 I welcome everyone to the Justice Sub-Committee on Policing in its second meeting of 2016, and I said everyone to switch off mobile phones and other electronic devices in the interview of the broadcasting, even when they're switched to silent. I've had apologies from Alison McInnes and Margaret Mitchell, but, and by no mean feat, I welcome Graham Pearson to come to the committee, and I'm moving to item one, the ICT systems, and I welcome Martin Leven, director of ICT at Police Scotland, chiefsroom attendant Haymes MacPherson, ICI-6, program director, and chiefsroom attendant Alan Spears from Contact Command and Control Division. You've all been here before. Excellent, so you know how the whole thing works. If you just show, indicate to me unless a party asks you, one of the members asks you a question directly, if you want to say something, just indicate and I'll call you. Right, thank you for a written update in Police Scotland's various ICT projects, and members, I'll go straight to questions, please. John, you've got a look in your face, does that mean a question for you? Yeah, okay, thanks. Afternoon, gentlemen. I was told a number of weeks ago that this was all on the rails. It wasn't going well. Can you give us a general overview of where things stand, please? Are you talking about I6? Yes. That's what I was about to clarify, because everything else is doing well. Were there other things on the rails, we shouldn't have, perhaps I shouldn't have intervened. According to national paper this morning, we're about to cancel it, that's not the fact. I6 is currently in re-commercial negotiation with Accenture, so when I appeared in front of this committee in September last year, we had a delay that was caused by an issue with hardware, and I gave a very long description of what that hardware was to you all. That was rectified very, very fast, so we did that within the timescales that we expected to do. However, it became clear around that time that some of the standard of the coding that we were receiving from the third party supplier for the I6 bill was not anywhere near the standard that we were willing to tolerate. Since then, we have been in discussions with Accenture. There was a meeting held last week with Accenture. I was unfortunately unable to attend that meeting due to personal illness, but I'll ask Amish to pick up where we are at the moment with that. That's fine. Probably about a background, first convener, which was we received the product for user acceptance testing in June, at which point in time had completed product testing. Members will remember that I gave you a long and very drawn-out description of how the test cycle should work—the supplier's test cycle—before we get to for user acceptance testing. However, the time that I left product testing should have had a maximum of 80 defects. That was the agreed exit criteria, none of which should have been major or critical errors. However, very quickly, after we went live into user acceptance testing, the level of defects was significantly higher than we wanted. We ended up at one point in time, and we ended up with 12 critical errors in the system, which actually stops you progressing through the system, and there should have been none at that time. We also had a number of other errors. Getting into numbers is almost pointless in as much as some of the errors are cosmetic, and therefore— Critical, that's the point. Yes, yes. We had a number of critical and major errors, which were actually stopping us progressing through the application. At which point in time the supplier was also struggling to get rid of the errors, so as they were fixing an error, another error was getting produced. As a result of that, when we got to September, just after we met here at that point in time, we became obvious to us that we were not going to manage to make the December date, and at the September board, the supplier came in and said that we would not be able to hold the December date. We asked him to carry out a root cause analysis to see why that happened and why we had a level of code deficiency that we had, at which point in time the supplier did that. The supplier then, as he said in the briefing paper, then re-engaged with Police Scotland identifying the fact that he carried out root cause analysis but said that he wished to move into a without prejudice period. I've got to say members that we are still in a without prejudice period. Basically, the information that he gave us was subject, if you like, to commercial embargo, so there's a limit of why I can say to you in the middle of a public meeting with regards to that, because we are still within that period. They shared to us at that time their assessment as to what had caused the defects and what had caused the errors in the system, and we worked with them for a plan moving forward. The original plan that they provided from us was frankly too long and required additional finance from Police Scotland, and that plan was rejected. When we had this earlier, we were told that there would be no... I'm looking after lending, but a contract variation agreement was signed in April 2014 to protect the delivery of the original requirements at no additional costs, and we clung on to that. Indeed, but that's still where we are. That's what I'm saying convener, we are still there. The original plan that they provided to us asked for additional finance and also didn't work out for us in terms of timescales, and there's a little point in me going into the timescales here, because I appreciate the 300-person days to fix something as 300 people for one day or one person for 300 days. However, the timescales were not suitable for Police Scotland, and certainly an injection of additional finance was not suitable for Police Scotland. As a result of that, the summit meeting last week was set up by the chair of the Police Authority and a censure of the Police Authority Scottish Government, and Police Scotland attended that meeting. As a result of that meeting, we have a potential positive way forward, which involves still no additional injective cash for Police Scotland or the authority, but we still have to work through the details of that and the timings. The difference between that and the original solution proposed by them was that their proposal was to fix everything and then deliver it in a later date. Our proposal now we're working through with them is to sort it in a modular basis, and that way we can get releases of the application, if you like, different parts of the application, crime, criminal justice custody, in a modular basis over the next few months. Have we got the right people sitting in front of us? Clearly, we want the practitioners who will advise what's to be designed. We want senior management. Should we have a lawyer here? Are there contractual issues that are running alongside the present challenges? I mean, we still are having contractual discussions with the supplier. We are not at the lawyer stage, I would say. We are managing. We have what is on the table as a potential way forward. We've just got the work out of the detail of that way forward, which we think will take about eight to twelve weeks to get through. At what point, Mr McPherson, would we move beyond the position where something might be deemed commercial in confidence? Our obligation as a committee is to understand the financial arrangements. Do you consider everything commercial in confidence? You will end up walking out of a without prejudice stage. A without prejudice stage is only a stage that allows you to have open negotiation without putting yourself in a commercial problem. In other words, so the supplier can share with us stuff that he would normally want to supply with us. That's the purpose of a without prejudice period. That will end. The intention is that it is time-bound, so there are checkpoint meetings four weekly for the next 12 weeks with the same people. The same people who attended the summit of Scottish Police Authority, Government, Police Scotland and Accenture senior management. At the end of that, we will exit the without prejudice period with a positive way forward, we hope. Was that a new initiative or was that something that was built into the contract? We all understand that they are incredibly complicated areas. Was there some latitude around time frames? Every contract has within it a remedial process, because it's a model OGC contract, so it's just following