An acknowledgement was received today by post promising a response within 15 working days.
And then the response was received, as shown below, dated today. Unprecedented.
With thanks to Phil Pavitt, responding on behalf of Ms Homer, and no further comment for the moment:
HMRC and Skyscape Cloud Services Ltd
Dear Mr Moss
Thank you for your letter of 11 October 2012 expressing your concerns in respect of HMRC’s recently announced contract with Skyscape Cloud Services Ltd. I am replying on behalf of HMRC’s Chief Executive, Lin Homer.
Skyscape were selected by HMRC and awarded a 12 month contract due to their innovative, inventive and value for money solution. In terms of the suitability of Skyscape hosting HMRC data I can confirm that HMRC procured the services of Skyscape via the HM Government “G-Cloud” Framework, also referred to as the CloudStore. The G-Cloud was created by the Cabinet Office and the Government Procurement Services (GPS) via a formal competition process through the Official Journal of the European Union under the Open Procedure.
G-Cloud was established to make government procurement easier and more transparent and was, in part, created as a means of encouraging small and medium sized enterprises (SMEs) to compete on a level playing field with multi-national organisations.
In order to deliver services through G-Cloud, all suppliers on the Framework, Skyscape included, were required to meet a set of mandatory criteria set out by GPS including their financial standing and Experian risk assessments. Additionally, HMRC carried out its own standard taxation and financial compliance checks before awarding the contract and Skyscape passed the standard set by the G-Cloud Framework and HMRC.
Skyscape’s services are provided through a number of key, or “Alliance”, Partners. These partners are industry leading organisations that provide services in the data centre or “cloud” arena such as EMC (storage and security services), Cisco (networking) and Ark Continuity (UK based high security data centres). Ark Continuity therefore are one of a number of partners who supply Skyscape with their products and services which are key to Skyscape’s overall assured cloud computing services.
However, data security remains integral to HMRC and a pre-requisite of any of our data being migrated to Skyscape is for their solution, including all the constituent parts, to be formally accredited by CESG (the Communications-Electronics Security Group) to Impact Level 3 (IL3). For more information please see the link below:
This accreditation is expected imminently, at which point HMRC will be in a position to begin securely moving data over to Skyscape and decommissioning our old servers. Once the data has been moved it will remain there for the contract duration (12 months) during which time any subsequent data storage contract will be re-competed to ensure HMRC continues to take advantage of innovative, secure and low cost solutions, available within the marketplace, which allow HMRC to easily store, manage and transfer its data.
It should also be noted that for security reasons HMRC does not discuss details of the data that it holds, or where it stores it, however we are able to confirm that by using Skyscape HMRC data will continue to be kept in accordance with existing legislation and HMRC security policies.
Finally, I can confirm that the claims within HMRC’s press release of 26 September are fully justified. The data, which will be securely stored by Skyscape, currently resides on several hundred servers, across multiple HMRC office locations. This change will consolidate that data and place it into a small number of secure and highly resilient cloud data centres hence improving the security of the data, the efficiency of managing that data as well as improving HMRC’s carbon footprint.
I trust that this answers your queries in full and I hope that you can now appreciate that HMRC’s decision to contract with Skyscape was not dangerous, ill-advised or irresponsible.
HMRC Director General Change, Security and Information