Management of MPS Cloud Services to May 2021

Reference code: 
PCD 683
Date signed: 
18 December 2019
Authorisation name: 
Sophie Linden, Deputy Mayor, Policing and Crime

Executive summary

The MPS has invested in and developed its use of Microsoft Azure as a strategic alternative and supplement to traditional physical datacentres.  An initial programme to place MPS applications into Azure to assess its suitability and efficacy has been successful, to the extent that the initial funding ceiling for associated outsourced services has now been reached.  The MPS’ continued managed use of and deployment to Azure requires further funding.

The MPS is seeking the initiation and award of a call off Contract, for Azure Management Services up to the value of £1.75m, via a down-select process through the Crown Commercial Services G-Cloud 11 framework. The G-Cloud down select process is a standard way of procuring commoditised cloud services and complies with Public Contract Regulations 2015.
 

Recommendation

The Deputy Mayor for Policing and Crime is recommended to: 

a)    Approve spend of £760,000 for the continued management of Microsoft Azure cloud services for the period February 2020 to May 2021. 

b)    Approve spend of £990,000 of Project Revenue for deployment and first year run costs of workloads to be deployed into Azure for the period February 2020 to May 2021. 

c)    Approve the initiation and award of a call off Contract, up to the value of £1.75m, via a down-select process through the Crown Commercial Services G-Cloud 11 framework.
 

Non-confidential facts and advice to the Deputy Mayor for Policing and Crime (DMPC)

1.    Introduction and background

1.1.    The MPS has a “cloud first” strategy and use of Azure is a key strategic theme across the whole of Information Technology delivery and transformation, with the objective of cutting cost, improving efficiency, providing resilient services and reducing legacy.

1.2.    A contract for Azure Management Services for the period May 2018 to May 2019 was awarded through G-Cloud.  

1.3.    This contract allowed for the development of a full-service managing agent for the MPS’ use of Azure services, and for the deployment and operation of a modest number of Azure components (250).  It was anticipated from the outset that if adoption of Azure was successful further awards would follow.

1.4.    In the event, adoption has been faster and stronger than expected, and a 50% uplift permitted under Regulation 72 was executed in September 2019.

1.5.    A rapid increase in adoption following the 50% uplift now means it is not possible to service current foreseen demand through to the end of FY19/20.  Currently available funding will be exhausted by end of January 2020.

1.6.    Microsoft Azure is the MPS’ chosen cloud platform, intended to operate in a similar way to existing datacentres but without many of the inefficiencies and issues that have caused projects using traditional infrastructure to perform poorly.  It is expected that through Azure the MPS will benefit from lower like-for-like costs, improved efficiency, more resilient services and a cost-effective means of reducing legacy.  

1.7.    The MPS has invested heavily and is already committed to the use of Azure.  As previously described, this extends to applications critical to operations of both the business and in front-line policing.

2.    Issues for consideration

2.1.    Foregoing BAU charges for Azure would result in existing deployed workloads and the environments in which they operate no longer being monitored, supported and reported on and would require the MPS or one of its other suppliers to take over the administration associated with the MPS’ Azure subscriptions.  

2.2.    There is no practical alternative to the use of Azure, and hence Azure charges, outside of physically repatriating applications back into the pre-existing datacentres, which would be hugely disruptive, time-consuming, costly and in direct opposition to MPS strategy.

3.    Financial Comments

3.1.    The project revenue costs of £990k and the ongoing revenue costs of £760k are funded from MOPAC Approved Digital Policing Revenue Budgets

4.    Legal Comments

4.1.    The proposed procurement route is to directly award a call-off contract under the Crown Commercial Services G Cloud 11 Framework Agreement.  The G Cloud Framework Agreement is a compliant route to market.

4.2.    Paragraph 4.8 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve business cases for revenue or capital expenditure of £500,000 or above.

4.3.    Paragraph 4.13 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve the procurement strategy for all revenue and capital contracts of a total value of £500,000 or above.

4.4.    Paragraph 4.13 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to award MOPAC contracts with a total value of £500,000 or above.

5.    Commercial Issues 

5.1.    This paper requests Initiation and award of a call off Contract, for Azure Management Services up to the value of £1.75m, via a down-select process through the Crown Commercial Services G-Cloud 11 framework.

5.2.    Contract length will be for an initial period of 16 months. This timeframe will allow for the MPS to source further Azure Service Management Services through the Pegasus programme. At the current time Pegasus is not available to meet the needs of the MPS for Azure Management Services.

6.    GDPR and Data Privacy 

6.1.    The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.

6.2.    Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.

6.3.    The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the supply of services meets its compliance requirements.

6.4.    The supply of services does not use personally identifiable data of members of the public, so there are no current GDPR issues to be considered. Projects deployed within the scope of the services may at some later stage use personally identifiable data of members of the public, at which time DPIAs will be completed as needed.

7.    Equality Comments

7.1.    As this is the continuation of an existing service this work does not change any aspects relating to equality or diversity.

8.    Background/supporting papers

8.1.    Report


Share this page