guidance. If you miss a critical milestone, which is what has happened, the go-live milestone in December has been missed. You move into a period of mediation to say how do you actually work through that with the supplier, and that's where we currently are just now. What can potentially go wrong if that can't be resolved? What does that mean? Can I put the whole thing? I would like to think that we have a positive way forward now. If we can't reach a positive way forward, then yes, we will have to look at options. There is always the option of redo power company, but we are not at this point in time. We are not identifying that as an issue. Can I just one final question, please? It is in relation to other decisions that have been made around, for instance, control room closures. You all want to keep dice extra a bit, but it's entirely related to that. It is about this clearly that isn't the time for important decisions to be taken about command and control and other issues, if there is the potential that there are going to be future problems with this contract. I am very keen that the committee understands that, quite clearly, the I6 project does not have any major impact on the control room project. That is a completely separate project technology. But there must be linkage. There must be linkage, but the linkage is under our own gift and our own control. As part of the I6 project, we created a module that is under the general IT update in your pack, which is called the integration data access project, which we are using as a switchboard for information between a whole variety of different Police Scotland systems. Currently, in Police Scotland, we have got over 700 different systems. We are hoping to reduce that significantly as we move forward and as finance allows us to move forward with that. However, we have, within our own team and within our own gift, created quite a innovative approach to how we are going to exchange data, because we would always be stuck in a situation in which we are beholden to suppliers to integrate product with any new things that we bring on. That is a very dangerous place for us to be, so we have created this technology that will allow I6 or whatever we bring in for these deliverables to store information. In Allen's area, C3 will be a completely separate storage information and we will have a switchboard that will exchange information at the right place at the right time between the two systems. We are not producing one massive IT system for the whole of Police Scotland. It is very modular in the way that we are going to approach it. I hope that that explains that a little bit clearer to you. I want to go back to the costs. There may be something within the contract itself. As you say, if there are any additional costs within that contract, those costs will not pass to Police Scotland. What happens about consequential costs to Police Scotland through delay? Presumably, that was being introduced not only to deliver more efficiency but also efficiency in terms of finance. Is there anything within that contract? That is quite an extensive delay, but there are additional costs to Police Scotland and you will be able to recover those costs from Action Centre. I will pass on to Hamish for the full detail. The contract, as it was built, has certain penalty clauses in it. That is different. We are done, but that was the way that the contract was built. However, that was discussed at the summit. I will pass on to Hamish who will be able to pick up the details for that. Indeed, again, I do not wish to appear evasive in any way. There is a limit to what I can say here, because we are in the middle of commercial and contractual negotiation, obviously. Some of the information that we have shared is obviously commercial in confidence and currently with all prejudice, as I explained. What I can assure you is that there are obviously indirect costs for Police Scotland as a result of the delay. The indirect costs for Police Scotland are forming part of our negotiation with Accenture. We have boxed in any direct additional costs within the contract frame, and those are in addition to it. That is what I am getting at. The direct costs and indirect costs of running the project are formed within part of that financial envelope, which forms the contract for I6. It is not just a supply of the software, but a supply of the services with the software. The discussions that we are having include our direct losses as a result of the delay. Those are a negotiable part, whereas those in the contract are not negotiable, because they are written in. You said that there would be no direct costs. What I am getting at is that there are no additional costs to Police Scotland protecting the delivery of the original requirements. I want to know if that is fixed, which family it is. That is specific. The way that you are talking about the contract variation agreement, which was done earlier on, has not changed, and there is no additional costs. Part of your negotiation in principle is with regard to any indirect costs, which you may or may not have to moderate or write off. Am I correct? With all saying, I am confident that they will fall within the set of wind that we held with Accenture. Can I just give an answer to that? It is a simple question. That is part of the negotiation. What will you do for us if you do not deliver this because of all the additional costs that we have? They are part of a negotiation. They are flexible. That is a flexible bit. You may write them off. You may have to moderate them. You may get them all. Am I right? Yes, they will be part of the negotiation. I was trying to explain that. Yes, they will be part of the negotiation. That is not commercially confident. That is just part of it, but let us know that they could be cost to Police Scotland if you have to write them off. If we do, I am by no means saying that at this point in time, that is certainly part of our negotiation and our supplier accepts the fact that there are direct costs for Police Scotland which will have to form part of our negotiation. We cannot know what that figure might be. We cannot know what that figure might be. No, all the figures within the contract have probably been explained before. No, that is indirect costs. This is additional costs that we have got out with it. To have a discussion regarding that, I would have to give you the commercial costs to the contract, and the contract itself forbids me from doing so, certainly in public session, because obviously other suppliers have the potential for knowing exactly what costs they have got. Okay, I might come back to that. Kevin, Rennie Lane and Graham, please. Thank you, convener. We are at a stage of, without prejudice negotiation, where Police Scotland and the contractor are still speaking. The contractor has not walked away, as has been reported. How long do you expect this, without prejudice period, to last? It cannot be indefinite. I would imagine that we will get this concluded within between eight to 12 weeks. I am not saying that we will get all the commercials sorted within that time, but I think that we will be in a position of knowing the way forward and be able to form some kind of heads of agreement between the two organisations to move forward with the programme. In three months' time, we should have a clear indication of the path forward for the I6 project. Indeed. Okay. Let me look at some of the things that you said earlier. By no means am I an IT expert, and I do not think that any of us around the table are. However, there are certain phrases that bother me having dealt with IT contracts before. One of the things that you talked of was code deficiencies. I was reading an article the other day on the BBC about what was deemed to be one of the worst ever games for computers made by Atari, called ET, after the extraterrestrial film. I will tell you exactly where it is going, convener, in just two seconds. One of the things that was wrong with that game was that the software designer had very little time to deal with it. There were a number of code deficiencies, which meant that ET, rather than going through the game as he should have, kept falling into holes, which, of course, annoyed those folks playing the game. Can I ask you in terms of the code deficiencies that you are talking about here? Does it mean that we would have a situation in which an operator would fall into a hole at a point and be unable to move