nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

South Australia: Great for wine, murder, insecure, outdated over budget government IT

Just another day in public sector technology, really

By Richard Chirgwin, 27 Oct 2015

The Audit Office in the Australian State of South Australia has run the rule over the region's IT and graded it as “4/10, must try harder”.

The state's management of more than a billion dollars worth of technology is not much better than a shambles, according to the office's Information and communications technology report (PDF here). Even before drilling down into specifics, the report cans documentation, access control (there are too many users with admin privilege), logging (inadequate), change management (ditto), risk management and system fixes (deficient), disaster recovery planning (either absent or untested), and contract monitoring.

The report also notes that some agencies missed the July 2015 end-of-support deadline for Windows Server 2003, and should be migrated with “some urgency”.

All in all, the report says, there's the risk that the “confidentiality, integrity and availability of their financial data to be compromised”.

The state's cloud computing strategy is stalled, the audit finds, with agencies still wrestling with data sovereignty and data access issues.

But it's a couple of major health initiatives that come in for the strongest criticism.

A pathology system due to be launched at the Royal Adelaide Hospital, worth AU$30 million, is at risk of being “sub-optimal”, the audit finds.

Tasked with the business of integrating pathology requests, reports and results into a single environment, the Enterprise Pathology Library Information System (EPLIS) is running behind schedule. The audit notes that the laboratory instruments and “robotic tracks”, both specified for the system, haven't yet been procured.

The report finds that the system isn't designed to receive “inbound electronic messages” from external systems such as medical practitioners outside the hospital, nor the health department's Open Architecture Clinical Information System.

Even the state's $422 million, ten-year Enterprise Patient Administration System hasn't yet learned the lingo and can't talk to EPLIS.

Integration trouble is a recurring theme in the EPLIS project – it's also run into trouble talking to billing systems, with the report saying there's a risk that it would have to go live with a manual billing system.

Already under cost pressure, the EPLIS is at risk of running over budget, the audit finds.

There's one bright spot in the review. The audit finds that South Australian government website security has improved in the last year. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing