Information is essential in the defence industry

It allows the effective management of operations and projects. Yet, this information is often highly confidential. The MoD sets guidance and the industry-standard around information capture and storage. Having quality information is key to supporting decision-makers. And thus, managing it as the important asset that it is. Information management ensures governance structures, mechanisms and resources are in place. For example, projects that create supportability engineering need to manage information through its life. Whether held in databases, released in documents, within emails etc.

Management and Disclosure of Information is Key

To meet the MoD’s legal duty of care obligations it is a requirement that on all projects, external suppliers manage the information created to legal mandates on the management and disclosure of information including:

•  Public Records Act (PRA) (1958 and 1967)
• Data Protection Act (DPA) (1998)
• Environmental Information Regulations (EIR) (2004)
• Freedom of Information Act (FOIA) (2000)

 The MoD also mandates the use of the Logistics Coherence Information Architecture (LCIA). This is to achieve consistency in these projects.

Working with the MoD, suppliers need to bear in mind:

• Processes relating to information management are in a handbook on the MoD’s website.
• Information created during the life of the solution. This information needs to be in a repository.
• Accessibility of information is important: universal access from front-line to industry.
• Any project using exchanging or storing information must use existing Log IS systems. This ensures consistency and interoperability of data and use of open standards.
• Documents (letters, publications, websites, spreadsheets and databases) and many types of recording media (paper, electronic files, video files) managed to JSP 747.
• JSP 441 defines the policy for MoD records management.

Data breaches are still occurring in the defence sector.  From 2023, the Russian – Ukraine war highlighted how data attacks were part of the conflict as well as breaches closer to home in the UK.

And, while cyber breaches make the headlines, it’s not the only way breaches occur. Often it is due to regulatory requirements and essential, yet complex audit trails.

Defence Digital and Information Technology Function

The Defence Digital function is part of the MoD. It leads to the delivery of transforming digital and information capability. It ensures projects are secure, integrated and easy to use. Projects are at scale and pace to ensure sustainable military and business advantage.

The goals of D&IT are around:

• Digitise the battlespace
• Deliver responsive cyber defence
• Promote information-led wider business transformation
• Provide more effective and efficient IT services
• Build a capable and cohesive function

The function believes these goals will achieve the following benefits to the MoD:

• Improved decision support and more effective Command and Control
• Simpler, more effective and cheaper processes
• IT efficiency through fewer cost and schedule overruns
• Service reliability and quality with a reduction in system outages
• Reduced risk of loss of sensitive data
• Information and analysis driving greater insight and decision-making
• Staff satisfaction, retention and quality

The MOD strategy covers the identification and storage of:

• Documents
• Materials
• Components
• Equipment
• Operations

All of these are used in the manufacture, procurement and maintenance of products.  The unique marking and retention of records are possible. This creates a traceable, historical path of the life cycle of defence equipment.

Traceability

Traceability is the ability to verify the history, location, or application of an item.  Using documented recorded identification.

This traceability helps prevent the spread of fraudulent and counterfeit material. This impacts the performance of defence equipment. As well as the financial and reputational losses for suppliers. Standards that try and combat this include BS EN ISO 9001 and BS EN 9100C Section 7.5.3 – identification and traceability and 4.2.4 control of records.

Traceability requirements should be throughout the product life. Often software applications provide traceability. But, the management of physical records is also important.

Effective records management needs to be an integral part of quality management systems. Records show equipment meets the design and safety requirements.  This record forms part of the contract between yourselves and the purchaser. This contract might include:

• Clear definition of record-keeping responsibilities and requirements.
• Clear definition of which records to keep. Their retention periods. The form they will take. Often scanned, to BS 10008 standards, but occasionally you’ll need to keep the hard copy master.
• Controls to ensure record integrity, and any updates take place over time.
• Security arrangements to prevent inappropriate access to records and loss.
• Readily retrievable, as needed.
• Indexed.
• Stored in a controlled and secure environment.
• Destroyed securely when no longer required.

“Over the next decade, we are committed to spending over £186 billion on equipment and support. Defence has a major role to play in delivering the government’s growth and enterprise agenda – the Ministry of Defence accounts for over 40% of all government spend with industry and our procurement activity includes some of the most complex and technologically advanced projects in the world.

We want to encourage Innovation and wider Small and Medium-sized Enterprise participation throughout our supply chain and will continue to pursue policies and practices that make it easier for new and smaller businesses to identify, compete for and win opportunities with the Ministry of Defence. This will help us to deliver our vision of a vibrant, sustainable and competitive UK industrial base.”

Stuart Andrew, Minister of Defence Procurement (July 2018 to July 2019)

Restore Digital

Restore have long standing relationships with both the MoD and the NDA. Our scanning and archiving sites meet all the regulation needed to hold highly classified information. Restore Digital provide document digitisation, document management systems and automated workflows for many organisations in the defence industry, but government and commercial.

How can Restore support you?

Quality has always been a crucial part of the defence sector. The fundamentals of control, inspection, assurance and quality management are vital. They are often recognised as part of the ISO9000 family. The MoD, have a strict policy of “appropriate certification”. They prefer to work with suppliers with certified business management systems.

ISO systems in themselves don’t address all the MoD’s requirements. AQAPs are often used as supplementary evidence.

Restore has worked with the defence and military industry for many years.  We have a broad spectrum of customers from the industry providing support on their digital journey. From:

• Defence
• Government
• Aerospace
• Energy
• Homelands security

Restore are a trusted partner for highly sensitive information. with stringent compliance and regulatory environments.

Archive Scanning

Restore have worked with both the MoD and NDA and we hold Place of Deposit Status.

We also have certification in or work to the following standards:

• ISO 9001:2015 – Quality Management System
• ISO 45001:2018 – Health and Safety
• ISO14001:2015 – Environmental Management System
• ISO 27001:2022 (Information Security Management System) (formerly BS 7799)
• BS EN 7858 – Security Screening for Personnel
• BS 4971:2017 – Guide for the storage and exhibition of archival materials
• BS 10008:2020 – Evidential Weight and Legal Admissibility of Electronic Information.
• ISO 20000 (ITIL) – Our Systems are ITIL compliant and, whilst we do not currently hold the certification, our processes do follow best practice. We intend to become certified soon.
• Restore hold ISO 22301:2019 Business Continuity Management (BCM)
• ISO 270035:2011 (Information Security Incident Management) – Restore have incident management policies and processes but are not currently certified
• IG Toolkit Compliance.
• NHS Digital Data Security & Protection Toolkit We have completed the online assessment to assure we are practising good data security and handling personal information correctly.

We are the go-to company for scanning highly sensitive and confidential records. We can digitise any document, including:

• CAD files
• Technical drawings
• Microfiche
• Microfilm
• Aperture cards
• Book scanning
• Fragile documents

Document Management Systems

Digitised paper records benefit from a secure cloud-based or on-premise system. It allows you the agility to access your information on any device in any country. This is essential for flexible working.

Restore offer a number of EDRM system and we will work with you to find the solution that best suits your organisation.

The systems have a trackable history. This provides a full audit trail. You can set permissions and rule-based actions, such as retention periods. You can configure both to support and enable automation and RPA. They can provide an easy way to introduced automated workflows.