Business Process Services Archives

Creating your ultimate workforce – improving recruitment decisions

Posted on: 11 June 2025

Staff turnover is an inevitability in any business. As is, hopefully, business growth. When a business expands, new recruits are needed to fulfil an expanding list of tasks. Pinpointing the skills and experience required, however, can be a challenge. It can make recruitment difficult for any organisation. So, how can you best tackle recruitment, conducting it seamlessly for the smooth running of your services?

Understanding is the vital ingredient. It’s one thing knowing that you need to bring people in, but it’s a different challenge being able to swiftly pinpoint the skills and experience required to best serve your business needs. Having a bird’s eye view of your entire workforce can help. When training, competency management and understanding of future tasks and scheduling are brought together within a single workforce management framework, it helps you in identifying skills gaps and making informed decisions in regards to your recruitment.

Knowledge driving recruitment

If you have a central system that holds all the information on your workforce, it makes the task of understanding the skills, experience and competencies available to you straightforward. You can easily run reports and gain vital insight. In industries such as construction, transport and healthcare, core competencies are vital in delivering frontline services. For example, if you have a low or dwindling number of staff appropriately qualified to administer injections, it gives you an opportunity to react before service delivery is impacted.

Now, this can of course be done internally via training programmes as we touched upon in our previous blog. The same holistic view of training and competencies across your organisation is vital in making informed recruitment decisions, too.

Where staff cannot be upskilled internally, it makes recruitment inevitable. Using a central system can make the task easier for management teams responsible for recruitment, by being able to identify specific skills and experience that are needed across the organisation. Recruitment isn’t just a numbers game and shouldn’t be left to chance.

How long will the recruitment process take?

Another crucial aspect is understanding how long the recruitment process will take. Managers will need to take time out from their usual tasks to conduct interviews; what’s the knock-on effect of this? There’s also a cost implication in terms of not having enough staff available and in terms of the shifting of resources to the recruitment process.

Diverting resources is obviously a big undertaking, so understanding the consequences upon your resources, time and budgets is fundamental. Having a central view of your workforce will again help in this regard, helping to map out your resources and their allocation.

Recruitment leading to training and competency management

Once the recruitment phase is completed and you have new staff signed up, what happens next? The first aspect is once again linked to your competency management efforts. If someone says they have certain qualifications, particularly in safety critical environments it is a good idea to check. Evidencing certificates and obtaining references can be completed by the new staff member, with the copies then stored against their record in your system. This means that you will have oversight of their skills, qualifications and experience for the duration of their time with you. This will help your scheduling teams in being able to appropriately assign tasks to them.

Once you’re satisfied that they are appropriately qualified, they will then need to be enrolled into your organisation and the teams with which they will be working. This process may include mandatory health and safety training for new starters. Assigning this and making sure it’s completed can be done centrally, with any result again being stored against their record. This can trigger alerts for when any refresher training might be required in future, too.

What happens next?

Most jobs have a probationary period, something that extends beyond safety critical work and helps to ensure that people are up to the job for which you have employed them for. Similarly, it enables employees the opportunity to leave with shorter notice if they decide the job isn’t for them.

Keeping track of this probationary period is crucial. Assessments and feedback of their work will help to make informed decisions on whether or not they have passed. Storing all of this information centrally helps to give your organisation a complete view of its workforce.

Once a new recruit is up and running, they will hopefully be in a position to fulfil their tasks in the way needed. Seeing them become a regular part of your workforce asap is beneficial to service delivery. This requires careful planning and oversight of your organisation.

What specific skills and experience does your organisation need? Who will be required to recruit? How much time will be needed? What processes are in place to get new starters up and running? All of these questions can be answered when you have a bird’s eye view of your entire workforce. By linking training and competency management, you can make more informed and accurate decisions.

CACI has recently published a whitepaper, Effective workforce management to improve outcomes across your business, which explores this topic in more detail. You can download your free copy here.

Why scheduling is vital to effective workforce management

Posted on: 22 May 2025

Scheduling is the glue that keeps organisations together. It provides clarity over tasks to be completed and helps management teams in looking back to see what has been achieved. Who performed what tasks and when? How did they do? In times of employee strain, when workforces are stretched, having an agile scheduling tool is vital for firms in keeping their projects and services running. Without a robust scheduling framework, organisations are at the mercy of guesswork and good fortune.

Why is scheduling so important?

Scheduling pervades every aspect of company life. At a basic level, the majority of working contracts outline expected hours along the lines of the 9-5 theme. From there, employees are expected to complete tasks in a timely fashion. Staying on top of individuals is easy enough, but what if you have an entire workforce to assign tasks to and track? In industries such as healthcare, transport and construction, project completion and service delivery are dependent upon the input of hundreds, sometimes thousands, of staff members.

In such organisations, a central administrative team needs to assign tasks to employees to ensure that projects and services can be delivered effectively and efficiently. It can be akin to moving chess pieces around a board, using different pieces in different ways to attack the tasks at hand. From time to time you also need to go on the defensive, when projects overrun, or services are disrupted.

Linking scheduling to other aspects of workforce management

To fill your tasks, an understanding of what each employee is competent in is vital. You can’t use a knight to do a bishop’s job, to labour the chess analogy. Manually researching who can step in to fill a role is a painstaking process. It’s also a waste of time, since with a robust scheduling system, it is something that can be done automatically.

Quickly filtering through employees and instantly understanding their training, competencies and experiences facilitates swift and efficient decision making. Further understanding of their existing schedule enables administrators to assign tasks within business rules and legally contractable hours.

By setting out schedules in advance, organisations can clearly communicate with their employees and enable them due oversight of their shifts and tasks. Within a centralised scheduling system, it is also possible to facilitate the swapping of schedules between staff members to provide flexibility.

Your business rules, your scheduling

Everything can be completed within the boundaries of your business rules. Each organisation has its own unique ways of working, so catering for these on a case-by-case basis is vital. This can also be true of individual departments within an organisation. For example, many contracts reward staff for longer service with the provision of extra annual leave. Holidays need to be factored in, as do the rules around when a certain number of employees can be off at any given moment.

Factoring in overtime and how that’s dealt with, in terms of overrunning projects, compensation and the impact it has on future shifts, also requires careful consideration. Considering these elements in an automated fashion facilitates not only swift decision making, but also fair and consistent decision making.

External and internal regulations also need to be factored into your scheduling process. Aspects such as fatigue management can easily get overlooked when there’s pressure on to finish projects and tasks, but ignoring them can be costly.

The cost of getting scheduling wrong

Renown Consultants Limited was fined £450,000 with £300,000 in costs in 2020 after being convicted under the Health and Safety at Work Act. The company had failed to ensure that two of its workers were sufficiently rested to travel home after a shift in 2013. The two employees were driving from Stevenage to Doncaster after a nightshift when the driver fell asleep, resulting in a collision which was fatal to both passengers.

Travel times to and from shifts that require safety intensive work to be conducted must be factored in. Clearly, travelling from Stevenage to Doncaster is a lengthy journey – 133 miles. Again, a robust scheduling solution can help factor in aspects such as distances and potential travel times. This can help to avoid unnecessary journeys and deploy staff more intelligently based upon their location.

This also helps in plotting out schedules for staff such as district nurses. In conducting care visits, it makes sense to reduce travel times between tasks, helping to improve efficiency and complete more visits in a single shift.

Plug your scheduling into your wider organisation

Scheduling is vital for every company. In managing a large workforce, it is even more important, especially where vital infrastructure and healthcare services are concerned. Having robust oversight of your scheduling links closely to your efforts to deliver services and projects, recruit new staff, train existing employees and keep on top of your competency management.

It also helps in monitoring and reporting on objectives and outcomes. If projects have overrun or performed well, having a holistic view of who managed and worked on them is vital in garnering understanding that can inform future tasks.

Fundamentally, however, scheduling is central to the very core activities of any business. Leaving it to chance, guesswork and human error is a risky process. The tools exist to enhance your scheduling, by equipping your administrative teams with the tools to help them make swift, informed and effective decisions. Without the need to manually trawl through records, it leaves them free to focus on exceptions and improvements, in turn helping to move your organisation forward.

CACI has recently published a whitepaper, Effective workforce management to improve outcomes across your business, which explores this topic in more detail. You can download your free copy here.

Uncovering the power of Power BI: embedding new practices, empowering users & the handover process

Posted on: 24 April 2025

In our previous blog in this three-part series, we explored the ‘meal delivery model’ for the Power BI platform and the tools and teams required to bring this model and its methodology to life. In the final blog of this series, we’ll assess how new practices can be embedded and users empowered as the solution build is underway, as well as how to effectively carry out the handover process for a seamless go-live.

To read our full whitepaper that outlines additional methodology and best practices to unlock all that Power BI has to offer, click here.

Embedding new practices and empowering your users

To effectively embed new practices and empower users, evaluating training and resources will be fundamental for a successful Power BI migration. Conducting a training and resource assessment to evaluate users’ training needs and ensure they’re equipped with the necessary skills and confidence to use Power BI will be key to maximising its value. Planning a range of training for various users will be particularly impactful in this case, as will offering the right training to the right users. Communicating expectations, project and migration updates and overarching benefits will also be critical, especially when users are asked to contribute and to change established practices.

The handover process

Prior to going live, ensuring the necessary solution documentation is in place for both user and developer reference will be vital. Holding handover sessions for your BI team, your IT team and management, unifying support and resources and making sure the helpdesk is both responsive and reactive to any technical issues that arise will bolster this.

To help determine response times for any technical issues arising, users’ needs that would have arisen during the discovery phase of the project must be understood. Departmental or team champions for non-technical Power BI users can therefore bolster outcomes in these circumstances, and managed support can alleviate the burden of updates and adaptations in fast-changing NHS environments.

Time must be allocated for handover sessions for the BI team, IT team and management. This will serve as an additional opportunity to reiterate the benefits of the new PowerBI solution along with a practical introduction. Consistent monitoring and feedback should be sought out to refine helpdesk processes and continue deriving the full benefits that the solution can provide as the handover stage continues.

While PowerBI is an exceptionally flexible platform and will expand and adapt to accommodate new data and reporting requirements, having the necessary development resources available to make changes and upkeep the solution will be paramount.

How CACI can help

Migrating to PowerBI enables NHS stakeholders to achieve new strategic goals and transform their analytical capabilities. CACI understands the value that migrating to PowerBI can bring, which is why we have developed our own set of best practices and key principles for PowerBI migrations within the NHS. We strive to deliver a seamless migration built on our extensive experience in NHS data and technology, prioritising stakeholder engagement, providing reliable reporting, secure data sharing and self-sufficient BI capabilities for data-driven decision-making.

For more information or help with Power BI project planning, delivery or ongoing managed services, contact us today. To learn more about how you can tap into the power of Power BI, our whitepaper outlines the best practices and methodology that will boost your understanding and usage.

Read the rest of the series here:

Uncovering the power of Power BI: ‘meal delivery’ model & critical resources

Posted on: 17 April 2025

In our previous blog in this three-part series, we uncovered the value of thorough discovery and how to build a successful project delivery framework. Today, we’ll explore the ‘meal delivery model’ for the Power BI platform and the tools and teams required to bring this model and its methodology to life.

To read our full whitepaper that outlines additional methodology and best practices to unlock all that Power BI has to offer, click here.

What is the ‘meal delivery’ model for Power BI?

The ‘meal delivery’ model is an analogy for Power BI data insight in NHS systems, stemming from a challenge of making data insight (food) available to a range of different NHS users (eaters). In this context, there are a range of preferences and capabilities among Power BI users and audiences to consider. Therefore, data architecture must enable the experiences and nuances within them, catering to the specific needs of various users:

Analysts: These users will need direct portal access to usable data building blocks and analytics tools. With the ‘meal delivery’ model in mind, these users will need to select quality ingredients to make a meal for themselves.

Executive users: These users need dashboard access to pull reports from selected datasets. They will want the ingredients packaged and provided along with a basic recipe to make the meal in a way that best suits their individual needs.

Report consumers: Finally, these users will need Power BI reports sent direct to their inbox or accessible from Teams. They will want the meal delivered to them, ready to eat.

The people and tools that make it happen

Using all the insights that have been discovered, a plan can be created to maximise Power BI benefits and meet all identified requirements, goals and constraints. The development process and method will determine the pace of the Power BI implementation and the level of disruption to business as usual. It will also define a team’s size, roles, skills required and cost of resources. An Agile Scrum Project method can be utilised here to maximise developer and user collaboration and allow for continuous improvement across each sprint to incorporate change in a controlled way without derailing the project’s progress.

With Power BI project delivery being split into two workstreams— one being data and infrastructure, the other reporting— this method offers the flexibility to continuously embed best practices and ensure data and infrastructure workstreams do not diverge.

How CACI can help

In the upcoming and final blog in this series, we’ll investigate new practices to be embedded and how to empower your users to ensure a successful handover.

Read our previous blog in the series ‘Uncovering the power of Power BI: discovery & delivery framework’ here

Uncovering the power of Power BI: discovery & delivery framework

Posted on: 11 April 2025

NHS organisations that pursue data transformation will achieve substantial changes in their data-driven decision-making that ultimately improves efficiency, quality and patient experience. Power BI is an optimal contender for NHS organisations seeking a complete data transformation. However, achieving this and reaping its many benefits requires a carefully planned migration process, necessitating a partnership with a reliable data partner that possesses innate experience.

Having worked with many NHS organisations over the years to plan and implement data migrations, this three-part blog series is developed from the principles of our Power BI migration methodology and real-world experience of NHS data projects, sharing key questions you should consider asking and areas to address to ensure a successful migration to Power BI.

As such, the series begins with understanding the value of thorough discovery and how to build a successful project delivery framework. To read our full whitepaper that outlines additional methodology and best practices to unlock all that Power BI has to offer, click here.

The value of thorough discovery

Unearthing all the information that will influence and affect your migration is a vital—albeit lengthy— first step. Skimping on discovery can compromise the solution’s effectiveness.

Stakeholder mapping and collaboration

Stakeholder mapping and collaboration can make a significant impact to help define migration goals, as it will unearth possible issues and harvest key requirements to define migrations goals. Workshops with key stakeholders can aid this process, helping establish users’ needs and gauging their use of the Power BI platform.

Conduct a current state analysis

Reviewing current data architecture, data processing locations and transformation methods will help you intrinsically understand stored data and information flows. During this review, inefficiencies within the operating landscape where your new solution will be situated can be identified and a solid foundation for new data architecture objectives can be built and defined.

Building the project delivery framework

Building a successful project delivery framework will begin with defining features and functionalities required, including visualisations, connectivity, AI functions, data modelling and relationships between datasets. Ensuring you have a single version of the truth that is built on high quality data will also be critical. Reporting and analysis must also be transparent, enabling users and auditors to visualise how figures are produced. To facilitate this, solutions and configurations by audience type should be proposed to ensure users’ needs and Power BI access requirements will be met.

Furthermore, developing a full target data architecture and identifying software/licensing requirements based on an assessment of your current analytics development process and available resources will be an integral part of the development of this framework. Availability will also need to be considered, as will security across all apps, including different access levels and permissions.

How CACI can help

Stay tuned for the next blog in this series, where we’ll explain the ‘meal delivery model’ and the teams and tools that activate it.

How do you become a net-zero business?

Posted on: 9 February 2024

At the 28th UN Climate Change Conference (COP28) towards the end of last year, attendees were reminded of this harsh reality during the opening speech made by Simon Stiell, Executive Secretary. According to Simon, countries must deliver new Nationally Determined Contributions by 2025 which include achieving a 1.5C world by 2030. This comes following the publication of the Provisional State of the Global Climate 2023 report, calling 2023 “the warmest year on observational record”, concluding a near-decade of the highest temperatures on record.

What is net zero?

The United Nations (UN) has stated that to avoid significant climate change, global warming must be limited to 1.5C above pre-industrial levels. Most countries believe that they can meet this target by achieving net zero global emissions by 2050, however, to achieve net zero, greenhouse gas emissions must be balanced with those that are removed from the atmosphere. So, what practices can businesses adopt to balance their greenhouse gas emissions? How can businesses overcome the obstacles these practices may present?

Business benefits of moving to net zero

In addition to the environmental benefits, focusing on net zero has a strong business case. Many businesses are now increasingly being asked by investors, funding bodies, clients and staff about their net zero goals and actions. There’s a real risk of losing business because of market changes driven by global net zero efforts, it’s no longer simply a facilities issue.

What are the main obstacles?

It’s important to recognise the need for serious financial investment in more large-scale opportunities like:

Renewable energy
Heat decarbonisation
Product eco design
Artificial Intelligence (AI)
Climate finance

Deciding where to start, however, and finding the right solutions is an obstacle in itself. At COP28, countries also struggled to agree on four major areas regarding emissions, including:

Authorising emissions reductions when transferring to other countries, and the revising or revoking of authorisation
Reviewing confidential information and correcting any reporting inconsistencies
Defining the scope of “cooperative approaches” on carbon trading to help countries meet their NDCs
Eligible activities within carbon markets.

Despite these challenges, to make a real difference to carbon reduction– whether you’re a SME or large enterprise– you must look at your entire asset base, from IT infrastructure to end user devices to physical assets. Businesses must also consider how to track the environmental impact of these assets and understand their interdependencies to decide which are the most damaging or which are repair or replacement priorities to achieve a positive carbon impact. Ambitious targets will also need to be set out and met by businesses to support their country’s NDCs by 2025.

How can CACI help you overcome these obstacles?

Our Mood Environmental Hub helps track all of your assets across multiple geographic locations and assess the environmental impact of your business. It distills assets from multi-site, business-level functions to departments or even individual teams to provide suggestions for swapping your power-hungry devices to less polluting alternatives and its resulting impact. This enables you to cut costs and fully understand your environmental footprint on demand, empowering your decision making.

The Mood Environmental Hub also takes your existing data and visualises it through user-friendly dashboards that show carbon impact, consumption and cost at an enterprise level. With a single click, you can drill down to asset type, location, department or business function, enabling a quick assessment of priority focus areas for improvement. The advanced modelling feature helps you explore potential improvements, indicating ROI and carbon reduction impact.

You can also easily benchmark performance against carbon commitments such as Social Value through the initiatives tracker. Producing carbon reduction target tracking reports or modelling for a business case is now a click away – to see how it works, you can book a demo here.

How to find the right IT outsourcing partner

Posted on: 17 March 2023

Looking to work with an IT outsourcing provider? Finding the right partner to deliver your requirements can be a tricky and time-consuming process. But, done right, a successful outsourcing relationship can bring long-term strategic benefits to your business. We asked our experts to share their top tips on how to find the right IT outsourcing partner.

Evaluate capabilities

Having the right expertise is the obvious and most essential criterion, so defining your requirements and expectations is the best way to start your search.

When it comes to narrowing down your vendor choices, it’s important to consider the maturity of an organisation as well as technical capabilities. “The risk of working with a small, specialised provider is that they may struggle to keep a handle on your project,” warns Brian Robertson, Resource Manager at CACI. Inversely, a larger organisation may have the expertise, but not the personal approach you’re looking for in a partner. “Always look for a provider that demonstrates a desire to get to the root of your business’s challenges and can outline potential solutions,” Brian advises.

Find evidence of experience

Typically, working with an outsourcing provider that has accumulated experience over many years is a safe bet; however, Daniel Oosthuizen, Senior Vice President of CACI Network Services, recommends ensuring that your prospective outsourcing provider has experience that is relevant to your business, “When you bring in an outsourcing partner, you want them to hit the ground running, not spending weeks and months onboarding them into your world.” Daniel adds, “This becomes more apparent if you work in a regulated industry, such as banking or financial services, where it’s essential that your provider can guarantee compliance with regulatory obligations as well as your internal policies.”

So, how can you trust a provider has the experience you’re looking for? Of course the provider’s website, case studies, and testimonials are a good place to start, but Daniel recommends interrogating a vendor’s credentials directly, “A successful outsourcing relationship hinges on trust, so it’s important to get a sense of a vendor’s credibility early on. For example, can they demonstrate an in-depth knowledge of your sector? Can they share any details about whom they currently partner with? And can they confidently talk you through projects they’ve completed that are similar to yours?”

Consider cultural compatibility

“When it comes to building a strong, strategic and successful outsourcing partnership, there’s no greater foundation than mutual respect and understanding,” says Brian. Evaluating a potential provider’s approach and attitudes against your business’s culture and core values is another critical step in your vetting process. As Daniel says, “If you share the same values, it will be much easier to implement a seamless relationship between your business and your outsourcing partner, making day-to-day management, communication and even conflict resolution more effective and efficient”.

While checking a company’s website can give you some insight into your prospective provider’s values, it’s also worth finding out how long they’ve held partnerships with other clients, as that can indicate whether they can maintain partnerships for the long-term.

However, Daniel says, “The best way to test if a provider has partnership potential is to go and meet them. Get a feel for the team atmosphere, how they approach conversations about your challenges, and how their values translate in their outsourcing relationships.” Brian adds, “Your vision and values are what drive your business forward, so it’s essential that these components are aligned with your outsourcing provider to gain maximum value from the relationship.”

Assess process and tools

Once you’ve determined a potential outsourcing provider’s level of experience and expertise, it’s important to gain an understanding of how they will design and deliver a solution to meet your business’s needs. “It’s always worth investigating what tech and tools an outsourcing provider has at their disposal and whether they are limited by manufacturer agreements. For example, at CACI, our vendor-agnostic approach means we’re not tied to a particular manufacturer, giving us the flexibility to find the right solution to meet our clients’ needs,” Daniel explains

Speaking of flexibility, determining the agility of your potential outsourcing provider’s approach should play a role in your selection process. “There’s always potential for things to change, particularly when delivering a transformation project over several years,” says Brian, adding “that’s why it’s so important to find a partner that can easily scale their solutions up or down, ensuring that you’ve always got the support you need to succeed.”

Determine quality standards

Determining the quality of a new outsourcing partner’s work before you’ve worked with them can be difficult, but there are some clues that can indicate whether a vendor’s quality standards are in line with your expectations, says Daniel, “A good outsourcing partner will be committed to adding value at every step of your project, so get details on their method and frequency of capturing feedback, whether the goals they set are realistic and achievable, and how they manage resource allocation on projects.”

Brian also recommends quizzing outsourcing providers about their recruitment and hiring process to ensure that you’ll be gaining access to reliable and skilled experts, “It’s easy for an outsourcing provider to say they have the best people, so it’s important to probe a little deeper. How experienced are their experts? How are they ensuring their talent is keeping up to date? What is their process for vetting new candidates? All these questions will help to gain an insight into an outsourcing provider’s quality bar – and whether it’s up to your standard.”

Assess value for money

For most IT leaders, cost is one of the most decisive factors when engaging any service; however,
when looking for an IT outsourcing partner, it’s critical to consider more than just a provider’s pricing model. “Contractual comprehensiveness and flexibility should always be taken into account,” says, Brian. “A contract that is vague can result in ‘scope creep’ and unexpected costs, while a rigid contract can tie businesses into a partnership that’s not adding value.” He adds, “Ultimately, it comes down to attitude, a good outsourcing provider can quickly become a great business partner when they go the extra mile.”

Daniel agrees and advises that IT leaders take a holistic view when weighing up potential outsourcing partners, “Look beyond your initial project, or resource requirements and consider where your business is heading and whether your shortlisted providers can bring in the skills and services you need. After all, a truly successful outsourcing partnership is one that can be relied on for the long haul.”

Looking for an outsourcing partner to help with your network operations? Contact our expert team today.

Blockchain, The Game-changer of Data Governance

Posted on: 29 November 2022

Data Governance is our priority when designing a data management solution. The significant contradictions between blockchain technology and The European Union’s General Data Protection Regulation (GDPR) arouse vigorous discussions in the industry. In contrast, European Parliament highlights that it can be a suitable tool to achieve some GDPR objectives.

Make sure to read blockchain technology’s features and strategic business values, as we now explore how blockchain technology changes the game in data governance as more governments experiment with new operations.

Contradictions between blockchain technology and GDPR

The study “Blockchain and the General Data Protection Regulation”, written by European Parliament, highlights several paradoxes in the fundament of blockchain technology and GDPR:

Data Controller
GDPR assumption: Data is centralised on at least one or legal person.
Blockchain technology concept: Data is decentralised to multiple nodes.
Data Modification
GDPR assumption: Data can be modified or erased where necessary to comply with Articles 16 (Right to rectification) and 17 (Right to erasure).
Blockchain technology concept: Data is immutable and stored in the append-only database to ensure data integrity and increase network trust.
Data Process
GDPR requirement: Personal data to be kept to a minimum and only processes data purposefully specified in advance.
Blockchain technology concept: Databases grow continuously as new data is added.

The study also underlines different forms of distributed databases. Hence the compatibility between distributed ledgers and the GDPR is determined by a case-by-case analysis that accounts for the specific technical design and governance set-up of the blockchain use case.

The above analysis leads to two overarching conclusions:

Blockchain use cases’ technical specificities and governance design can be hard to reconcile with the GDPR. Therefore, blockchain architects must be aware of this from the beginning and ensure their design complies with GDPR.
It also stresses the current lack of legal certainty on how blockchain can be designed to comply with the regulation – Not just due to specific features of this technology but also highlights significant conceptual uncertainties related to GDPR.

How can blockchain technology achieve GDPR objectives?

There was an ongoing policy debate in European Parliament on this topic. Their report in 2018, Blockchain: A Forward-Looking Trade Policy, pointed out that ‘blockchain technology can provide solutions for the ‘data protection by design provisions in the GDPR implementation based on their common principles of ensuring secured and self-governed data.’ Recital 7 GDPR foresees that ‘natural persons should have control of their own personal data.’ This rationale is based on the data subject rights, such as the right of access (Article 15 GDPR) or the right to data portability (Article 20 GDPR) that provide data subjects with control over what others do with their data, and what they can do with that personal data by themselves.

At the 52^nd Hawaii International Conference on System Science in 2019, a group of experts proposed a multi-layer blockchain system which can provide users with complete data transparency and control over their data. European Parliament commented that this solution would help comply with the right to access (Article 15 GDPR) and grant a fundamental right to individuals to access their personal information. This looks like a significant move in blockchain because European Parliament recognises the new standards. We believe more corporates are willing to explore the feasibility of applying blockchain in their business, and experimental cases will be boosted out in the market.

Blockchain applications in European Union

Estonian eHealth Patient Portal
Estonia is one of the first governments to embrace blockchain technology. Estonian eHealth Patient Portal, a blockchain-based infrastructure, has been used by their eGovernment to give individuals more control over their health data. A patient can authorise access to their data. By default, medical specialists can access data. However, a patient can deny access to any case-related data to any care provider, including their own general practitioner/family physician.

MyHealthMyData
MyHealthMyData is a project funded under the EU Horizon 2020 scheme that uses blockchain technology to create a structure where data subjects can allow, refuse and withdraw access to their data according to different cases of potential use. Further research can build on this project to determine whether blockchain technology can achieve GDPR objectives and create a benchmark for the industry.

Blockchain Roadmap of the UK Government

The UK Government is endeavouring to develop blockchain use cases and governance. A report by the UK Government Chief Scientific Adviser in 2016 acknowledged that Distributed Ledger Technologies could help governments collect taxes, deliver benefits, issue passports, record land registries, assure the supply chain of goods and generally ensure the integrity of government records and services. In the NHS, technology can enhance health care by improving and authenticating the delivery of services and by sharing records securely according to exact rules.

Yet, effective governance and regulation are critical to successfully implementing distributed ledgers. Law will need to evolve in parallel with the development of new technology applications.

HM Revenue and Customs started a trial on social welfare payment distribution in June 2016 to track the distribution of benefits. They are still working with a UK start-up to integrate blockchain technology into supply chains to increase efficiency and security.

Department for Work and Pensions studied the first full production implementation, such as Santander’s One Pay FX, a blockchain-based international payments service to retail customers in multiple countries. The benefits include reducing transaction time, cost and failure rate whilst data is stored on a secure, immutable ledger.

Conclusion

Though there are significant tensions between the nature of blockchain technology and the legal frameworks surrounding data privacy, blockchain technology can be an alternative form of data management system for you to achieve particular data governance objectives, depending on the system architecture. With more governments recognising the benefits brought by blockchain, we believe blockchain technology can be compatible with data privacy law.

Despite the legal framework of GDPR being built on the fundament of a centralised database system, corporates should be more familiar with the regulations; they can face catastrophic data breaches and hefty fines in light of weak security layers. Data breaches of British Airways in 2018 and Marriott in 2020 were considered case studies.

British Airways was fined £20m for a data breach which affected more than 400,000 customers. A subsequent investigation concluded that sufficient security measures, such as multi-factor authentication, were not in place at the time.

Marriott International was fined £18.4m for a data breach that exposed 339 million customer records in 2018, caused by poor data management policies and unencrypted sensitive data. An investigation by the Information Commissioner’s Office found the hotel giant “failed to put appropriate technical or organisational measures in place to protect the personal data being processed on its systems, as required by the GDPR.”

In other words, a robust security system is essential to data protection, not the technology itself.

Other than data privacy law, Financial Stability Board intends to implement its first recommendations on global crypto regulation in early 2023. This powerful regulation may provide more clarity for the crypto businesses on how to set up the blockchain system. Let’s follow the latest news on the regulation.

Our upcoming discussion focuses on how blockchain can improve cybersecurity and impact different business cases.

How CACI can help

Our experts can advise you on the best practice for managing your data under your regulatory requirements. We help large enterprise organisations define and execute data standards, policies and strategies.

Get in touch with us today.

Notes:
[1] Blockchain and the General Data Protection Regulation (europa.eu)
[2] Article 16 & 17: Right to rectification (gdpr.org)
[3] REPORT on Blockchain: a forward-looking trade policy | A8-0407/2018 | European Parliament (europa.eu)
[4] BPDIMS:A Blockchain-based Personal Data and Identity Management System (researchgate.net)
[5] Estonian Health Records to Be Secured by Blockchain – Bitcoin News
[6] Personal control of privacy and data: Estonian experience | SpringerLink
[7] My Health My Data
[8] Distributed Ledger Technology: beyond block chain (publishing.service.gov.uk)
[9] GovCoin Systems Implements Social Welfare Payments Distribution Trial for UK’s Department for Work and Pensions | Business Wire
[10] Transforming for a digital future: 2022 to 2025 roadmap for digital and data – GOV.UK (www.gov.uk)
[11] Santander One Pay FX, a blockchain-based international money transfer service – (enterprisetimes.co.uk)
[12] The changing world of payments – DWP Digital (blog.gov.uk)
[13] British Airways fined £20m over data breach – BBC News
[14] Lessons learned: the Marriott breach – Infosec Resources (infosecinstitute.com)
[15] Marriott Fined £18.4m Over Data Breach – Infosecurity Magazine (infosecurity-magazine.com)
[16] FSB ready for rapid rollout of global crypto standards (ft.com)

Should you invest in blockchain technology?

Posted on: 8 November 2022

Blockchain technology has revolutionised an array of fields including financial services, supply chain, healthcare and the Internet of Things. In the first of a series of blogs exploring blockchain, we look at the key areas to consider before deciding to invest in blockchain – an overview of the technology, its business applications and strategic business values.

What is a blockchain?

A blockchain is a shared, decentralised database that uses Distributed Ledger Technology (DLT) to store data in a succession of segments called blocks. After the latest block is filled, it is cryptographically connected to the previous completed block. The data chain created is called a blockchain.

How does it work?

What types of blockchain are there?

Public blockchain
A public blockchain is non-restrictive and permissionless. Any internet user can register on a public blockchain platform and become an authorised processing and storage node. All nodes in the network have equal rights to access, create, and validate the data in the blockchain. Bitcoin and Ethereum are the most well-known public blockchain platforms dealing with cryptocurrency.

Private blockchain
A private blockchain works in a restrictive environment and is governed by one organisation which determines node access, executes the consensus protocol and maintains the shared data. A private blockchain typically runs within an organisation’s network to cope with highly confidential data and is held securely. Audit management and asset control are common use cases of private blockchain.

