Corporate report

SSRO data strategy

Published 8 July 2019

DATA STRATEGY

For information provided in statutory reports under the Defence Reform Act 2014

1. Foreword

Data is at the core of the SSRO and the single source regulatory framework. Our data strategy sets out why data is important to us and our stakeholders, our approach to delivering our vision for data and, and our plan for implementation.

All public bodies, including the SSRO, are embracing digital techniques to drive efficiency and improve insight. The Defence Contract Analysis and Reporting System (DefCARS) holds a wealth of valuable data for both the Ministry of Defence and its contractors.

The capture and analysis of key datapoints will ultimately help the MOD drive best value from its single-source procurement activities, which include multi-billion-pound programmes. The transparency and insight that will flow from DefCARS will continue to improve as more, higher quality, data is collected and analysed, strengthening the SSRO ability to deliver its statutory functions.

We have embarked upon a review of reporting requirements in 2019/20, which will consider purpose, use and proportionality in relation to overhead reports, the defined pricing structure and reporting of contract amendments and variance. We expect there will be an ongoing programme of work to keep reporting requirements under review.

We recognise that there is a cost associated with reporting, collecting and reviewing data and we will consider the proportionality of reporting requirements throughout our work.

The SSRO has reduced duplication of data entry in DefCARS and incorporated automated data validation to reduce the rate of re-submissions. The rate of system development is limited by budgetary constraints, but we will continue to monitor usage of DefCARS and to engage with stakeholders to identify opportunities to reduce the burden and cost of reporting through enhancements to the system.

This strategy follows a consultation we published in February 2019 and reflects input provided by stakeholders in their responses to that consultation. We have published a separate document which provides a summary of the points raised by stakeholders and our responses.

2. The SSRO

The Single Source Regulations Office or SSRO is an executive non-departmental public body, sponsored by the Ministry of Defence (MOD). We play a key role in the regulation of single source, or non-competitive, defence contracts. It is vital that single source contracts efficiently deliver the goods, works and services the UK government needs for defence purposes.

The Defence Reform Act 2014 (the Act) created a regulatory framework for single source defence contracts. The framework places controls on the prices of qualifying defence contracts (QDCs) and qualifying sub-contracts (QSCs) and requires greater transparency on the part of defence contractors. These contracts are worth a significant amount, with a total estimated price of over £20 billion for contracts that became QDCs or QSCs since April 2015.

The SSRO is at the heart of the regulatory framework, supporting its operation. We keep the framework under review, monitoring reporting compliance, giving guidance and answering questions about its operation. We analyse data and provide reports and recommendations to the Secretary of State.

When undertaking our statutory functions, we aim to ensure:

• Good value for money is obtained in government expenditure on qualifying defence contracts.
• Persons who are parties to qualifying defence contracts are paid a fair and reasonable price under those contracts.

3. Data reported on qualifying contracts

Defence contractors are required to provide reports to the SSRO and the MOD if they hold qualifying contracts under the regulatory framework. The Single Source Contract Regulations 2014 prescribe the types of reports, their contents and the circumstances in which they must be provided. The reports fall into two broad categories, as summarised in the table below.

The reported data provides a significant, growing resource. As at 30 April 2018, 667 contract reports and 199 supplier reports had been submitted.

The data may be used to help ensure the government obtains good value for money from its expenditure on qualifying defence contracts and that contractors are paid fair and reasonable prices. This strategy sets out the SSRO’s approach to reported data and how we intend to work with stakeholders to deliver our associated functions.

Figure 1: Reports required under the regulatory framework*

*In this table, and in the Regulations, “QBU” refers to a qualifying business unit.

4. Our approach so far

The SSRO has sought to facilitate reporting, use of reported data and improved data quality. We have established the Defence Contracts Analysis and Reporting System (DefCARS) as a secure, online system that is easy to use and which:

• Enables contractors to submit statutory reports and access their data.
• Facilitates monitoring of compliance with reporting requirements by the SSRO.
• Holds reported data and makes it accessible.
• Produces reports and supports analysis of reported data.

We have aligned our statutory guidance on preparing reports with user guidance for DefCARS and associated system developments. In doing so we have supported contractors to provide data required by the framework in a useable format. We have also sought to improve submissions by:

• Responding to queries through our helpdesk, backed up with face to face support.
• Training people on how to use DefCARS and having onboarding meetings with contractors new to the regulatory framework.

We monitor compliance with reporting requirements in accordance with our published methodology, engaging with contractors and the MOD to improve the quality of submissions. DefCARS has been designed to automatically validate elements of submitted reports and to enable queries to be raised and answered insystem.

The reported data is yet to be fully utilised, although we have used reported data in our work, for example our study of risk and incentives in single source defence contracts, and we have produced reports in DefCARS to meet requests for analysis from the MOD. We publish a series of bulletins containing key statistics relating to QDCs and QSCs.

The SSRO’s work has been informed throughout by engagement with stakeholders. We established a Reporting and IT working group with representatives from the MOD and the defence industry which provides important feedback on reporting issues, guidance and use of DefCARS.

5. Our vision

This section sets out the key elements of our vision that will guide our work over the next few years.

The data submitted by contractors in statutory reports is fully utilised in procurement decisions, contract management and the development of the regulatory framework to deliver value for money and fair and reasonable prices.

To achieve the vision, reported data must be relevant, comparable and reliable. References in the strategy to good quality data are to data that satisfy these requirements.

Data will be relevant if what is prescribed by the Regulations and submitted by contractors is that which is needed for the regulatory framework and no more. The data must also be submitted on time. To be usable, data must be comparable over time and will be standardised to aid comparability. Data will be reliable if it is accurate when submitted and complete.

