Central Government updates
Sign-up to get the latest updates and opportunities from our Central Government programme.
To make the most of your techUK website experience, please login or register for your free account here.
Legacy systems continue to persist at the heart of UK Public Services and organisations, inhibiting organisational agility, increasing operational risk and cost, and reducing service experience.
Awareness of the presence and barriers legacy technology imposes on delivering effective public services has existed for many years. However, more recently, the topic of legacy has become an increasingly significant priority, as reflected in official reports (NAO, GIAA, etc.), digital strategies, and financial budgets for UK public sector organisations. For example, the CDDO Roadmap for digital and data, 2022 to 2025 states “We need to deal with the costly issue of legacy IT that has been allowed to build up over multiple financial cycles and is now a barrier to the delivery of great policy and services”. This policy is reflected in departmental strategies, such as the Defra Digital & Data Transformation Strategy 2023-2030 and Ministry of Justice (MoJ) Digital Strategy 2025.
Having dealt with legacy systems for more than ten years in private and public sector organisations, I propose that a legacy system is one that no longer meets its fundamental non-functional requirements (NFRs) - usability, security, maintainability, extensibility, supportability, scalability, etc. High-risk legacy systems are those that fail to meet their NFRs, and the effort to address their shortcomings is substantial if not insurmountable or cost prohibitive. For example, a system may no longer be maintainable because expertise is scarce in the market, let alone within an organisation. Similarly, a vendor may no longer support a technology, and extended support cannot be purchased, leading to unaddressed security vulnerabilities. But it is important to distinguish “old” from “legacy” and dispel misconceptions that “new” and “cloud” automatically mean “good” and “fit for purpose.”
When and whether a legacy system needs to be addressed depends on its context, including its active usage, planned life and future intent, importance to the organisation, exposure to potential vulnerabilities, and more. It is crucial to identify, assess, prioritise, and report on legacy systems and their remediation in a consistent manner, establishing data and assessment standards early. The CDDO legacy risk assessment framework embodies much of this and is intended to aid and drive consistency across HMG. This includes the definition of a threshold above which legacy systems are identified as critical – “red-rated.” The challenge is then how best to gather the volume of disparate data needed for this analysis in a scalable and sustainable manner. Automation is critical to success.
Furthermore, it is crucial to understand, plan, and address legacy at an enterprise architecture and “system of systems” level. Replacing individual components with up-to-date versions may address supportability and security issues at a technical and infrastructure level, but it is unlikely to improve end-to-end processes and experiences. Instead, legacy processes, experiences, and architectures will persist over brand-new technology, missing the opportunity to transform and likely failing to achieve the desired outcomes of the organisation.
Through the Crown Commercial Service (CCS) Digital & Legacy Application Service (DALAS) framework, public sector organisations have simplified access to suppliers who can provide IT digital and legacy application services and support the rollout of future applications less dependent on legacy technologies. This, combined with increased prioritisation and funding, has led to the mobilisation of many legacy programmes across HMG. These programmes often involve a complex arrangement of internal teams and third-party suppliers collaborating across different areas of an organisation. The challenge is then how best to segment the legacy landscape and coordinate and govern all initiatives, resources, and changes within legacy programmes, alongside wider transformation efforts and ongoing operations.
It is imperative to address the underlying behaviours that led to each organisation’s accumulation of legacy. In my experience, the root of the problem lies in non-technical aspects, including ineffective funding, resourcing, and governance models. If underlying issues are not addressed by establishing comprehensive enterprise technology management capabilities, efforts to remediate legacy technology will not endure. Often, organisations focus on fixing the technology but not on fixing business behaviours, governance, and management, resulting in legacy systems continually toggling between red-rated and green.
Organisations must shift from short-term, project-based funding to enduring, service- and product-based models. Business leaders must be deeply involved in digital decision-making alongside DDaT leaders. Additionally, organisations must apply a risk-based approach, including technology risks in their enterprise risk register and managing them at the executive level. Technology governance should be embedded across the organisation’s operating model, supported by robust strategies, standards, and policies that balance accelerated delivery through informed and empowered decision-making while maintaining standardisation across the organisation.
