D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] NHS Webmail: £91M



Adrian Midgley wrote:

So what might the panel use to provide a webmail and POP3 access (say) for
about 1 000 000 people from about 2-3 locations each.  (Oh, and a directory)

And could you get it in under £91 e6 forthe first 10 years do you think?

EDS are giving us, it is rumoured, a proprietary solution for that much.

Assuming that reads 91,000,000 GBP for all of ten years, or a 10
pound a year charge per user, I think people will struggle to do
this from scratch, depending what the detailed requirements are,
and predicted maintenance/expansion.

As such I'd be surprised if it remained in budget ;-)

Backend hardware and software are cheap, although I'd want to
know the security level required. 

If POP3 is used security isn't very good anyway. Since you
end up with messages spread all over different machines
with no mechanism for either backup or auditing of access.

What about audit trail, must I make a backup copy of every
message that is retrieval for audit purposes? Including the
"mistakes"?

Adrian's security tag budget assuming you need a million for a
million users, but with NHS staff turnover and the usual wastage
I'd predict at least 2 million over 10 years. Although of course
if I buy 2,000,000 of anything I don't pay retail (except maybe
transistors these days ;-).

RSA cards will want readers I suspect, you don't want people
typing in numbers everytime if you can avoid it, inefficient use
of staff resource.

You also need to handle wear on the cards and readers, including
attempts to feed them coffee. As well as mechanisms for replacement
of lost/stolen cards.

You'd need to be able to handle a huge volume of resulting
enquiries, assuming you can offload things like user creation to
NHS personnel departments. The remote security cards were
notorious for creating extra calls due to clock drift and going
through washing machines, I think they are better these days.

You also have issues with radiation and magnetic fields.
As well as can they be sterilised or do they have to stay
outside places such as operating theatres, radiography
rooms, etc. Leading to people having to remember where
they put their card. 

I'd also try and negoiate the service features against price,
but most government purchasing doesn't work this way. They tend
to write the features and functions they want down, and write
off suppliers who can't meet (or don't claim they will meet)
100% of those requirements, they won't take a 50% price cut for
95% of requirements met style bid in most cases (even if the
remaining 5% is never provided by the eventual contract winner,
who just absorbs the penalty).

As well as the issue of which of the features will ever actually
be used anyway.

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly