audit noted that only around a quarter of organisations that could use Infrastructure as a Service (IaaS) were using it. This finding encouraged DIA to better target its engagement with government agencies. Since then, the number of agencies using IaaS has significantly increased, with 127 agencies currently using it.

DIA created a dedicated team to work closely with agencies to support their uptake of its wider All of Government Portfolio of digital products and commercial services (the Portfolio), which includes IaaS. In addition, DIA has continued to work with agencies and suppliers to help them lift their security postures and to approve changes to service catalogues for IaaS.

It should be noted that the lengthy timeframe required for increased uptake is partially a reflection of the lead time required by agencies to transition their ICT infrastructures. Most agencies typically only consider infrastructure changes when their IT hardware is at end of life.

Output measures have been developed to assess the overall performance of DIA’s Portfolio. These output measures were reviewed in 2022, and continue to be modified and evolved as required.

Since 2018, the ICT industry has continued to innovate, and the increased maturity of Cloud computing services has given agencies other options outside of IaaS. In response, DIA negotiated a series of Framework Agreements with Cloud providers to facilitate agencies access to Cloud services. These agreements were negotiated in parallel with a review of the Cloud First Policy.

Performance measures to monitor uptake of Cloud services via these agreements were also established. These output measures informed strategic reviews of IaaS in 2021 and 2022, which were supplemented with surveys of agencies and suppliers on the effectiveness and efficiency of IaaS.

A detailed design for the future of IaaS and the Cloud Framework Agreements is currently being developed. For IaaS, this design is intended to:

  1. Provide continuity for agencies and certainty for suppliers.
  2. Increase supplier diversity.
  3. Create modern and flexible contracts with an expanded range of services.
  4. Better align security assurance and certification.
  5. Provide consolidated access to All of Government ICT services.

I trust the information provided answers your query. Please let me know if you require any further information.

Ngā mihi,

Ann-Marie Cavanagh
Deputy Government Chief Digital Officer
Te Kōtui Whitiwhiti | Digital Public Service Branch