Non-confidential facts and advice to the Deputy Mayor for Policing and Crime (DMPC)
1. Introduction and background
1.1. The MPS has a “cloud first” strategy and use of Azure is a key strategic theme across the whole of Information Technology delivery and transformation, with the objective of cutting cost, improving efficiency, providing resilient services and reducing legacy.
1.2. A contract for Azure Management Services for the period May 2018 to May 2019 was awarded through G-Cloud.
1.3. This contract allowed for the development of a full-service managing agent for the MPS’ use of Azure services, and for the deployment and operation of a modest number of Azure components (250). It was anticipated from the outset that if adoption of Azure was successful further awards would follow.
1.4. In the event, adoption has been faster and stronger than expected, and a 50% uplift permitted under Regulation 72 was executed in September 2019.
1.5. A rapid increase in adoption following the 50% uplift now means it is not possible to service current foreseen demand through to the end of FY19/20. Currently available funding will be exhausted by end of January 2020.
1.6. Microsoft Azure is the MPS’ chosen cloud platform, intended to operate in a similar way to existing datacentres but without many of the inefficiencies and issues that have caused projects using traditional infrastructure to perform poorly. It is expected that through Azure the MPS will benefit from lower like-for-like costs, improved efficiency, more resilient services and a cost-effective means of reducing legacy.
1.7. The MPS has invested heavily and is already committed to the use of Azure. As previously described, this extends to applications critical to operations of both the business and in front-line policing.
2. Issues for consideration
2.1. Foregoing BAU charges for Azure would result in existing deployed workloads and the environments in which they operate no longer being monitored, supported and reported on and would require the MPS or one of its other suppliers to take over the administration associated with the MPS’ Azure subscriptions.
2.2. There is no practical alternative to the use of Azure, and hence Azure charges, outside of physically repatriating applications back into the pre-existing datacentres, which would be hugely disruptive, time-consuming, costly and in direct opposition to MPS strategy.
3. Financial Comments
3.1. The project revenue costs of £990k and the ongoing revenue costs of £760k are funded from MOPAC Approved Digital Policing Revenue Budgets
4. Legal Comments
4.1. The proposed procurement route is to directly award a call-off contract under the Crown Commercial Services G Cloud 11 Framework Agreement. The G Cloud Framework Agreement is a compliant route to market.
4.2. Paragraph 4.8 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve business cases for revenue or capital expenditure of £500,000 or above.
4.3. Paragraph 4.13 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve the procurement strategy for all revenue and capital contracts of a total value of £500,000 or above.
4.4. Paragraph 4.13 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to award MOPAC contracts with a total value of £500,000 or above.
5. Commercial Issues
5.1. This paper requests Initiation and award of a call off Contract, for Azure Management Services up to the value of £1.75m, via a down-select process through the Crown Commercial Services G-Cloud 11 framework.
5.2. Contract length will be for an initial period of 16 months. This timeframe will allow for the MPS to source further Azure Service Management Services through the Pegasus programme. At the current time Pegasus is not available to meet the needs of the MPS for Azure Management Services.
6. GDPR and Data Privacy
6.1. The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.
6.2. Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.
6.3. The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the supply of services meets its compliance requirements.
6.4. The supply of services does not use personally identifiable data of members of the public, so there are no current GDPR issues to be considered. Projects deployed within the scope of the services may at some later stage use personally identifiable data of members of the public, at which time DPIAs will be completed as needed.
7. Equality Comments
7.1. As this is the continuation of an existing service this work does not change any aspects relating to equality or diversity.
8. Background/supporting papers