Following the IT issue affecting NHS Greater Glasgow and Clyde (NHSGGC) between 1 and 3 October 2013 the findings of an independent technical assurance review have been published today.
The review, commissioned jointly by NHSGGC and the Scottish Government, has confirmed that the source of the problem related to a rare corruption in a programme known as Active Directory.
Active Directory is a commonly used part of IT infrastructure - used by the vast majority of UK organisations and businesses - which manages how users are given access to the various IT services they have permissions for.
Whilst the problem has been confirmed as being related to Active Directory the exact root cause of the failure is yet to be determined.
The review team, led by the Scottish Government’s Chief Technology Officer, Andy McClintock, also reported that NHSGGC implemented and managed Active Directory well and in line with industry good practice.
They also praised the NHSGGC IT team and their suppliers for the professional handling of the incident confirming that no data was lost and that all actions taken were in line with best practice.
The report details that all those interviewed as part of the review - including Active Directory supplier Microsoft - had never experienced a failure of this nature with Active Directory.
The report also states that despite the rarity of the scenario it already featured within NHSGGC’s contingency plans and the procedure NHSGGC ultimately used to recover the system was the one which was set out in the health board’s disaster recovery plan.
Eight recommendations were made as part of the review and these have either been implemented already or are in the process of being actioned.
Health Secretary Alex Neil said: “This review has shown that the technical team took the appropriate actions and did everything possible to restore services under enormous pressure.
“A number of recommendations have come from this review and I note that NHS Greater Glasgow and Clyde are taking steps these to implement all of the recommendations promptly.
“I am keen that lessons can be learnt across Scotland and the report has also been shared with the technical leads in all other health boards.
"I have also instructed a robust review right across the health service in Scotland with all NHS boards ensuring that both their IT systems and their backup systems are robust. This review will report back to me by the end of the year.
“I would again like to express my gratitude to all staff in NHS Greater Glasgow and Clyde who worked round the clock in resolving this issue, and in ensuring that disruption to patients was kept to a minimum.”
NHSGGC Chief Executive, Robert Calderwood, said: “I am pleased that the review team were able to satisfy themselves that NHSGGC’s IT infrastructure is sound and well managed and that the fault was not one that could have been foreseen.
“The recommendations made in the report will be implemented in full and a number have already been completed.
“709 patients had their appointment temporarily postponed due to this issue and although I apologised at the time I would like to reiterate my apologies for the inconvenienced this caused. I would also wish to thank staff for the remarkable resilience shown by the organisation as a whole in ensuring that more than 10,000 patients continued to be seen using manual backup systems whilst the problem was ongoing.”
Notes to Editors
The other members of the review team were Charles Bachelor, Police Scotland, Neil Logan, Chief Technical Officer, AMOR Group and Kenneth McLauchlan, Active Directory Specialist, Police Scotland. They were selected for their strategic, technical and operational experience gained in both public and private sectors over many years
Please click here www.nhsggc.org.uk/itreport to download the report in full.
For more information contact 0141 201 4429.