forward with the software that they were using? What implications would that have in terms of being able to process the necessary things and say in the crime section of it? What are the repercussions if that kind of thing were to happen? Explain code deficiencies to me in simplistic language like the BBC did for ET. I will give that to Hamish to explain to you. I can explain two things first of all. Probably the first one is to reassure you that that would not happen. The whole purpose of that complex test cycle that we described to you in the past was to ensure that this was fully tested before it ever reached an officer on the street or a member of police staff in a backroom function. That was the purpose of the testing. The thing that was built in the completion certificate for the test cycle was issued on 10 December 2014, since then we have been in testing. That thing was always going to get thoroughly tested, and that is what has identified the deficiencies within it. To be honest, the biggest issue that we have with regard to the system is the fact that we have a thing called issues compliant to integration of Scottish criminal justice information systems. That demands the data that is put together in a certain way that a charge can have one or more accused and accused can have one or more compensation orders and one or more compensation orders can have one or more bodies seeking that compensation. The fundamental issue is that, because it is such an integrated system, the crime falls through criminal justice and automatically through the reporting, the underlying problem has been the way that that data has been put together. However, that also makes it a fairly major problem to resolve for the supplier. That is the level of code deficiency that I am speaking of. Are you saying, chief superintendent MacPherson, that the major flaws are in that area of the system only, or is that just an example that you are giving us? There are more than one area. I identify four areas within your paper where it has, but criminal justice for me is the biggest area of flaw that we have within the system. Could you explain to us—I realise that, but for the record—the four major areas where there are difficulties and what those difficulties are in layman's terms? Yes. I was hoping that I was doing it in layman's terms. Criminal justice also transpires into crime because the crime gets created in the first place and the crime has to be ischis-compliant. That then passes through criminal justice. We also have some deficiencies within the audit module, which is critical, so we know what officers have done within the system. That is quite critical and gets audited. Less problematic than criminal justice—small and monk to defects, but there are still defects there. Bits of administration just did not work, so that is our ability to administer the system to add to constrained lists, etc., within a system. Some of that functionality just did not work, and some of the search functionality did not work as spec'd. Those areas are smaller than the criminal justice area, but the criminal justice area is the biggest area that is requiring, if you like, fixed. That is because, at the database level, it is quite complex to fix. When you appeared here before, I talked about system failure that I had come across in the past, where too many bells and whistles were added on to a system, often at the tail end of its design. Has there been changes from your side during the course of the project? Changes from your side, which have maybe caused some of those difficulties? Or is this entirely a situation in which the developer, the contractor, knew all of those requirements at the very beginning? The biggest issues that have been explained are the criminal justice issue and the issues data standards. Version 1 came out in 2007, and that is the biggest issue. That is not answering my question. Were the contractor, were Accenture aware of the requirements of all of that at the very beginning of the contract? It is a contractual obligation to comply with issues data standards. It is a written name in code English to comply with issues data standards as part of the contract. I am not going to say that there has not been change in the contract, because the very building itself will have caused change, because we have had changing legislation and so on. There have been some change requests in the contract, but fundamentally that is not what has caused the issue. What I am trying to get to is that you have not had any major change in terms of what the contractor needed to develop since the very beginning. No major change. There has been no major change because of these defects, yes. So they were well aware of the requirements of the system at the very beginning when the contract was signed. The issues data standards is a named standard that must be complied with within the contract. What does that mean? It actually says in code English in the contract that you must comply with the integration of Scottish criminal justice information data standards. Every copy of the manual has been supplied to the... So those specifications, we understand about the complexities of criminal justice and multiple accused, various information about previous convictions and so on. All that was in the specification at the very start. It is in the specification from the start, yes. I am at pains to go here because I think that you are probably going to turn around to me and say, oh well, I cannot say that because of commercial confidentiality or the fact that we are in a without prejudice period. Do you think that the contractor, and this is in hindsight, do you think that the contractor is actually capable of carrying out all of the instructions that they were given to develop the system? At this stage, and again, this is a without prejudice thing, but you are asking a personal opinion of a couple of individuals sitting up here. I have doubts as to the capability of the contractor to deliver this going forward. The contractor will need to prove to us, as part of those negotiations, that they are completely capable of delivering this because they have very clearly let us down. Do you think that they are going to be able to retrieve your confidence in them to be able to deliver the system? It is a possibility that they could retrieve our confidence depending on what they come back with. I would imagine that, as part of any negotiation going forward, there will be a change in certain personnel that have been involved in the project from the supplier end. That would be coming forward. If they can produce a robust plan, we would look at it, but I would emphasise that a robust plan was produced the first time around. Finally, convener, I think that this is extremely important. If we reach a situation in which the contractor is found to be incapable of delivering the system that is required, we have to go and seek another contractor to carry out that work. Does the work that has been carried out thus far go to the new contractor so that they are not starting from scratch, or are we back at the very beginning of the process? If you can share it with us, I would like to know what the penalty for the contractor will be if it is found out that it is unable to deliver the contract. I am probably not going to be able to share with you what the penalty is to be negotiated. That being said, I can absolutely confirm that a lot of the work that has been done as part of the process in the journey that we have been on has been done within Police Scotland and the team that is reporting through Hamish. Therefore, we have got a lot of internal intellectual property, if you like, on how any system going forward would work. I will pass on to Hamish to expand again, but I would be surprised if any of the code work that Accenture has done would be passed on to another party. I do not think that we would want that to happen if we reach the stage—I say again that it is a big if at this stage—of looking at an alternative supplier. I will let you in for a piece for me to say something. Before Chief Superintendent McPherson expands on that, in terms of the intellectual property, in percentage terms, or maybe in terms of importance, does the important intellectual property rest in your hands rather than in the hands of Accenture? I will probably give that to Hamish, because Hamish has been more involved in the legals and the contracts, but the intellectual property