Comments from Others
Comments on my Open Letter to my MP
about government IT procurements and the iSoft affair,

from people who are not on the cphc list or the sb-lug list.

Aaron Sloman
Last updated: 25 Sep 2006
(Changed to reverse chronological order).


I posted a comment on this website
mentioned in the list of references and other information.
It produced the following response from Sean Brennan.
(Note 'LSP' means 'Local Service Provider'.)


From sean.brennan Mon Sep 25 10:34:35 2006
From: "Sean Brennan"
Subject: RE: Visitor Feedback from Your Website
Date: Mon, 25 Sep 2006 10:34:12 +0100


Thanks for the invitation to comment on your open letter to Lynne Jones.

Much of what you say is factually correct although I would take issue with
your concluding remark that we should fund several small scale experiments
in parallel[*]. This is what we had been doing since the early 90's and what
emerged was a pragmatic incremental model for delivering joined up
electronic records. This was called the EPR and they were locally based
integrated systems which supported the delivery of clinical care. Their
outputs were then sent to a national EHR (Electronic Health Record).

So these two concepts were different.

As with most large Government initiatives, this corporate learning appeared
to have been lost and these two elements became a single NCRS (National Care
Record Service)under the National Programme for IT - turning what was
incremental and pragmatic into something huge and complex. I personally
would have continued with the tried and tested local implementation of these
incremental EPR's (with the ability to have different EPR components from
different suppliers) and I would have put the EHR on hold until these local
systems were in and delivering real-time clinical support locally. (The
occasions when someone who lives in Bradford gets run over by a snow plough
in Cornwall are very rare 5% and probably not worth the development effort

The other element that has made what was a relatively simple pragmatic model
into a complex one is the desire to manage access control /log-on centrally.
This is a real potential bottle neck.

Finally whilst it is healthy to be constructively critical of any large
project, we should not ignore the huge waste that was prevalent in the NHS
with these local EPR procurements up until NPfIT. They would often take more
than 2 years to complete, at great expense both to the supplier and to the
NHS. NPfIT has at least saved the NHS many many millions of pounds in
procurement costs.

Again I would have preferred a model which allowed every local health
community to select an EPR system from a catalogue of accredited EPR
systems. This would keep the complexity relatively simple(!) if anything in
healthcare can ever be described so.

I am not sure about the LSP's though. I quite like the model - ie you
contract with an LSP to deliver specific functionality (which WILL change)
and they determine which suppliers they contract to deliver that
functionality. I quite like that model. Where it has got way too complex is
doing all this at a NATIONAL level rather than a federation of

Best wishes

Sean Brennan

PS you may want to read my book  which was reviewed by the Guardian  here:,,1486594,00.html

[*] Comment by A.S.
I doubt that the early 1990s model included my requirement that all
results of publicly funded projects should be freely available open
source, as proposed here.


From John Knapman Thu Sep 21 11:57:07 2006
Date: Thu, 21 Sep 2006 11:56:40 +0100
From: John Knapman
To: Aaron Sloman

[Extract from multi-topic message. Removed name of company. A.S.]

There is plenty of experience in XXX and other companies of running
large software projects.  In my observation, there is a complexity limit
based on the mental capacity of a technical leader or "guru".  How big
the team behind that person can be depends on how well the design has
been abstracted.  For example, a billing system for a phone company may
be very large but conceptually very simple.

I have never worked on government projects, but people I know try to
avoid them.  They have a notorious reputation for being difficult to
define, with changing requirements based on conflicting priorities set
by committees more interested in avoiding responsibility than achieving
any clear objectives.  My more recent experience mainly involved
pragmatically glueing existing systems together, whereas the tendency in
government is to attempt grandiose projects with too many requirements.

> .....

Project management is obviously important, but that is really quite well
understood.  I haven't come across corruption that disrupts projects.
The most disruptive thing is to lose the technical leader.  That is
usually a disaster.  The risk is minimised by breaking projects into
relatively short phases and delivering something usable at each stage.
Hence, building on what's there often works better than starting from

> ....