Efforts to address legacy must be laser-focused, highly coordinated, and well-governed, driven by data and intelligence that continually identifies, prioritises, plans, and monitors complex and uncertain programmes of work, resources, investments, technologies, stakeholders, suppliers, and timelines. Leading organisations establish a “digital control tower” as a strategic capability that provides end-to-end visibility, insight, automation, and orchestration across their digital business value streams, technology landscape, and portfolio of investments and change. In doing so, they are continually empowered to make effective holistic and risk-based business decisions about their organisation’s digital performance, from executive to operational levels.
Find out more about how ServiceNow are helping UK Government address the legacy challenge.
Building the Smarter State is techUK’s flagship public services conference for public sector digital leaders. 2024 marks the tenth anniversary of this hugely influential conference, where we will focus on the most pressing and important topics for public sector digital transformation.
Head of Central Government Programme, techUK
Heather is Head of Central Government Programme at techUK, working to represent the supplier community of tech products and services to Central Government.
Prior to joining techUK in April 2022, Heather worked in the Economic Policy and Small States Section at the Commonwealth Secretariat. She led the organisation’s FinTech programme and worked to create an enabling environment for developing countries to take advantage of the socio-economic benefits of FinTech.
Before moving to the UK, Heather worked at the Office of the Prime Minister of The Bahamas and the Central Bank of The Bahamas.
Heather holds a Graduate Diploma in Law from BPP, a Masters in Public Administration (MPA) from LSE, and a BA in Economics and Sociology from Macalester College.
Programme Manager, Central Government, techUK
Ellie joined techUK in March 2018 as a Programme Assistant to the Public Sector team and now works as a Programme Manager for the Central Government Programme.
The programme represents the supplier community of technology products and services in Central Government – in summary working to make Government a more informed buyer, increasing supplier visibility in order to improve their chances of supplying to Government Departments, and fostering better engagement between the public sector and industry. To find out more about what we do, how we do this and how you can get involved – make sure to get in touch!
Prior to joining techUK, Ellie completed Sixth Form in June 2015 and went on to work in Waitrose, moved on swiftly to walking dogs and finally, got an office job working for a small local business in North London, where she lives with her family and their two Bengal cats Kai and Nova.
When she isn’t working Ellie likes to spend time with her family and friends, her cats, and enjoys volunteering for diabetes charities. She has a keen interest in writing, escaping with a good book and expanding her knowledge watching far too many quiz shows!
Programme Manager, Central Government, techUK
Austin joined techUK’s Central Government team in March 2024 to launch a workstream within Education and EdTech.
With a career spanning technology, policy, media, events and comms, Austin has worked with technology communities, as well as policy leaders and practitioners in Education, Central and Local Government and the NHS.
Cutting his teeth working for Skills Matter, London’s developer community hub, Austin then moved to GovNet Communications where he launched Blockchain Live and the Cyber Security and Data Protection Summit. For the last 3 years he has worked with leaders in Education across the state and independent schools sectors, from primary up to higher education, with a strong research interest in technology and education management.
Team Assistant, Markets, techUK
Ella joined techUK in November 2023 as a Markets Team Assistant, supporting the Justice and Emergency Services, Central Government and Financial Services Programmes.
Before joining the team, she was working at the Magistrates' Courts in legal administration and graduated from the University of Liverpool in 2022. Ella attained an undergraduate degree in History and Politics, and a master's degree in International Relations and Security Studies, with a particular interest in studying asylum rights and gendered violence.
In her spare time she enjoys going to the gym, watching true crime documentaries, travelling, and making her best attempts to become a better cook.
Programme Manager, Cyber Security and Central Government, techUK
Annie joined techUK as the Programme Manager for Cyber Security and Central Government in September 2023. In this role, she supports the Cyber Security SME Forum, engaging regularly with key government and industry stakeholders to advance the growth and development of SMEs in the cyber sector.
Before joining techUK, Annie was an Account Manager at a specialist healthcare agency, where she provided public affairs support to a wide range of medical technology clients. She also gained experience as an intern in both an MP’s constituency office and with the Association of Independent Professionals and the Self-Employed. Annie holds a degree in International Relations from Nottingham Trent University.
Sign-up to get the latest updates and opportunities from our Central Government programme.
Chief Technology Officer for UKI Public Sector, ServiceNow