of the workflow, which is the important part of that, is absolutely with Police Scotland. We have designed that. I understand that the coding is the intellectual property of Accenture, but I will pass on to Hamish to correct me if I am wrong. Thank you. There are probably two things to reassure you with. Since September and since it was first decried that this was potentially an issue to get us live in December, I have not settled rest in my laurels and we have looked at contingency. We are looking at contingency issues, including interim contingency issues, as to what we can do to make sure that we get live ICT systems across Scotland. The IDAP system that was discussed by Martin is obviously one good example, because that will give us a view of crime and missing persons, etc, across Scotland. That was not predicated in the delivery of I6, because we deliberately separated things, for the reasons that Martin has said. With regard to intellectual property, I obviously was not here prior to—I came after it was built. At that point in time, I looked back and said what information was actually provided to the supplier and did we provide the information. I have got to be credit. My team and my predecessor's team, the information that was supplied at that time was absolutely superb. The business process work that they had done in advance of this system, going out to tender for the system, was superb. However, time has moved on. Obviously, a new legislation is coming and a new legislation is coming, criminal justice act, et cetera, children and young persons act, will be on their way. Since September, my team have been reviewing and updating all those business process maps, which, if you like, hold the intellectual property of the journey of policing through policing, and they have been doing that since September. They are now in a good state. I am hoping that we do not have to use them as a contingency, but it would have been remiss of me if I had not done some work as a contingency. I came to your referred to code deficiencies, which indicate that the software engineers have been making mistakes, basically, in the coding and the programming, and are not able to produce what your system requires. Are Accenture bringing in any additional expertise? Has it brought in other software engineers to try and sort out them? Throughout the entire journey, Accenture has made several attempts to address issues. If I could return to a point that Mr Stewart made earlier on about the Atari game and ET falling down holes and stuff like that, a big key difference there was that game was launched without the proper quality assurance and launched in an unsuspecting public, and then the problems came and people got frustrated because ET was falling down a hole. I cannot believe that I am sitting on a parliamentary committee talking about ET falling down a hole, but I am going to move past that. It is the easiest way of describing this. However, our team has been very, very good, very, very switched on. I am incredibly proud of the effort that our team has put in to spot those things and to have a zero-tolerant approach to the development of this product. Just to clarify that we have not launched this product, we have deliberately made steps to ensure that we are not launching anything that is not fit for purpose. When we talk about the software engineers making errors, Accenture has teams of hundreds working in various locations. When they started experiencing problems, the I6 programme board, and I6 is a member of the I6 programme board, were fairly robust with them throughout the process. We received assurances and Accenture drafted an external quality assurance people to come in and take a look at the quality of the product that they were delivering. We have gone through several repeated changes in senior management of Accenture, running the project as people go in with different approaches to the project. I think that it is more than just software engineers making errors. Is coding errors in it? I personally think that it is the environment in which they are working could do that. By that, I do not mean a person-to-person environment, a technical environment, so the actual structure that has been set up for them to do the coding within and the testing that can happen within that, I think, is of varying standard to what we would probably have been happy with when we found that out. Again, I will pass on to Hamish for a little bit more clarity with that. I can probably add another bit of context as well, which was after we, if you like, began to discover these defects and we were not getting the defects sorted with during user acceptance testing, we actually asked them to carry out an independent assessment. They did that, they brought in an independent team, but it was certainly a team, they are obviously a large organisation of many hundreds of thousands, and they brought in an independent team of people who are, you know, I am completely happy, very knowledgeable in their subject. They shared us stuff with all prejudice, which is awkward for me, they will eventually come back with a with prejudice update for that, which they will come back to the I6 programme board with, but they did definitely identify some deficiencies, as you say, with regards to the management of the software production, which have caused some of the issues. That is one of the problems within that industry that people move a lot, I mean, is a shortage of software engineers and it is relatively easy for people to move from one job to another, you know, they may be losing expertise, you know, because if they moved on somewhere else. Are you confident that in terms of moving forward and the changes that will be about to happen, as you said, as a result of laws passed in here and that different data is required to be collected and so on, that if you have an on-going contract with us that this is actually going to, you know, that they're going to be able to cope in future with it? I mean, you might have it okay when you launch it, but as it develops, in fact, you know, you're going to need to ask them to add to the systems that they're producing for you, you know, are you going to be confident that those are going to work? Again, I repeat what I said earlier on. In my personal opinion, I am wary in my confidence levels with the supplier at this stage and I would be very wary in extending a contract unless they can prove that they will up their game. Are there other companies out there that you could continue to work on? You said that there are other companies and what's crossing my mind in a very simple way is why were they picked to do this job? I mean, you said you gave them all the specifications, everything like that, and yet they seem to have not withstanding the movement of software engineers, I mean, they've failed in lots of things for you and they've left you actually in a way dealing with the flack when it's been the failure of the developers. What kind of process was gone through to give them the contract and what other companies and delivers were looked at? Have you told me that there are better people and you look absolutely fed up with all Mr Levin and I'm grateful to you for being so frank, because I think you just went out of it and maybe put words in your mouth, you could be fine doing away without this, is what process did you go, who did you look at and why were they chosen? The process, again, no one at this table was involved in the original process when it went through, but I joined the policing family in SPSA towards the end of the process. I joined the policing family towards the end of the process. You'll know how it happened. I don't know exactly how it happened and the process was a thoroughly intense, in fact probably the best procurement process that I've witnessed. It went through incredible levels of detail that required guarantees from the companies that required demonstration of the ability to deliver it. It was based on a system that was already live in Spain and there were almost 100,000 users of that system in Spain. I can't remember the exact figure. It went through a first process that was then shortlisted to four candidates, where very in-depth diligence was done with all four candidates, then I believe shortlisted to two candidates and then Accenture were chosen as the preferred supplier at that stage. They had a track record that successfully delivered the system to the guarda in