Hybrid blockchain
A hybrid blockchain combines characteristics of both public and private blockchains to control access to specific private data held on a public blockchain. For instance, property companies use hybrid blockchains to run systems privately but disclose certain transaction information to the public.

Consortium blockchain
Consortium blockchains are a type of private blockchain managed by multiple organisations rather than one entity. Supply chain management, especially for food and medicine, is an ideal application for this type of blockchain – from sourcing to delivery, all parties involved in the supply chain can form a consortium to track the product status.

The advantages of blockchain

Decentralised trust
Users no longer rely on centralised intermediaries to complete transactions. By storing data in a peer-to-peer network, every node has the same data and authority to view all transactions. There is no single point of control.

Enhanced security
Cryptographic hashing, which converts arbitrarily large amounts of data into a short unique string of text, plays a crucial role in blockchain security. A hash value is automatically calculated for each block and consists of the block’s ID number, user ID number, previous block’s hash value, timestamp and other details. Employing hashing in this manner makes it impossible to change any data held in the block, metadata about the block, or its position in the chain without having to recompute that and every subsequent block in the chain.

High level of data integrity
From the verification process to storing transactions, data is verified by a consensus algorithm specific to the blockchain protocol. Any invalid data is rejected, protecting the chain from human error. The integrity and security of blockchains make them immutable, transparent and unimpeachable.

Disadvantages of blockchain

Uncertain legal and regulatory environment
Blockchain technology is still developing and the principles of existing regulations may not accommodate the fundamentals of blockchain. For instance, General Data Protection Regulation (GDPR) assumes data is centralised on at least one legal entity, while blockchain decentralises data storage to an anonymous network of nodes. Blockchain technologists should study the regulations thoroughly before implementation.

Novel cyber-attacks
Blockchains are not immune to cyber-attacks and all new technologies have undiscovered vulnerabilities. Attacks such as the following are effective against blockchain:

a 51% attack – where more than half of the nodes computing a chain are influenced by a bad actor
a Sybil attack – where a single entity creates multiple dummy nodes to wield disproportionate voting power
DDOS – where nodes are flooded with connections which block out legitimate traffic

There are no quick solutions to safeguard your systems, blockchain technologists can implement careful plans on system architecture and design to pre-empt cyber-attacks.

High energy consumption and data storage cost
Older blockchains, such as Bitcoin, validate blocks using a Proof of Work consensus algorithm in which all the nodes compete to compute a completed block in exchange for an administrative payment. Only one node can win resulting in all the partial computations being wasted. This amounts to a tremendous waste of electricity. More modern blockchains employ Proof of Stake, which is much more efficient, but migrating from one protocol to the other is extremely complicated. Blockchains ledgers – the data chain – are replicated at least in part to every node. By 2021, the Bitcoin ledger had reached 433GB [1] and the Ethereum ledger close to 1TB [2]. Given node counts in the thousands, even partial replication represents vast duplication across the world.

Considerations before you implement blockchain

Business needs
Before you implement blockchain technology, we strongly advise your team to evaluate existing business models and needs. Businesses that require a high level of data integrity and traceability are more likely to apply this. Investing in blockchain technology is worthwhile if the application transforms your user experience, democratises governance or reduces overall cost; but it is fundamentally a distributed database.

Integration concerns
Given that most organisations rely on legacy systems to run their business, careful technical analysis is essential to ensure that blockchain systems can integrate successfully with the existing estate.

Privacy issues
Logical layers in a blockchain system are the key to complying with privacy regulations. Stakeholders should examine the interactions between different layers – how the data is stored, accessed and transacted in the system.

Cost and revenue analysis
Enormous investments in setting up a blockchain system – such as infrastructure, data storage and maintenance – often create barriers for organisations to get involved. However evaluating its strategic business values can change your mind. Let’s take some examples from The Blockchain 50, named by Forbes [3] :

Allianz streamlines cross-border auto insurance claims in Europe. Processing time for insurance claims has been reduced from several months to minutes and costs have fallen 10%. The quick claim procedure absolutely contributes to a high customer satisfaction level and customer retention. No wonder Allianz has led in the claims category with a satisfaction score of 76.04%, according to Brokerbility’s survey. [4]
Boeing builds a digital aircraft record system to help airlines keep up with required maintenance, saving 25% on maintenance costs, potentially worth up to $3.5 billion (~£2.96 billion) annually.[5]
De Beers has registered over 400,000 gems worth $2 billion (~ £1.6 billion) to provide immutable records of a gem’s origin, to track it along the supply chain and improve jewellery retailers’ confidence in procurement. [6]

Scalability
As more nodes join a blockchain network, latency and convergence can increase. Compare the transaction speed between Bitcoin, the oldest and biggest public blockchain network which can only process 7 transactions per second, and Visa, a centralised electronic payment network which can handle more than 24,000 transactions per second [7].

Scalability is a challenge in setting up a public blockchain, but there are several options to enhance it:

Data Sharding – Data sharding splits an extensive blockchain network into smaller, more easily managed parts called shards. A node does not need to rely on the whole database to verify and process a transaction. Instead, all nodes work in parallel, resulting in more efficient transaction throughput.
Off-chain data storage – Transactions can be completed on the blockchain network, and data is stored in the off-chain environment to reduce the on-chain storage requirements.
Scalable consensus mechanisms – The Proof of Work consensus protocol in Bitcoin provides a high-security mechanism but a long transaction time. Proof of Stake consensus mechanism is a possible solution to speed up transaction time and higher scalability.