The abstract of your letter may come across as a bit academic.  For a
commercial system, whether public or private, the issue is not
triviality.  Something that reimplements and adapts a known working
system using methods of which the team members have experience is far
more likely to succeed than something experimental.

Talking to end users sounds like goodness, but it often doesn't work in
practice, because they cannot prioritise their needs against others and
they often don't realise what's possible and what's easy.   What does
work is to ask them to review early designs and prototypes, and to ask
them for additional needs once they have a system they can use.  But it
is still very difficult to interpret, and often the people you talk are
not the busy folk that you're most trying to help, but tyre kickers and
others who can be spared or who have strong opinions.

Again there's no substitute for capable leaders who can interpret
requirements and synthesise something manageable and realistic..

Best wishes,



From cherry Fri Sep 15 18:06:23 2006
From: Cherry G. Mathew
Date: Fri, 15 Sep 2006 18:06:00 +0100

[truncated multi-topic message]

Dear Aaron,

> I recently added a pointer to my diatribe on why large monolithic
> government IT projects will inevitably fail here.
> government-projects.html
> Your software engineering experience may be relevant. If you have any
> comments you would like added to that web site (anonymously or not),
> feel free to send me them.

I would only like to point out that corporates have known and tried to
mitigate this for years by either of:

- Working in miniscule technology increments. All the fiascos I've
seen ( and I've seen more fiascos than I would like to talk about in
the _little_ time I've spent in a corporate environment ) had to do
with trying to try too many new things at the same time. It would
invariably end in a big mess sortof like trying to deal with a swarm of
flies with a fly swatter.

- Having multiple product lines ready. At any instant, there would be
multiple "backup" projects.

- Acquiring successful, usually tiny, "startup" companies and their
products and re-labelling them as their own.

- Having a stringent "QA" process

I don't know if any of this makes sense in the context of the s/w
project you mention, just my two pence.




From A member of a well known company Sun Sep 03 17:06:45 2006
Subject: Re: Isoft fiasco -- analysis and proposals


Sorry about the slow reply to your note. You wrote:

> I thought it possible that someone in your position might make
> useful critical comments on the following, if you have time.
> Since my MP Lynne Jones is often forthright in her criticism of
> government policies and has intervened in the identity cards debate I
> thought I'd offer her some fuel in relation to the iSoft affair and more
> generally the folly of monolithic long term large scale IT development
> contracts.

I'm replying to you in a private capacity, from a private email address.

I'm very concerned about large government IT projects that aim to gather
the information that the state holds about citizens into large,
centralised databases. Examples are the Children's Index, the National
Identity Register, and the centralised health-care records element of
NHS Connecting for Health. In each case government's rationale for
centralising the information is flimsy at best, while the risks to the
privacy and personal security of the individual are great.

I'm involved in the NO2ID campaign against ID cards and the National
Identity Register (, and I plan to opt out of having
my NHS health-care records placed on the CfH centralised record, now that
government has (reluctantly) said that individuals do have the right to opt

However, all this is done in a personal capacity as a private citizen.
[My company] has no policy on these projects, so I can't link my
[Company] persona to my criticism of (and determined opposition to)
these misguided projects.

I completely agree with you about Lynne Jones, by the way - she clearly
understands the issues, and has given some superb interviews about the
National Identity Register. Sadly, few in public office seem even to
understand what she's saying.



From A colleague in Sweden Thu Aug 31 15:26:50 BST 2006
Subject: Comment from a colleague in Sweden

> I listened to an invited lecture by an official from the Swedish
> department of health last semester and he mentioned that the UK had
> invested enormously in basically changing everything in IT in health
> care at once.

So we are being laughed at abroad?



The letters included above should not be quoted without permission from their senders. If in doubt, ask me how to contact them for permission.

My own contributions are licensed under a Creative Commons Attribution 2.5 License.
If you use or comment on my ideas please include a URL if possible, so that readers can see the original (or the latest version thereof).

Maintained by Aaron Sloman
School of Computer Science
The University of Birmingham