Building Access Control

The Metropolitan Police Service has reviewed its electronic card access provision and established a requirement to implement a secure card management solution to maximize the usage of its buildings as part of the Smarter Working Programme. This paper proposes a single solution for card access management at a cost of up to £1.92m capital and £120,000 project revenue in year 1.

The Deputy Mayor for Policing and Crime is recommended to:

1. Approve the preferred option 2 to proceed to Gate 4 (‘Go Live’ Decision)

2. Agree funding of £1.92m capital to complete the project (this is a total one-off investment to deliver the above benefits). Of the capital requirement, £1.42m is not currently included in the capital plan but once approved it will be added accordingly to the capital programme.

3. Agree part year revenue funding of £120k for the first year solution maintenance charges. This cost pressure will be covered by the existing Digital Policing revenue budget.

4. Agree the cost pressures associated with the outer years will be managed through the 2020/21 Medium Term Financial Planning process. The annual business as usual net revenue pressure is £369,000, after anticipated savings of £222,000, to support the HID Safe solution and consumables for business as usual card printing. This is a revenue pressure over and above current costs.

1. Introduction and background

1.1. This Final Business Case (FBC) is for the provision of an Access Card Management Solution to complement the upgrade of the access control hardware across the Metropolitan Police Service that was approved by MOPAC on 7 September 2017. It also makes the case for the wholesale change of the access card designs with an industry best-practice level of security on the cards themselves.

2. Issues for consideration

2.1. This project will address the technical obsolescence of the current card access solution.

3. Financial Comments

3.1. The project will deliver quantitative non-cashable savings of £1,033,632 for police officers and £196,224 for police staff each year through removing the need to travel across London to obtain security passes or warrant cards.

3.2. Capital funding of £1.92m capital is required to complete the project. Of this, £1.42m is not currently included in the capital plan but once approved it will be added accordingly to the capital programme.

3.3. Project revenue funding of £120k for the first year solution maintenance charges is required. This will be covered by the existing Digital Policing revenue budget.

3.4. The annual business as usual net revenue pressure is £369,000, after anticipated savings of £222,000. This is a revenue pressure over and above current costs and will be managed through the Medium Term Financial Planning process.

4. Legal Comments

4.1. Paragraph 4.8 of the MOPAC Scheme of Delegation and Consent provides that the Deputy Mayor for Policing and Crime (DMPC) has delegated authority to approve business cases for revenue or capital expenditure of £500,000 or above.

5. Commercial Issues

5.1. The preferred option is option 2. This comprises the core software solution, known as ‘Safe’ from HID Global, as well as card printing hardware from Digital ID and a MPS-wide refresh of security passes. After examining the functionality of the solution, the MPS recommends that only the core functionality is delivered as it represents the best value for money to deliver against requirements. Option 1 involved full functionality but this did not deliver sufficient additional benefits to justify the extra revenue cost. Option 3 excluded the refresh of security passes but this was judged not to address the security risks.

5.2. Procurement of the software is via the Application Management Services Tower. Accenture will provide solution integration services and manage the third party supplier HID.

5.3. The supply and delivery of the new printers, software solution cards and ancillaries (Digital ID solution) will be procured via the Health Trust Europe (H.T.E) Framework Agreement through Softcat Ltd, awarding to Digital ID.

5.4. Both procurement routes are compliant.

6. GDPR and Data Privacy

6.1. The MPS is subject to the requirements and conditions placed on it as a 'State' body to comply with the European Convention of Human Rights and the Data Protection Act (DPA) 2018. Both legislative requirements place an obligation on the MPS to process personal data fairly and lawfully in order to safeguard the rights and freedoms of individuals.

6.2. Under Article 35 of the General Data Protection Regulation (GDPR) and Section 57 of the DPA 2018, Data Protection Impact Assessments (DPIA) become mandatory for organisations with technologies and processes that are likely to result in a high risk to the rights of the data subjects.

6.3. The Information Assurance and Information Rights units within MPS will be consulted at all stages to ensure the project meets its compliance requirements.

6.4. A DPIA has been completed for this project. The project will ensure a privacy by design approach, which will allow the MPS to find and fix problems at the early stages of any project, ensuring compliance with GDPR. DPIAs support the accountability principle, as they will ensure the MPS complies with the requirements of GDPR and they demonstrate that appropriate measures have been taken to ensure compliance.

7. Equality Comments

7.1. This project enables greater flexibility for the MPS’s workforce by making more buildings accessible and thereby supporting the Smarter Working programme.

8. Background/supporting papers

8.1. The Building Access Control Outline Business Case, approved in September 2017 (PCD 262), approved part 1 of this project (the hardware upgrades across the estate) and also approved £500,000 capital towards this part of the project.