Spain. They demonstrated an absolute understanding of what our requirements were and commercially they were an attractive proposition for us. The next thing is what went wrong, then what if they were so good top of the class? Again, sometimes you can get so much information out of a procurement process that until such time as the product that's delivered at the end you don't know what you're actually getting and that isn't just an IT thing, that's an anything in life. You can get something that isn't exactly what it says in a tin at the end of the day. It's a big tin with a lot of money on it. I fully understand that. Again, this is where this project has differed from any other previous major IT project in the history of policing in Scotland. The governance and diligence around us has been very intense, very focused and Accenture have been held to account at every single stage through that. Accenture wasn't my question. Holding that account you've been telling me that, but it was why in the first place if you tell me there are better people out there and you can go out. If Accenture contracts are finished you'll get somebody else and they'll do a better job is what I'm taking from you. Indeed. Again, I've almost asked the committee what else could be done with us. We carried out one of the most thorough procurement processes of our heavily audited. I went through a gateway review, repeated gateway review, complimented through that gateway review. When the contract was signed and moved into production with Accenture, Police Scotland developed a zero-tolerant approach to Accenture in terms of the commercial and technical coding standards that were coming forward. I think that it's been managed as well as it possibly can be. Graham, I'll give you a short one first. You might come back in again because Kevin has got to go off at something, so I'd like you to ask something if you wish. Well, I've got time to follow the thing through. First of all, to deal with the point that Kevin made about expertise, I led the personal of the teams that delivered the national intelligence database for Scotland that's still in existence and thereafter, for my sins, the criminal history system, which still runs right across Scotland to now. In that context, I say it merely to commiserate with Haymes McPherson and his current responsibilities and know that he's not responsible for where we got to, but he's now accountable for where we are. In terms of Mr Leven, back in May of 2013, you told the committee that the longer systems remain without being replaced, the greater the increase in the risk of failures. So we're now nearly three years on. At a subsequent meeting in June, the chief constable gave an assurance that I6 would begin in phases in 2015 and it would commence operation from those phases from the start. My problem is that we'll do the post mortem, no doubt, if we get to the stage where this thing does grind. My problem just now is the time it's taken to call the company to account and know whether or not we're going to get a system delivered. You mentioned a summit meeting. Without giving us the confidential figures, I take it one of the options that was discussed at that meeting was in the event that Accenture was unable to deliver. There would be a figure, a number, that would need to be considered and negotiated on in order that you could move on and deliver a system. That was one of the options that was discussed during that meeting. Again, I wasn't at the meeting, but I like how we should pick up that part of your question. Yes, that was an option. Given the introduction, there was a degree of brightness in your presentation about the way forward and a hope that it can be delivered, but given what you've subsequently said and your apparent lack of confidence in some of the people concerned, I don't want to go through the quotes, but I can do if I'm giving the time later on, this system was presented is absolutely crucial to reform and policing going back to 2013. At that time, we were told that the team had already been led for four years, so we're now seven years into this project. Having been involved in these national systems previously, there comes a point where patience runs out and that is costing the service daily in terms of commitment. Why does it take seven years for us to get to the point where we begin to get tough about it? I think that that's probably harsh timelines and maybe not being fair with what's happened in the history of this. The contract was awarded to Accenture in 2012. We get approval from the Scottish Police Authority in August 2013 to sign the contract off. I can tell you that Chief Constable reported to this committee that the team in June of 2013 had been led by Alec Hitman for perhaps four years at that point. We're almost seven years into your iteration, the police family's iteration of it, albeit Accenture comes in later in the seven-year prospect. By the time they come into it, one would have thought that there's a package, just give us it, and we thought that we were getting in 2015. Why does it take till now, before it begins to come out? We've expressed our concerns now for nearly four years about the way forward, but we're constantly told that it's in the bag, so it's coming. I'll pass on to you in a second, Hamish. The four years prior to the contract being awarded were spent delivering the absolute correct model that was required. It was spent in research, it was spent on learning lessons from other public sector projects that had happened, and some that you were involved in as well, I'm sure you remember. In the middle of that four-year period, Police Scotland appeared, so bearing in mind this was starting off as a project for Strathclyde Police, so it was going to tie in the other forces across the country. Police Scotland wasn't on the horizon at that stage, so one national police force. There was a lot of extra work involved in that stage, which meant that we went to market with a thoroughly mature and complete model of what we want to be delivered. We then went on to ordering the contract with Accenture as the supplier after a lengthy procurement process. Procurement isn't a fast time, so procurement was well over a year, year and a half. If we take a look back from Accenture coming into the game now, it's more realistically 18 months, two years as opposed to the seven years that you mentioned. In that time, stuff has to get delivered to us in a particular order. You have to do an in-depth dive, you have to do an in-depth technical spec of what you're going to be delivering, so this is the business rules over here. This is technically how we're going to make that work. That isn't an overnight thing, that is one sort of work to do that with several hundred people involved in doing that to turn the vision into the reality. Once that happens, that's then passed across to Accenture to turn it into a technical reality. We then audit that. Therefore, we don't see the product coming through until pretty late in the game. As soon we see that product coming through, we can identify if it's going to work or if it's not going to work. Therefore, it is only recently, and in any software development, you will only discover towards the launch date of that software development when it goes through advanced validation of whether everything actually works, that it is going to be a gore or not. I understand the point behind being involved in that. I completely disagree with the way you've turned the figures around there in terms of time, but I will also pass over to Hamish, because he's nudging me here that he wants to come in. I'm not trying to defend myself, I'm just actually trying to paint reality here. We went through an issue of many of the issues that were identified have been issues or risks with us, with the supplier for some time, where we've received assurance and reassurance from the supplier about those very issues. On 15 June, we eventually get to product freezer acceptance testing. At that point in time, that was as a result of them passing product test. During product test, the most we do is witness some product testing, because it's a supplier-led activity and we get reports. Those reports reported basically high 90 success rates against those product tests. At that point in time, to the extent that the supplier came to the August I6 programme board and increased their confidence assessment from 90 per cent to 91 per cent for going live in December. Within four weeks of that, we were in high levels of defects, and that's when we identified the problem. I have looked to see what opportunity there was prior to me or even during my time to say what opportunity we had to intervene and say, but the reality is that I do not believe that we had the opportunity. If the supplier is saying they are passing unit test, passing assembly test, passing product test and giving you paperwork to support it, it's very, very hard for us to actually unpick that. When was the contract awarded to Accenture then? When did you start the actual work? I believe it was August 13. Yeah, I haven't got a date in front of me, I'm sorry. I believe that Scottish Police Authority approved it at the board meeting in August there. I may be wrong on that, but that was my assumption. As I said right now, I don't think that Mr MacPherson has any need to defend himself. I think that he's now tailing Charlie in this whole process of dovering. We made a big play about the performance platform regime and the lessons that were to be learned from the loss of that system. Each of the members of the committee rehearsed very clearly. At one stage, I asked whether every member of the team would have a copy of that report nailed to their desk, so that they would learn a lesson. That seems to be almost a replay of many of the lessons that came from that report. In terms of the way that the contractor has delayed your ability to test and challenge what they were off to. Again, Mr Pearson, I'm going to disagree strongly with you here. That couldn't be almost more polar opposite than the platform in terms of how things have been managed, how things have been done. I can see that the governance is both strict. It's like the witnesses deal, you've raised it, so yes. You want to say, yeah? Yeah. So the main lessons learned from platform, which you're well aware of and we all know that report inside and out, where lack of governance, lack of specification, the scope kept moving on the project, therefore what started off as a seemingly simple project turned into bells and whistles at every part of policing across Scotland to make different police forces, wanting to weave it added on to it at different stages. The scope in this, as Haimishah alluded to earlier on, was nailed at the procurement stage. The only changes that we've put into that scope, again to the best of my knowledge, and Haimishah will back that up as legislative changes that come out of this building, where we have had to put in. Again, that was part of the contract when these things are likely to happen. As Haimishah said from June this year, or last year, getting our first chance to look at this, that has been quite a fast turnaround for us to immediately start challenging Accenture. I'll just make this comment and let you go on. Do you want to say something there? Probably going to answer very similarly to that, Mark. I just leave, but I know that Kevin has got another comment. Gentleman, please, it's just that Kevin's got to be off for something else, so I'm letting him in. You can come back in a bit. Can we have his comment and I'll come in afterwards? Okay, fine. I mean, you say it's a fast turnaround, et cetera, but I still go back to this commitment that we were given at this committee in June of 2013 that the system would be starting working in operation at the beginning of 2015. Although you say what's actually happened has been fast, the anticipation that we were given back then was just after Christmas 2014 that it was beginning to be launched. Okay, so we have lost over a year and we're now getting the cuts of it out? Indeed, but you're going back to a committee that happened a couple of years ago, and I think this is now my fifth appearance in front of this committee over that period of time. We have been given this committee regular updates all the way through written submissions, so they know the full history, and I'm worried that if I start replaying that entire history to you again, we won't have any time for any other questions between now and when we finish when it has been played out repeatedly. Thank you, convener. As Mr Leven has just said, he's appeared in front of the committee a number of times. One of the things that we discussed during the course of those meetings were gateway reviews, and by the signs of it, each gateway review that there was, everything seemed to be hunky-dory, is that correct? I think that this is extremely important, convener, because Chief Superintendent MacPherson said that the test results that were coming from Accenture were showing 90-91 per cent success. Am I correct? 91 per cent was with regard to their confidence. They were in the high 90s of product test results, varying from module to module, but generally in the high 90s. All of the information that you were getting from them about testing seemed to show that the system was working. Yes, indeed. It wasn't until the actual going live that all of the failure became apparent. It wasn't going live, sorry. Mr Stewart, I know that this is a question for you. The test pilot, you know where we're coming from. Now I'm getting the language wrong. Basically, can you tell us if the information that you were getting from Accenture about the success rate of the testing was fact? Do you think that they were actually achieving that success rate, or were they being a bit disingenuous in what they were telling you? Being careful what I say here, they have identified that the test coverage within their tests was probably insufficient. What does that actually mean, Chief Superintendent MacPherson? They were probably needing to test more. They were needing to test more? Yes. Can I ask, do you think that the testing that they were doing was maybe somewhat selective? I have no evidence to say that. I have their team watching what I say again. They have their team identifying that they could have had better coverage of the test across each of the modules. Were they covering up? I'm not going to be gentle about this. Were they covering up difficulties in the whole process? I have no evidence to suggest that they were covering up, whether it was a cover-up or it was just a lack of coverage within them. Basically, what we're saying is that the testing that they were doing was not enough to show what would really happen if that system became live. I would suggest that the very fact that there were 76 defects, which were, if you like, a level 3 or a level 4 defect, a level 3 or a level 4 defect at the time that the product was handed to us. Very quickly, we had a number of severity 1 and severity 2 defects, which tends to suggest that it required more testing within their phases. In terms of trust, where they have obviously failed to do that properly, in terms of trust, can this company be trusted? I can probably give you some comment. Since we identified the issue, they have gone away and carried out their own internal assessment, much of which I can't share with you. They have come to us in the back of their internal assessment with their remediation plan. Their remediation plan, which Mr Levin has not seen yet, to be fair, because they haven't yet presented it, but that is in the diary, I believe, or I've got to be in the diary, would address most of the issues that I believe are wrong with the application. I have some confidence in the remediation plan that they have provided, but Mr Levin is still to actually see that remediation plan. That relies on the fact that the remediation plan is done accurately, but it definitely would remediate the issues that are found within the application. From my perspective, I am a very simple man in those regards. If somebody does not give me the full facts about what the outcome of a situation is, and this testing seems to be an example, maybe I haven't done it right, I would find it very, very difficult to then go and do business with that person again. I say that without prejudice. I think that this is extremely important because you have said that Accenture has delivered in Spain. Would it be the case that the Spanish system would be less complex than what was required here in Scotland? I will pass over to Hamish to answer that. The one thing that I will say to Hamish, as you have gone through the Scottish criminal justice nuances already and the evidence that he has given today, is the significant difference between the Spanish system, the way that we handle information