The wiping of records from the UK Police National Computer database earlier this month was likely due to best practice not being followed in three key roles, according to BCS, The Chartered Institute for IT.
The ‘coding error’ that has caused that loss of 150000 records on the Police National Computer database had been blamed on human error. Policing minister, Kit Malthouse, said: “Unfortunately down to human error, some defective code was introduced as part of that routine maintenance earlier this week and that’s resulted in a deletion of some records and that’s currently under investigation.”
The BCS said it is likely that a developer, test analyst and release manager would all have been part of the process leading up to the failure.
The incident highlights the fact that IT practitioners should be accountable to independent professional standards, the organisation added.
Adam Leon Smith, Chair of the BCS Software Testing Group said: “Modern complex systems are resilient, failures rarely occur because of a single decision or error. In order to delete data from a live environment through a coding error, a failure needs to occur not just in the coding, but in the test design (or one of its supporting processes, such as making sure the right version of the software is in the testing environment).
Even the non-critical systems are typically backed up daily, so either a failure has also occurred in the backup process, or something about the backout plan for the software change wasn’t tested properly and has failed.
In many sectors, including the public sector, at least three segregated “roles”; a developer, a test analyst and a release manager would have been involved in this event. Three different roles that have best practices and professional standards that haven’t been followed or met.”
This article was first published on the BCS website.
