Transparency data

Vulnerabilities Working Group – Notes (6th Meeting) 24 September 2025

Updated 31 October 2025

Attendees

• Andrew Vourdas (DSIT)
• Firoze Salim (DSIT)
• John Olatunji (DSIT)
• Kiran Mistry (DSIT)
• Fiona Caryl (Improvement Service)
• Jabeen Kamran (CaboTeams)
• Kirsty Hendry (MHCLG)
• Guha Shantanu (DWP)
• Malcolm Davies (HMT)
• Mike Thacker (Porism)
• Nailah Ukaidi (SAVVI)
• Oliver Townsend (DfE)
• Robbie Harris (Digital Office Scotland)
• Russell Bloore (MHCLG)
• Simon Roberts (Improvement Service)
• Tanita Barnett (ONS)
• Paul Davidson (SAVVI)
• Shelley Heckman (SAVVI)
• Jeanette Rycroft (WIGAN)

Record of discussions

1. Welcome and introductions Firoze Salim (FS), Chair - DSIT

Firoze welcomed participants, set out the purpose of the meeting, and explained the use of transcription for accurate note-taking.

He reminded members that the group’s goal is to improve data standards and governance for sharing information about vulnerable people across government and local authorities.

2. Workstream 1: Data Models & Standards - Paul Davidson, SAVVI

Overview

• Paul described the SAVVI project (Scalable Approach to Vulnerability via Interoperability), which aims to create a consistent way of identifying and supporting vulnerable people.

• He explained the three areas that Workstream 1 is focusing on:
  
  

1. Conceptual model – establishes the high-level entities and relationships (e.g., person, household, vulnerability, intervention).
2. Logical model – refines these into attributes and structures suitable for system design.
3. APIs – practical interfaces allowing different organisations’ systems to interoperate.

• Currently SAVVI are working with Greater Manchester Combined Authority [GMCA], who have a programme looking to support people who are out of work due to ill health.

• Paul showed excerpts of the SAVVI Concept Model which are available on the SAVVI website, and which has been baselined by the Working Group.

• Paul recommended that anyone interested join the Workstream 1 Sub-group led by Beata Lisowska.

3. Workstream 3: Information Governance Playbook Kiran Mistry, DSIT

Overview

• Kiran presented progress on the Information Governance (IG) Playbook, which is designed to support lawful, ethical, and transparent sharing of vulnerability data.

• The playbook aims to move beyond abstract principles and provide practical tools, templates, and step-by-step guidance.

• It is structured into 8 stages of the data-sharing lifecycle:
  
  

1. Defining purpose
   
2. Discovery and minimisation
   
3. Establishing legal basis
   
4. Conducting DPIAs
   
5. Considering ethics
   
6. Drafting data-sharing agreements
   
7. Ensuring transparency and accountability
   
8. Secure disposal and review

• The draft version already incorporates feedback from earlier workshops, and version 4 is due for circulation at the end of October.

• Draft version of the Playbook is intended to be circulated with the Working Group on Monday [29th September 2025]. Final version is targeted for November.

Discussion Points / Q&A

• A question was asked about whether this was at a UK Government level or whether nuances of law in Devolved Administrations would be included. Kiran answered that currently the focus is on UK-wide law but devolved variations could be considered in a future version.

• Some clarification was given over the level of engagement with different Departments and previous schemes including the Integrated Data Service.

4. Workstream 2: Taxonomies & Terminologies Andrew Vourdas, DSIT

Overview

• Andrew outlined progress on developing taxonomies and terminologies to support consistent data sharing.
• The proposal is to reuse existing vocabularies where possible (e.g., LGA catalogue, Open Referral UK), and create centralised ones where gaps exist.
• A governance model has been drafted to define how taxonomies are created, maintained, and agreed across organisations.
• The proposed governance model was agreed as baseline by the group.
• Other categories being considered include needs, service types, and purposes of interventions.
• The starting points for which other taxonomies should be considered was an excerpt of the Concept Model previously introduced by Paul – the Concept Model has certain key terms that require definition.
• The initial focus is on risk factors – attributes that indicate potential vulnerability, such as financial arrears, health conditions, or housing instability.
• Andrew introduced the outline of how the proposed Risk Factors Taxonomy is being developed – with an emphasis on extensibility, and allowing different use cases to attach to different levels of granularity by using an inheritance mode

Discussion Points / Q&A

• Mike T suggested that Risk Factors are naturally circumstances of a person – members discussed the possibility of using the LGA Circumstances List and testing the Taxonomy Governance model on this.

• Suggestions around tooling were discussed including Ontotext GraphDB and WebProtégé.

• Agreement that alignment with cross-government vocabulary efforts is essential – Andrew reiterated the idea that once there is a central vocabulary, local areas can map their own domains to this.

AOB and close

• Kiran to circulate draft v4 of IG Playbook by Monday for comments.
• Andrew to refine taxonomy work, focusing on risk factors.
• John to share notes and outputs on Knowledge Hub.
• All members to provide feedback offline and nominate deputies where needed.