Industry news

New British bank Shawbrook has launched, targeting small and medium sized enterprises (SMEs) struggling to get funding from the UK's biggest banks, which in turn are grappling with expensive debt burdens and tight capital markets.

Britain's government has emphasised the importance of the small business sector in boosting the country's faltering economy and urged the big banks to lend more to small firms so they can grow and hire more staff.

The BBC has reported that Somerset County Council has revealed plans to outsource many of its operations, following the successful implementation of a similar scheme on a smaller scale.

Council chiefs will spend the next 18 months analysing exactly where money could be saved by hiring an outside firm to complete the work.

The cleaning and catering at libraries, schools and other facilities has recently been outsourced and is still being provided to members of the public but at a lower expense to the local authority.

Council leader Ken Maddock told the news source: "This is an exciting but also very challenging programme that has the potential to deliver huge savings."

sourcingfocus.com catches up with outsourcing guru David Smith, Global Chief Innovation & Technology Officer at Fujitsu and learns a little Japanese along with the way..

WHAT IS FUJITSU’S STANCE ON INNOVATION IN OUTSOURCING? HOW DO YOU DEFINE IT, AND HOW DO YOU MAKE IT HAPPEN?

Innovation is about creating incremental business value by doing something differently.  Innovation in the context of outsourcing can be a number of things: a new offering adding value, a compelling solution delivered for a customer, or it could be a particularly innovative commercial approach.  The fundamental premise of our approach to innovation is that it is collaborative, with our customers, with our partners and by delivering the collective power of Fujitsu’s people.  We launched an Open Innovation service last year in the UK and have run a number of crowdsourcing events both internally amongst our people and externally with customers and third parties.  Working closely with our customers enables us always to focus on delivering business value, often enabled by technology though we do not restrict our thinking to that.

REGARDING YOUR FIVE YEAR DEAL WITH MCDONALDS, CAN YOU EXPLAIN FURTHER THE CONCEPT OF “USER EXCHANGABLE PARTS”?

The users are the McDonalds restaurant employees who are being trained so they can swap faulty parts in the company’s EPoS retail IT system for new ones instead of relying on engineers to fix relatively straightforward problems. The benefit is that problems are solved with greater speed and at a reduced cost, which is great for our customer.

HOW DO YOU SEE DAVID CAMERON’S VISION FOR THE BIG SOCIETY AND OPEN SERVICES AFFECTING LARGE OUTSOURCING PROVIDERS SUCH AS FUJITSU?

The Government’s aspirations for the Big Society involve the creation of “mutual” organisations which are constructed along a partnership model. We think there are likely to be hybrid organisations forming, including mutuals, which retain a government stake (to protect assets and benefit from future buy-outs or uplifts) and involve the private sector as a joint venture partner. This could provide the blend of commercial know-how and the public sector service ethos to deliver a winning combination for both citizens and taxpayers. Fujitsu’s existing partnerships with government departments and schemes such as HMRC, LGSS (Cambs and Northants Local Government Shared Service) and Northern Ireland Civil Service illustrate how some public-private partnerships can deliver a positive outcome. The flexibility of relationships is vital, and we have learned to ensure a pragmatic balance between our commercial and business-critical priorities, which we know our customers value.

Large outsourcing providers like Fujitsu, through their role as a systems integrator, can also extend the option of involvement in a part-mutualised public body to SMEs. In this context SMEs have traditionally been smaller technology companies, but this approach could easily be extended to local community-based organisations who would struggle to tender for local services in their own right.

HOW JAPANESE IS THE BUSINESS CULTURE AT FUJITSU?

We aim to bring the best of our Japanese heritage and its focus on quality, continuous improvement, and Lean thinking and marry it with the local cultural alignment of our operations around the world.  We have a clear and relentless focus on the needs of our customers.  We always focus on how we can enable them to achieve their business objectives and maximise the value they deliver to their own customers. Many management techniques taking their inspiration from Japan, such as Genchi Genbutsu (go and see for yourself), and Heijunka (workload levelling), pervade the way we approach business, both in working with customers and in our back office activities. In addition, Fujitsu globally takes a long term view: in building assets and capabilities, in entering new markets and most importantly in investing in customer relationships. Our customers tell us that this culture makes for fruitful and lasting partnerships.