once it comes into the system and the way that information is then categorised and translated into other parts of our criminal justice network is significantly different. It was never a like for like. We knew that it was never a like for like, but it was the template that we were going to operate from. Again, I will ask Hamish to answer that. I was just going to say that the reality is that, in some ways, Scotland should be very, very proud of its justice. We probably have one of the most integrated criminal justice systems in terms of documentation flying between—even down south there can be a paper piece of documentation that moves between prosecution services. In Scotland, it is de-limited, marked up data that passes between. It has been there for some time now. It is now, as you are aware, in its second big iteration. However, because of that, it introduces complexity in TIT systems. We are not necessarily within Spain, if I am being honest with you. I think that some of the complexity of justice was caused by that. It is some of the power of justice as well that allows us to very quickly get our police information report to stand the prosecution report from police to the procured at the fiscal very quickly, et cetera, but it also makes the ICT systems more complex. In terms of Accenture itself—I am asking for an opinion here—do you think that they may be thought that they would get away with delivering something similar to the Spanish system with the additional bells and whistles added necessary to deal with this justice? I do not want to answer that, if that is okay. By saying that you do not want to answer it, I cannot comment on what Accenture thought— I wonder if Chief Superintendent MacPherson can comment on that. I mean, all I would say is—it is hard for me to comment—all I would say is starting with an asset that is already there, which does not necessarily fit into our police domain, does not necessarily make that journey any easier. In some ways, starting with a blank piece of paper might have actually made journey easier. I am going to ask the ultimate question here. In terms of the software that was used to develop I6, was the vast bulk of that code exported from the Spanish system? No, the vast majority of it is bespoke software for Scotland because of the issues. To be honest with you, I think that the vast majority of it has been rewritten. I think that potentially the original intention was to use the asset. I think that what has happened has become obvious how complex it is. I think that a lot of it has been rewritten. So an original intention might be changed when the complexity of what was required here was recognised. That would be fair to say. Excuse me a minute, Kevin. I am just trying to follow the flow of this. You say—this is the story, as I understand it—Police Scotland prepared a thorough specification taking into complex with the criminal justice system. It was a very rigorous procurement process. Accenture won that because of the track record in delivering this other system, which I am now hearing—you cannot really use, you get to start with a blank piece of paper—so it was the expertise that I take rather than the system. It then proceeded to do these gateway tests when they were telling you that it was actually okay. I am just making it simple for myself. That was okay. But when you do your test run to actually activate it, it is anything but okay. So we have either got people who have not got the skill to do it in the first place, or we have got the fact that they were making mistakes or a mixture. What I cannot understand is that they did not know before you did this full run that you were going to find out that stuff. I do not know—I do not understand this—because if I was doing something like that as a developer, I would have a wee run it myself. To me, you are saying that it was only when you pressed the buttons and then all those 81 serious substantial defects surfaced. What—am I understood this? No, chair. I think that you are actually fairly accurate there. There is a bit that you have missed out on the whole thing, which is the intense functional design and technical design element that happens after the contract is awarded. That would have painted the exact picture of what had to be done. That is pretty well the story. Thereafter. In fairness, what you have just summed up there and certainly what Mr Stewart just summed up is not far off and probably a lot paliter than the exact questions that I was asking Accenture at our September board meeting. So just to remind me, they would have done a little—what you were going to do when you pressed a button, they would have done that to the whole system. When they brought on the model to test it, they would have done that before you did it. I do not understand, chair. Well, when you find out when all those mistakes come to light, the gateway thing has been told that it is all right, but when you do a test run to activate the system, you find that it is really bad. They would have done that, surely, themselves before it left as my metaphor of the factory. Again, we had no sight of the internal quality testing that they were doing, which is the way that these projects work. We get it handed over to us, we play with it, and then we find out how it is working. My honest opinion is, again, that the senior managers at Accenture, the ones that we face up against, probably were not aware of the issues until such time, as we highlighted them up to them. Crums. I would not have them fix my pipes and my radiators at this rate. They would be telling me that it was all right and I would still have leaks. John. Thank you, convener. It would seem that there has been a breach of trust that, at the very least, people do not appear to act in good faith. I am not necessarily asking you to comment on that, but, in the report that we have, there is mention made of the findings of the root cause analysis assessment, which we are told was presented to Police Scotland 12 November. Now, we are told that it was carried out by an independent Accenture team, presumably an in-house team. So, independent in as much as unconnected with the initial project, is that the level of independence? That is correct, that is why I quoted the independent in there. It is an essential team, but it was an essential team that were not involved in I6. I have had an update from the team of people who were carried out. I have got no doubt of their professionalism and carried out their review, and it was a very honest review that we got back. I am done in the position to share that because it was given with all prejudice. That might not be a good parallel, but I am going to mention that, in relation to Sport Storm, you told us that Cambridgeshire can stab it under to an assurance review of readiness. Was there anyone else from, if you like, representing the police centres that could have had a look at this? I think that I understand your question, Mr Finnie. We asked Cambridgeshire to come in as an independent third party who have already delivered the product that we are trying to deliver at the moment to have a look and tell us where we are going right, where we are going wrong, et cetera. Where that would differ from the root cause analysis test that he referred to, the independence of that, is an internal, accenture model, so we cannot really influence it. We cannot say to them to get your rivals to come in and take a look at it. No, I understand that, but just as you used Cambridgeshire to look at this, was there any opportunity to have anyone unconnected with the immediate team that has been involved for Police Scotland to look? So, get an external team to take a look at the supplier product that we are already very critical of at that stage? Yes, indeed. It is not to be critical of use, but sometimes you can be so immersed in something. The intention of that is that the root cause analysis that is being presented to my team internally is the root cause analysis that is being presented to Martin's team. That is the opportunity for Martin's team as the independent sort of Police Scotland technical people to have a look at that codely and say, you know, ask the same questions that I asked basically of that assessment, and then on the back of that, then look at their remediation plan as to how they are going to fix the issues found, and ask if you like our opportunity to have an independent look at that at that point in time. I did