Andrew Allan (CCL/Revera)
Infrastructure and IT services provider CCL/Revera has come in from the cold, gaining recertification for its all-of-government infrastructure-as-a-service offering.
Still unspecified security issues were identified in the Spark-owned company's datacentres a year ago and it has been working towards recertification since then.
The company achieved that on schedule at the end of June, the Department of Internal Affairs confirmed to Reseller News.
“CCL/Revera has been working closely with the DIA, and last month completed recertification," Andrew Allan, CEO of CCL/Revera, said.
"This was a top priority for our business and we completed the necessary work as quickly as possible in keeping with our commitment to our long-standing government relationship."
The issue was revealed by Reseller News in January, when a health sector ICT project report revealed a major datacentre project for northern region district health boards was described as "at risk" due to delays in CCL/Revera achieving recertification.
Revera, now CCL, is one of three providers on the Department of Internal Affairs' (DIA) infrastructure as a service (IaaS) panel, the others being Datacom and IBM.
The update on digital health projects published by the Ministry of Health late last year reported that a Northern Region Datacentre (IaaS) project was running seven months late "due to delays in the Revera recertification".
The project was coded red on a green-amber-red "traffic-light" scale and its confidence rating described as "at risk".
Around the same time, the Ministry of Health stopped its up to then regular reporting on major sector ICT projects.
"The Ministry's monthly report on digital health initiatives was paused at the beginning of the year to allow for a strategic reset of the process," the Ministry told Reseller News.
"This meant that no reports were issued in January and February, and with the advent of the COVID-19 response in March, we have yet to restart the reporting process. Reporting in the new format is anticipated to begin from July this year."
An official information request to DIA, the government's lead digital agency, produced a report and letter of commitment from Allan to fix the issues.
Specifics of the issues then blocking recertification had, however, been redacted from the document and the service security audit risk report that identified the problems in the first place was withheld.
DIA told Reseller News in January that there are two components to Revera's IaaS offering that need to be recertified: the physical security of one of its three datacentres and the infrastructure services provided from all of them.
As to the DHBs' Northern Region Datacentre project, shared ICT service provider HealthAlliance said it was in the final stages of the approval process for the planned shift to government-mandated infrastructure-as-a-service platforms.
"At this time HealthAlliance is not in a position to disclose the preferred supplier, given the on-going status of commercial negotiations and the need to protect the integrity of this process," it said in a statement.
"We’ll be in a position to share more information at the conclusion of these negotiations."
A large number of central and local government agencies are clients of Revera, among the biggest being Inland Revenue and Auckland Council.