CAN YOU TELL US MORE ABOUT FUJITSU K AND ITS UPCOMING ROLE IN THE JAPANESE GOVERNMENT?

The K supercomputer which Fujitsu developed in partnership with RIKEN * is famous for being the fastest computer in the world with a computing capacity of 8.162 quadrillion times per second. However, in achieving that performance, it also demonstrates facets of the company’s focus on quality and engineering excellence. For example it has 70,000 CPUs working together at an efficiency rate of 93% which in that context is an outstanding achievement. 

The Japanese government invested more than 100 billion yen (US$1.25 billion) in the K supercomputer project and its intent was to maintain Japan’s position as a leading force in this field. The supercomputers will be used to enable research to tackle a range of complex problems related to climate change and weather patterns. It will also enable Japanese industry to be more competitive globally by providing a powerful computational tool to develop breakthroughs in drugs, materials and new technologies.  The link with RIKEN is also likely to provide impetus to the research into renewable energy, and research to protect people from natural disasters by predicting the impact from earthquakes and tsunami.


* RIKEN is an independent administrative institution under the Japanese Ministry of Education, Culture, Sports, Science and Technology whose mission is to conduct comprehensive research in science and technology and to disseminate the results of its scientific research and technological developments. RIKEN carries out high level experimental and research work in a wide range of fields, including physics, chemistry, medical science, biology, and engineering

WHAT IS NEXT FOR OUTSOURCING? WHERE DO YOU SEE NEW OPPORTUNITIES / MARKETS ARISING? WHAT WILL BE OUTSOURCED THAT ISN’T CURRENTLY?

There are a number of key trends driving what the technology sector can deliver to the world.  The “on demand” model that is inherent in the cloud computing wave with the “as a service” mantra is driving the evolution of the outsourcing market.  There’s a concept often called the “Internet of Things” which references the new opportunities we have to harness the cost economics of cloud computing and to combine it with pervasive networking and ubiquitous devices/sensors. The result is to build technology even more into the fabric of our lives. 

The way we describe this emerging opportunity at Fujitsu is that we have the potential to build a human centric intelligent society where technology is part of the fabric of life. Examples of these new types of service include: smart city initiatives; smart metering to drive the sustainability agenda; and telematics to transform how our transport systems operate.  Finally more immediately the evolution of cloud computing and the dynamic I would label the “consumerisation of corporate IT” is showing signs of completely transforming how corporations purchase and operate technology based services. All these areas move us into a new form of outsourcing model.

About Fujitsu

Fujitsu is a leading provider of information and communication technology (ICT)-based business solutions for the global marketplace. With approximately 170,000 employees supporting customers in over 100 countries, Fujitsu combines a worldwide corps of systems and services experts with highly reliable computing and communications products and advanced microelectronics to deliver added value to customers. Headquartered in Tokyo, Fujitsu Limited (TSE:6702) reported consolidated revenues of 4.5 trillion yen (US$55 billion) for the fiscal year ended March 31, 2011. For more information, please see: www.fujitsu.com

Dominic Saunders Senior Vice President at Cryptzone gives an IT security experts view on best practice policy management

Striking the right balance between risk mitigation and the commercial demands of the business is an essential skill, which must be adapted according to the nature of your industry and the size, culture and risk appetite of your organisation. This role needs to have clear ownership at senior management level.

Organisations need to take a systematic and proactive approach to risk mitigation if they are to be better prepared to satisfy evolving legal and regulatory requirements, manage the costs of compliance and realise competitive advantage.

Achieving and maintaining policy compliance becomes more difficult to sustain as organisations grow, become more geographically dispersed and more highly regulated. But, it doesn’t have to be this way.

The purpose of policies and procedures

Policies and procedures establish guidelines to behaviour and business processes in accordance with an organisation’s strategic objectives. Whilst typically developed in response to legal and regulatory requirements, their primary purpose should be to convey accumulated wisdom on how best to get things done in a risk-free, efficient and compliant way.

Policy Pitfalls

Here are some of the most common grounds for policy non-compliance:

­ poorly worded policies

­ badly structured policies

­ out-of-date policies

­ inadequately communicated policies

­ un-enforced policies

­ lack of management scrutiny

So, what is the secret for effective policy management?

Policy excellence in six steps

Step One: Create/Review

It is important to understand, when creating policies, that those created purely to satisfy auditors and regulatory bodies are unlikely to improve business performance or bring about policy compliance, as they rarely change employee behaviour appropriately. While satisfying legal departments, and looking impressive to auditors and regulators, busy employees will instantly be turned off by lengthy policy documents full of technical and legal jargon.

External factors that affect policies are evolving all the time: for example technology advances may lead to information security policies and procedures becoming obsolete. Additionally, changes in the law or industry regulations require operational policies to be frequently adjusted. Some policies, such as Payment Card Industry DSS compliance, have to be re-presented and signed up to on an annual basis.

Typically, most “policy” documents are lengthy, onerous and largely unreadable – many are written using complex jargon, and most contain extraneous content which would be better classed as procedures, standards, guidelines and forms. Such documents should be associated with the policy. Documents must be written using language that is appropriate for the target audience and should spell out the consequences of non-compliance. Smaller, more manageable documents are easier for an organisation to review and update, whilst also being more palatable for the intended recipients. Inadequate version control and high production costs can be reduced by automating the entire process using an electronic system.

Step Two: Distribute

A key step in the policy management lifecycle is to ensure that staff are aware of relevant policies and procedures. Organisations need to effectively distribute policies, both new and updated, in a timely and efficient manner. These need to be consistently enforced across an organisation. After all, what is the point of expending considerable effort and cost to write and approve policies, if they are not effectively distributed and read?

Step Three: Achieve Consent

In many cases, regulatory requirements call for evidence of policy acceptance, demanding a more pro-active and thorough approach to the policy management lifecycle.

A process needs to be implemented that monitors users’ response to policies. Policy distribution should be prioritised, ensuring that higher risk policies are signed off earlier by users than other lower risk documents. For example, an organisation may want to ensure that a user signs up to their Information Governance policy on the first day that they start employment, whilst having up to two weeks to sign up to the Travel & Expense Policy. Systems need to in place to grant a user two weeks to process a particular document, after which the system should automatically force the user to process it.

Step Four: Understanding

To monitor and measure staff comprehension and effectiveness of policies and associated documentation, organisations should test all, or perhaps a subset of, users. Any areas that show weaknesses can be identified and corrected accordingly. Additional training or guidance may be necessary or, if it’s the policy that is causing confusion, it can be reworded or simplified.

Step Five: Auditability

In many cases regulatory requirements call for evidence of policy acceptance, which demands a more pro-active and thorough approach to the policy management lifecycle. The full revision history of all documents needs to be maintained as well as who has read what, when and, if possible, how long it took; who declined a policy and why. This record should be stored for future reference and may be stored in conjunction with test results.

Step Six: Reporting

To affect change and improve compliance it helps if key performance indicators relating to policy uptake are clearly visible across all levels of an enterprise. Dashboard visibility of policy uptake compliance by geographical or functional business units helps to consolidate information and highlights exceptions.

Being able to quickly drill down for specific details in areas of poor policy compliance dramatically improves management’s ability to understand and address underlying issues.

Bringing it all together

To check the level of policy compliance that exists within your organisation you need to periodically answer the following questions:

­ where are you current policies? – Are the accessible to staff?

­ who has seen your current policies?

­ who has read your current policies?

­ do your staff understand them?

­ are your policies being followed by everyone?

­ are your policies effectively managed?

­ are your policies up to date?

­ and can you prove this to the Auditors?

For those organisations that are serious about staff reading, understanding and signing up to policies, they should consider adopting automated policy management software. This raises standards of policy compliance and provides managers with practical tools to improve policy uptake and adherence.

Ultimately, policy compliance is about getting people to do the right thing, in the right way, every time. Ensuring everyone understands what is expected of them and how they are required to carry out their jobs according to corporate policies and procedures is not a new practice. Embedding an automated policy management solution into an organisation is really the only viable way to create and sustain a culture of compliance, where people understand their responsibilities and the importance of adhering to corporate standards.

Doing so empowers people to do their jobs within an acceptable governance framework rather than constrained by a rigid set of unenforceable rules. By effectively handling the policy management lifecycle you can create a firm foundation for effective risk mitigation and governance. Automation helps the benefits of policy compliance for The Board, line managers and the general workforce get to grips with policy compliance and puts forward a cost-efficient approach for achieving policy excellence.

In our last blog we tried to give a simple explanation of cloud computing and the three basic types of cloud service: IaaS, PaaS and SaaS.

This time we’ll look at the three main types of cloud - public, private and hybrid - and how you choose between them.

Public cloud – a service provider gives you access to IT resources over the public Internet. You share the resources of the cloud with other users. Your data and applications are independent of other people’s, so while Company A and Company B might share the same physical server or disk, A and B only see their own virtual resources.

Private cloud - where the physical servers and storage devices that make up the cloud are available to specific users only. In this case, company A and company B’s data live on separate physical servers and storage devices. A private cloud could be run by an external service provider or your own IT department.

Hybrid cloud – there are a few different definitions of hybrid cloud, but most people consider it to be where a company runs a private cloud in tandem with a public cloud service. The public cloud might be used as a kind of overspill resource, or the workload might be split between public and private according to the type of application and data involved.

So how do you choose between them? The first thing to consider is whether you should be using an external provider, cloudy or otherwise. For very sensitive data and ‘mission-critical’ applications it may still be preferable to host and manage them in-house (indeed, you may be required to do so from a legal and regulatory point of view.) That might suit an in-house private cloud, depending on the kind of workload you’re talking about, or even traditional dedicated servers. The decision here is more about the business need to maintain total control over IT, versus the cost of building, running, maintaining and managing it in-house.

The next step to consider would be using a private cloud provider, and some kind of ‘virtual data center’ service. Security will be an important consideration, but there is nothing inherently less secure about a properly-designed private cloud service. The hardware lives in a data center, just as it does if you run your own IT infrastructure, and as long as you’ve done your due diligence on your provider’s security credentials, you can reap the benefits of cloud scalability and resilience without the time and expense of managing the infrastructure yourself.

Finally, there is public cloud, which suits a huge range of applications and offers the greatest choice of provider, from your local hosting company to giants like Amazon. Here too there are probably fewer security issues than you might have thought. At the end of the pipe there are still data centers that need effective physical and electronic security measures in place, just like your own: in other words, there is nothing inherently insecure about public cloud, either, if it is designed and managed properly.

Consider an application like Salesforce.com, for example, that’s used by companies all over the world. That’s Software as a Service running on public cloud infrastructure - countless companies sharing the same boxes and disks for their customer, sales and marketing data, and just getting on with their business.

Finally, a word about pricing. Cloud services are often priced like a utility (per GB per hour, for example) but they don’t have to be: for many business users the flexibility of per-hour pricing isn’t as important as having predictable costs for IT. Shop around and you’ll find plenty of providers willing to offer public and private cloud services for a fixed monthly or even daily price, usually with the option to scale up on demand, if required.

Next time we’ll look at how to choose your cloud service provider.

Unemployment stands at 2.57 million, and it would seem that the government has no clear plan on how to get people back to work. An austerity plan is one thing, but getting folk back to work is vital. Employment wise, we’re heading in the wrong direction and have been for some time. It’s time for the government to take positive decisive action. That means generating growth, and if that means ringing the changes and thinking a bit more radically, then why not?

If the government can inject £ 75 billion into the economy with quantitative easing, which, in effect, is the artificial boosting of banks’ own bank balances, and trusting them to spread this ‘new money’ around the economy. Doesn’t quite work like that though does it?

Last time out, quantitative easing didn’t have a great deal of impact, because the banks took the ‘cash’ and simply sat on it. The money went straight to banks’ bottom lines, with small businesses experiencing all the same problems getting loans out of banks that they did prior to QE and this time the added risk that savers face a smaller pension income. Doesn’t seem such good idea does it?

Private sector job creation is failing to keep with public sector job losses and that needs to change. Cutting out public sector efficiencies is the way to but if people end up on the dole as a result, that could be a false economy long term. The government owes it to the people of this country to carve out opportunities for jobless people to get back on their feet.

QE’s cash might work better by bypassing the bankers, and infusing the money into the system more directly. QE is artificially cranking up bank balances – why not whack a zero onto deserving enterprises’ bank accounts instead? And by deserving, I mean those with a clear plan and commitment to generating jobs, perhaps bringing some outsourcing back to the UK? Government subsidised expansion plans, particularly for SMEs bidding for government business, could help give the economy the kick-start it so desperately needs.