Conclusion

To decide whether to invest in blockchain technology, your team should ascertain whether your business needs will be best met by using this approach and explore cost and revenue impact as much as possible. Equally, you should consider the disadvantages of blockchain technology such as potential cyber-attacks, high energy consumption and scalability concerns to decide how to address each of them. Blockchain technology is not the only way to perform full data transparency or traceability – well-managed centralised databases can solve it.

Blockchain technology changes how we trust and solve problems in a traditional database system, like disintermediation and data security enhancement. It can optimise the operation in low-trust environments where users rely on third-party checks.

An insight written by McKinsey Digital [8] analysed the monetary impact in more than 90 use cases; they estimated that approximately 70 per cent of the value at stake in the short term is cost reduction, followed by revenue generation and capital relief. Cost can be taken out by removing intermediaries and administrative efforts on housekeeping, as well as improvements in transparency and fraud control.

Specific industries that capture the most significant revenue from blockchain are Automotive, Healthcare, Property, Public Sector and Technology, Media & Telecommunications. We believe the value of blockchain will enable brand-new business models and revenue streams over time.

This is the first blog in our new series which aims to help you understand the different aspects of blockchain technology. Over the course of the series, we will discuss how blockchain impacts data governance, cybersecurity and cyber-attacks.

How CACI can help

Equipping your systems with blockchain-compatible elements is a key initial step. Our services enable you to ensure that the foundations are correct and our experts can advise you on network design, architecture, service design, business process, data governance and cybersecurity solutions. Get in touch with us today.

Notes:
[1] Blockchain Explorer – Search the Blockchain | BTC | ETH | BCH, statistics as of 23 Oct, 2022
[2] Ethereum Chain Full Sync Data Size (ycharts.com), statistics as of 24 Oct 2022
[3] Forbes Blockchain 50 2022
[4] Allianz tops the ranks in Brokerbility’s insurer partner satisfaction survey (insurancetimes.co.uk)
[5] Boeing supports TrustFlight aircraft maintenance project using blockchain – Ledger Insights – blockchain for enterprise
[6] De Beers group introduces world’s first blockchain-backed diamond source platform at scale – De Beers Group
[7] Small Business Retail | Visa
[8] The strategic business value of the blockchain market | McKinsey

How to create a successful M&A IT integration strategy

Posted on: 11 March 2022

From entering new markets to growing market share, mergers and acquisitions (M&As) can bring big business benefits. However, making the decision to acquire or merge is the easy part of the process. What comes next is likely to bring disruption and difficulty. In research reported by the Harvard Business Review, the failure rate of acquisitions is astonishingly high – between 70 and 90 per cent – with integration issues often highlighted as the most likely cause.

While the impact of M&A affects every element of an organisation, the blending of technical assets and resulting patchwork of IT systems can present significant technical challenges for IT leaders. Here, we explore the most common problems and how to navigate them to achieve a smooth and successful IT transition.

Get the full picture

Mapping the route of your IT transition is crucial to keeping your team focused throughout the process. But you need to be clear about your starting point. That’s why conducting a census of the entire IT infrastructure – from hardware and software to network systems, as well as enterprise and corporate platforms – should be the first step in your IT transition.

Gather requirements & identify gaps

Knowing what you’ve got is the first step, knowing what you haven’t is the next. Technology underpins every element of your business, so you should examine each corporate function and business unit through an IT lens. What services impact each function? How will an integration impact them? What opportunities are there to optimise? Finding the answers to these questions will help you to identify and address your most glaring gaps.

Seize opportunities to modernise

M&A provide the opportunity for IT leaders to re-evaluate and update their environments, so it’s important to look at where you can modernise rather than merge. This will ensure you gain maximum value from the process. For example, shifting to cloud infrastructure can enable your in-house team to focus on performance optimisation whilst also achieving cost savings and enhanced security. Similarly, automating routine or manual tasks using AI or machine learning can ease the burden on overwhelmed IT teams.

Implement strong governance

If you’re fusing two IT departments, you need to embed good governance early on. Start by assessing your current GRC (Governance, Risk and Compliance) maturity. A holistic view will enable you to target gaps effectively and ensure greater transparency of your processes. In addition to bringing certainty and consistency across your team, taking this crucial step will also help you to tackle any compliance and security shortfalls that may result from merging with the acquired business.

Clean up your data

Managing data migration can be a complex process during a merger and acquisition. It’s likely that data will be scattered across various systems, services, and applications. Duplicate data may also be an issue. This makes it difficult to gain an updated single customer view, limiting your ability to track sales and marketing effectiveness. The lack of visibility can also have a negative impact on customer experience. For example, having two disparate CRM systems may result in two sales representatives contacting a single customer, causing frustration and portraying your organisation as disorganised. There’s also a significant financial and reputational risk if data from the merged business isn’t managed securely. With all this in mind, it’s clear that developing an effective strategy and management process should be a key step in planning your IT transition.

Lead with communication

Change can be scary, and uncertainty is the enemy of productivity. That’s why communication is key to a successful merger and acquisition. Ensuring a frequent flow of information can help to combat this. However, IT leaders should also be mindful of creating opportunities for employees to share ideas and concerns.

If you are merging two IT departments, it is important to understand the cultural differences of the two businesses and where issues may arise. This will help you to develop an effective strategy for bringing the two teams together. While championing collaboration and knowledge sharing will go a long way to helping you achieve the goal of the M&A process – a better, stronger, more cohesive business.

How we can help

From assessing your existing IT infrastructure to cloud migration, data management and driving efficiencies through automation, we can support you at every step of your IT transition.

Transitioning your IT following M&A? Contact our expert team today.