find it to be fair to them. I am very honest, independent review. And the question of this remediation plan, is that something that will be published? The remediation plan is something that we are discussing. Okay, so the remediation plan is established just now. The numbers do not work out. It is too long for me, and that is why we are looking for a modular approach. That has now been put on the table, which is what we are looking out over the next eight weeks. As a result of that, that will hopefully end up with a, if you like, a plan, which we can work to, that actually gets the modules out to our officers as quickly as we possibly can. That is the goal for me in a combined Police Scotland. Okay, thank you. Elaine. I do not know if you are saying that the modules have to go out to your officers. What is the consequence for the training of staff and the training of officers? I mean, obviously, you may already have had people trained on some aspects of this, are there? We have not actually commenced training when we updated you last time after a hard disk issue. We actually cancelled the training at that time. And then, of course, shortly after a Justice Committee meeting, that is when we actually identified the issues. If we go for a modular training plan, it will require modular training, obviously. But we are working through the detail of that over the next few weeks. To what arms? I mean, if they do not get it sorted, if it is sent, they do not get it sorted. What sort of contingency plans have you got? What I have undertaken to do for the authority is to provide an options appraisal, which will include continuing this journey in various guises, because there are two options in the paper. The one presented by Accenture, the one in which we have now got, as I said, the alternative rural plan, but we have also looked at what other contingencies might be, including other frameworks, et cetera, or interim solutions that we have across the country that we could potentially roll out across the country. We are doing that hand-in-hand with Martyn's team. There must be lessons for the public sector to a certain extent, and with regard to IT, because every IT system that is commissioned by the public sector seems to run into trouble then. You were talking about the cost payments, whether it is whatever it is. If I can say anything to reassure you, the one thing that I have got to say, and it has been identified, obviously, in the order of Scotland reviews and in the gateway reviews, is that this has been managed, nothing to do with me because most of it predates me. This has been managed contractually very well from the onset. Yes, we have used external expertise for that. As a result of that, we have a really robust contract. The one thing that you definitely want to take from this is a robust contract. There has been no other costs for Police Scotland. I think that going ahead, there will be no other costs for Police Scotland. That is an absolute positive to take from that. Can we always engineer a position where we never end up in a position that my suspicion is that it happens, not just in the public sector. It also happens all the time in the private sector. We just do not see it as overtly. I think that it is a problem in the industry. You wanted to say something. I am quite keen to bring us in. This goes back to a point that Mr Pearson made earlier on about the platform project and lessons learned from it as well. We were very keen going through that. We recognised that we looked at every major public sector IT project. We looked at the failures. We looked at the high-profile ones that you are all very aware of, not just in Scotland but across the wider UK. At the heart of every single one of those public sector IT failures is a private sector company delivering it. That is why we went into the contract side of this very robustly. We think that we have a very watertight contract that protects Police Scotland and its interests as part of this. I think that it is a problem in the industry. I think that everything that we have discussed so far is very important. Again, I will come back to a quote from two years ago. We were told by the chief constable that it is worth emphasising that I6 will cover 80 per cent of the current operational police activity. It is absolutely massive as far as the organisation is concerned. Operational officers are waiting for it to be delivered. We have all the things about governance and all the rest of it. I am satisfied that there have been a lot of good checks and balances. When do we deliver to the officers the radical changes that are required to get them on their way? Elaine mentioned options. If there is to be a plan going forward—their journey— when do we anticipate that we are going to deliver it for the officers in order that they can do their work better? I6 covers 80 per cent of the data flow in operational policing. Since Police Scotland launched, we have successfully launched 23 national policing systems that have significantly changed the day-to-day working environment for officers across the country. We are currently in the middle of a roll-out of a brand-new desktop environment and the roll-out of a brand-new network across the country, desktop collaboration. We have not just stopped because of I6. I6 makes up 80 per cent of operational policing data, but it is nowhere—it is not the be-all and end-all in terms of we cannot operate as a police force without this. The concern that I have about I6 being delayed, which I think is where you are probably going to with this, is that we have got some legacy systems that are past the end of their scheduled life cycle because of the I6 delay. We have remedial plans being worked through at the moment to replace some of the systems in the very short term with systems that we already have in other parts of the country that are more up-to-date. Presumably, those options and other remedial plans will have a cost for the service in order to deal with the threat that you mentioned before about systems failure. Will those additional costs that you bear be borne in mind when it comes to dealing with whatever the future is for I6? I think that I raised that in what you called indirect costs and whether things would have to be written off or moderated. I am going to stop there because, as you appreciate, we cannot sit after 230 of other business. Unless there is anything that you further wish to add to the committee of your own bat before we give you a break, can we go on to our next item? Yes, one thing that I would absolutely like the committee to be aware of. That has been quite a difficult session for us, I am sure that you can imagine, and it appears to be the focus of the committee. This session was originally called about progression of IT systems, and I6 is one of several hundred IT systems that we have currently operating within Police Scotland. For this committee, I produced an update that you all have that shows the tremendous success that we have had in the other IT systems. I came here in 2013 at the session that Mr Pearson referred to a few times and discussed a blueprint with you. I can absolutely confirm that we have got a tremendous track record of delivering the key commitments that we put into that blueprint. We have launched 23 national systems, and we still retain our IT staff. We have done this in a challenging background, where we have difficulty retaining the skillset that I have in the IT department, our inability to recruit in the public sector in Scotland because of the salaries that we attribute to some of the key skillsets. However, I appreciate all that, but you will understand why the committee wished to focus on this very, very large project, which has had very, very large problems. It has been very helpful today, so I am afraid that you are a bit there on behalf of Police Scotland. I have had to cut it short. Thank you very much. I will just stand for a minute to let the witnesses leave. I have got to move on to the next item. I am moving on to item 2, the decision on taking business in private. I am inviting you to agree to consider your legacy report in private of future meetings. Are you agreed that we take our legacy paper in private? Next, we will take place on 10 March, and we will hold a final round-up session with the chief constable and the chair of the Scottish Police Authority. We will also consider that legacy report, and I formally close the meeting.