Outsourcing, like spending, will more than likely always be an area that comes under scrutiny in the public sector. But with increasing areas of the public sector now being outsourced, it is probably no surprise that the question on everyone’s lips is – how to get the best out of this strategy?

It is understandable in the current climate, that public sector organisations have increased pressure to make this strategy work for them financially. There has been an intense focus on cutting costs for some time now and amongst other issues, this has led to strained relationships with suppliers as CPOs battle with limited access to cash flow. Pressure is on the public sector to adhere to budgets whilst maintaining service levels and with outsourcing’s biggest advantage being that it saves money it is a welcomed strategy by most.

But these reduced budgets don’t reflect in the expectations of quality or quantity required from outsourced services, which remain at times, unrealistically high. There is a tendency, which has been driven by cuts and budget limitations, for the public sector to need everything for the lowest price possible and this can lead to a juggling act between service levels and cost.

The potential issues this creates here, are self-explanatory. ‘You get what you pay for’ is a well-recognised motto in the private sector, but when it comes to the public sector it holds less weight. It appears that in the public sector there is an expectation to get ‘more for less’ and you’ve got to wonder why this is. Perhaps there is an underlying feeling that good will should come into play, but realistically this is just not the case. If you want a better service levels then you must pay a better price, regardless of what sector you’re buying for.

This being said, it is important for the public sector to follow careful steps in order to avoid dips in service levels and get the most out of their strategies. With careful planning, risk analysis and a considered approach to funding barriers better outsourcing results can be attained. Furthermore it is important for the public sector to be realistic about what the budget will afford them

Google Inc. has announced financial results for the quarter ended September 30, 2011.

"We had a great quarter,” said Larry Page, CEO of Google. “Revenue was up 33% year on year and our quarterly revenue was just short of $10 billion. Google+ is now open to everyone and we just passed the 40 million user mark. People are flocking into Google+ at an incredible rate and we are just getting started!"

Q3 Financial Summary

Google reported revenues of $9.72 billion for the quarter ended September 30, 2011, an increase of 33% compared to the third quarter of 2010. Google reports its revenues, consistent with GAAP, on a gross basis without deducting traffic acquisition costs (TAC). In the third quarter of 2011, TAC totaled $2.21 billion, or 24% of advertising revenues

Powers to conduct compulsory data protection audits in local government, the health service and the private sector are needed to ensure compliance with the law, the Information Commissioner said today at the 10th annual data protection compliance conference in London.

Christopher Graham’s call came as figures showed that the ICO is being blocked from auditing organisations in sectors that are causing concern over their handling of personal information.

The only compulsory data protections audit powers the ICO currently has are for central government departments. For all other organisations the ICO has to win consent before an audit can take place.

Data breaches in the NHS continue to be a major problem. Of the 47 undertakings the ICO has agreed with organisations that have breached the Data Protection Act since April, over 40% (19) were in the healthcare sector. In addition, the most serious personal data breaches that have resulted in a civil monetary penalty occurred in the local government sector. Four of the six penalties served so far involved local authorities.

Businesses remain the sector generating the most data protection complaints. Despite this, as reported in July, just 19% of companies contacted by the ICO accepted the offer of undergoing an audit. The ICO has written to 29 banks and building societies and so far only six (20%) have agreed to undergo an audit. The insurance sector has also shown reluctance in this area. Of the 19 companies contacted this year by the ICO, only two agreed to an audit.

Information Commissioner, Christopher Graham said: “Something is clearly wrong when the regulator has to ask permission from the organisations causing us concern before we can audit their data protection practices. Helping the healthcare sector, local government and businesses to handle personal data better are top priorities, and yet we are powerless to get in there and find out what is really going on.”

“With more data being collected about all of us than ever before, greater audit powers are urgently needed to ensure that the people handling our data are doing a proper job. I am preparing the business case for the extension of the ICO’s Assessment Notice powers under the Coroners and Justice Act 2009 to these problematic sectors.”

Barclays Bank has told staff it is cutting 65 jobs in Glasgow as it ships the work offshore to India.

The company has launched a consultation process, which will last up to three months, on the cuts after deciding it could reduce costs and gain greater flexibility to handle the peaks and troughs of demand by splitting the work between an in-house operation and a third-party supplier, both based in Chennai.

After redeploying some staff elsewhere in the company, it is expected that Barclays will make between 35 and 50 people redundant.