The Cabinet Office has issued new guidance on offshoring government services to government CIOs and other senior civil servants.
The department said the guidance does not represent any new government policy, but "will help" executives "consider supplier proposals which include offshore provision and which may offer value for money".
Any offshoring of government services and citizens' data is controversial and the Cabinet Office appears in the guidance to be looking to make sure senior civil servants can try and alleviate any concerns.
The guidance includes an overview of requirements that offshored government services must meet. When considering supplier proposals which include offshore provision, says the guidance, executives must consider the Government ICT Strategy, and the HM Treasury's and Department for Business, Innovation & Skills' Plan for Growth, both published this March.
The guidance states, "In order to maximise value for money in procuring services, CIOs will want to ensure that potential suppliers are aware that offshore solutions will be considered, and they may want to utilise the potential capability advantage and cost savings of globally provisioned shared or cloud services."
From a security perspective, says the guidance, data, information or services may normally be offshored provided that the following "high-level" information assurance (IA) requirements can be met:
- In the case of personal data, the requirements of all relevant data protection legislation are fully fulfilled
- Data or services offshored from the UK must not relate to or directly support national security.
- Normal IA standards and requirements that are applicable within the UK must be applied and tested in any non-UK environment. There may be some countries or locations where the risk of offshoring any government service is "unacceptable".
The guidance adds: "When procuring services, CIOs need to consider offshore proposals on the same criteria as any other offer, while ensuring that government requirements are met."
Martyn Hart, chairman of the National Outsourcing Association, said the government was "catching up with best practice".
“The core principles of offshoring are the same as any outsourcing deal – consider your exit strategy right at the beginning. Take the time to ensure it is robustly built into the contract. Data protection is crucial – the NOA welcomes the standardisation of data handing clauses. But data is no less secure offshore – data protection clauses should be a facet of all IT outsourcing contracts.”