During its first two years, RYOGENS was funded by the Office of the Deputy Prime Minister as part of its national strategy for local e-Government. It is a collaborative project between Warwickshire, Tower Hamlets, West Berkshire, Coventry and Redcar & Cleveland. The RYOGENS Partnership now plans to bring in many more local authorities to expand nationally. Esprit Limited developed the application in a project lead by Deloitte, while the secure architecture was designed by Attenda. Following the completion of the final phase of e-Government National Project funding in March 2005, the IPR for RYOGENS was transferred to Esprit. Attenda and Esprit now continue to manage and support the wider ShareCare RYOGENS solution on behalf of its local authority users.

The local authorities needed a system that was secure and would be trusted by practitioners. Practitioners – social workers, teachers, policemen and women, doctors – use RYOGENS to record non-statutory concerns they have about children and young people they come into contact with. RYOGENS stores this personal and sensitive information about the children in a central database. Sophisticated access controls (’Information Sharing Protocols’) govern who has access to this information and how much they can see. If enough concerns build up against a child and breach a threshold, the system generates an alert, which is sent to the RYOGENS management function that assesses the concerns and then co-ordinates an appropriate response between the agencies involved.

RYOGENS has led to an unprecedented level of co-operation between local government agencies allowing information to be exchanged and helping to build trust. Underpinning this welcomed development in ‘joined-up’ Government is the security of the RYOGENS system. It is fundamental: without it practitioners would not trust the system and it would never be used. Attenda therefore played a crucial role in the initial design and now on-going management and monitoring of the solution.

RYOGENS is a centralised system that is accessible over the Internet using secure SSL connections by all participating local authorities. Attenda recommended using a core infrastructure that is shared across local authorities making it scalable and also affordable for prospective local authorities. Furthermore, it has enabled the RYOGENS Partnership to invest in security technology and build in levels of redundancy into the solution.

The infrastructure consists of two web servers, authentication servers, a dedicated application server for each local authority and two clustered database servers for higher levels of resilience. The servers are physically separate from other client solutions and sit behind a pair of dedicated managed firewalls. The backup solution is also dedicated, an essential requirement given the sensitive nature of the data stored. The application uses special security software for authentication and controlling access to the application and its system resources. Esprit and RYOGENS administrators in each local authority access the system over site-to-site VPN’s. The local authorities provided the software licences (other than the licences for monitoring and management software used by Attenda) thanks to the preference discounts they receive.

Attenda provides a managed service for the infrastructure up to and including the operating system and database. Monitoring agents watch over the hardware components in the servers and network devices, the application and database services and other indicators of system health.

Before go-live Attenda conducted its own tests of the environment including security penetration tests and then worked with the RYOGENS Partnership to eliminate the critical vulnerabilities identified. The authorities then conducted two further penetration tests from independent agencies who reported that the environment was well protected, re-assuring the local authorities.

Security is not just about technology, of course. The people using the application and the processes they follow, particularly the registration process to obtain a username and password, are critical. Attenda’s own ITIL based processes enforce strict security policies and procedures. Indeed, Attenda was happy to co-operate with RYOGENS request that all Attenda support engineers are cleared by a Criminal Records Bureau (CRB) check before they can access the solution.

The RYOGENS National Project needed a hosting provider who had a proven track record, offered a first class service, was price competitive and would give the technical solution credibility. Attenda stood out from the rest by its willingness to engage with the project, ability to understand the business needs and by its flexibility to respond to special requirements and meet urgent project deadlines. As the system was deployed, Attenda was an indispensable partner when it came to designing and testing the security of the environment. Once the system was live, the high quality of Attenda’s work and its ongoing monitoring and management was such that there was rarely an issue. In fact, it was noted that the RYOGENS Programme Board never had to discuss hosting because it always worked well. It shows how Attenda can take on the operational responsibility for systems allowing its clients to focus on business issues and value-adding activities.

The ShareCare RYOGENS platform is today used by multiple authorities and has proven to be flexible, scalable and above all secure. There is strong potential for rolling out the application to other local authorities and Attenda is working with Esprit to assist in that process.