Data collection must be efficient, with data collected only once if possible and providing a single version of the truth. The burden of making reports must be minimised, making it as easy as possible to submit reports. In understanding the burden it is important that the cost of reporting is understood.

The data must be accessible. It will be available for those who need to access it. Data will be supported by sufficient material to enable it to be interpreted, such as definitions and information on quality.

Data will be held securely and accessed by those who have a legitimate right to do so. We will ensure appropriate confidentiality and integrity of the data we handle and manage.

To achieve the vision, the data also needs to be utilised, by the MOD, the SSRO and where appropriate by contractors. Good quality data that is utilised will give better insight into the qualifying contracts. It will help the SSRO to deliver on our statutory aims.

6. Our strategy

Data and information is a key enabler to our success. We will deliver the SSRO vision for data across the eight components of our work.

DefCARS DefCARS will continue to be our primary tool for collecting, storing, managing and providing secure access to the information submitted in reports. We aim to continue to grow the DefCARS user base, while optimising access and ensuring it is available to the right people. We will work closely with stakeholders to further develop DefCARS to obtain relevant and good quality data, minimising any burden for industry and supporting analysis and reporting. In the longer-term, we will explore the interoperability of DefCARS with MOD and industry systems and we will engage with stakeholders about what can be achieved. This will involve consideration of whether regulatory data can be collected via automated reporting from company systems and accessed by the MOD through connectivity with its systems.

Guidance Our guidance on the preparation of reports will support the efficient collection of good quality data, minimising the burden of reporting. To be effective our guidance must be clear, applicable, and useful and producing guidance that meets these standards will remain a priority. With this in mind we will continue to make appropriate links between our reporting guidance and DefCARS user guidance. We will take an evidence-based approach to preparing guidance, consulting with stakeholders on priorities and content, and ensuring we consider the available information, including the findings from our reviews of reporting requirements, compliance monitoring, support arrangements and analysis of reported data.

Support We will continue to support contractors to provide good quality data by helping them to understand their reporting obligations, our guidance and DefCARS. The support we provide will include our reporting helpdesk, on-boarding meetings and training. We will listen to the views of stakeholders and look for ways to keep improving our support offering.

Compliance monitoring Working cooperatively with contractors and the MOD, and making efficient use of DefCARS and analysis, we will seek to identify and build a shared understanding of data quality issues in statutory reports. Our compliance methodology will identify how data quality is assessed when monitoring compliance with reporting requirements. We will encourage prompt action to address data quality issues and refer appropriate issues to the MOD for enforcement. We will use the findings and feedback from our compliance monitoring to inform updates to reporting guidance, DefCARS improvements and our review of the legislation.

Analysis and reporting We will work with stakeholders to demonstrate the potential for analysis and encourage use of the reported data. Fulfilling requests from the Secretary of State for analysis of reported data will be a priority, and we will develop and maintain analytical reports to support MOD procurement and contract management. Benchmarking may help to understand whether costs are reasonable and we will make the production of benchmark information a key consideration when reviewing reporting requirements, providing guidance and developing DefCARS. We will continue to publish bulletins of key statistics that evidence the operation of the Act and Regulations over time and support engagement with our wider functions. In the longer term, we want to enable industry to use its own data within DefCARS, for example by providing comparisons between contracts, and we will look to engage with contractors about this.

Review We will review reporting requirements in consultation with stakeholders and take action, where necessary, to promote the efficient collection of good quality data and minimise the burden of reporting. We will continue to build an understanding of and illustrate how the data submitted in reports is being used and can be used to achieve value for money and fair and reasonable prices.

Our reviews will consider learning from across our work, including compliance monitoring, analysis and feedback from DefCARS users. The action we may take to improve reporting includes:

• changing how the data is standardised within DefCARS to increase comparability;
• producing revised reporting guidance; and
• recommending that the Secretary of State changes the reporting requirements in the Regulations, if that would improve data quality, or if there are data requirements that can be deleted.

We will ensure that our wider work is informed by review findings. For example, we will develop reports in DefCARS, based on analysis carried out for a review, that use the data and support better procurement.

Engagement Achieving our vision will depend on contributions from the MOD and contractors and high levels of engagement. We will continue to support a regular forum in which issues related to reporting and data can be discussed. We will gather feedback from key stakeholders (such as DefCARS users and those who may use the data), and from our support arrangements and compliance monitoring and use this to inform delivery of the strategy. We will consult proportionately with our stakeholders before making changes to reporting guidance or recommending regulatory changes to the Secretary of State.

Security We remain committed to ensuring that information entrusted to us is only available to those with a legitimate right to access it and is not open more widely. There will continue to be an Information Asset Owner for DefCARS, responsible to the SSRO’s Senior Information Risk Owner. We will maintain our implementation of relevant guidance and standards on design, architecture and operation of information systems, technology, risk and security. We will make appropriate use of external service providers who can contribute relevant expertise and meet quality and service standards, which currently include ISO27001 and Cyber Essentials Plus certification. We will continue formal risk management and treatment for DefCARS and maintain the security accreditation for the system, at present from the MOD’s Defence Assurance and Information Security service and maintain the SSRO’s own Cyber Essentials Plus certification.

Figure 2: Elements of the data strategy

7. Next steps

This strategy sets out our vision and approach towards understanding and improving the way in which the reported data is utilised. We will review the strategy at appropriate intervals so it adapts to new developments and learning.

The data strategy will be delivered by the SSRO as part of its Corporate Plan. The Corporate Plan is reviewed annually in consultation with key stakeholders and we set our priorities taking into account the feedback received.

Keeping the reporting requirements under review will remain important for us in the coming years. Our review of reporting requirements in 2019/20 will focus on overhead reports, the defined pricing structure, and amendments and variance. We will consider the intended purpose of reported information, how it is being used and whether requirements are proportionate.