Best of 2020: Sport Integrity Australia's ICT journey
A new body, Sport Integrity Australia, has been given responsibility for managing complex issues involving lots of sensitive data.
In 2018, the findings of the Review of Australia’s Sports Integrity Arrangements — known as the Wood Review — were presented to the federal government, with one of the prime recommendations being to merge the functions of several bodies which had had separate responsibilities for aspects of sports integrity issues.
The first stage of that merger has seen the Commonwealth sports integrity functions of the Australian Sports Anti-Doping Authority, the National Integrity of Sport Unit from the Department of Health and the safeguarding functions of Sport Australia all combined into a new body, Sport Integrity Australia.
The second stage will see other functions fulfilled, including an Australian Wagering Scheme and more outreach and education.
Sport Integrity Australia has a very important role to play in the administration of integrity measures across Australian sports, which of course brings with it heavy responsibilities when it comes to the collection, use and storage of sensitive personal data of thousands of athletes and others.
The agency currently has 292 FTE staff, including Canberra-based personnel and a large network of casual and full-time staff spread around Australia.
To find out what it was like having to merge the ICT operations of several separate bodies, we spoke with Andrew Collins, CIO of Sport Integrity Australia.
What was the timeline of the merger?
Following the government’s endorsement of the Wood Review recommendations in 2019, the Department of Health, ASADA and Sport Australia established a machinery of government (MoG) change program and governance structure to facilitate the merger. This body was comprised of property, security, IT, finance, HR, branding, subject matter leads and so on, and oversaw the integration of staff and services for Sport Integrity Australia on the 1st of July 2020.
Were the three bodies’ systems very disparate?
Yes, as the security requirements and core functions of the parent agencies are all quite different and hence their ICT and security postures were tuned to each of their businesses.
How big a job has it been?
In mid-2018 ASADA commenced a major technology uplift program to realise the CEO’s vision of an engaged and data-informed organisation. Realising this vision required digitisation of almost all ASADA processes and toolsets and saw a migration of internal systems to the Azure Protected cloud and an organisation-wide uplift in capability through the use of cloud services such as Office 365 and Dynamics 365.
As a part of the MoG process we looked at the potential ICT platforms for the new agency, and the ICT leads for Health, ASADA and Sport Australia supported using the ASADA ICT environment as the basis for Sport Integrity.
Because of this, the final merging of staff was quite simple and involved adding new staff and moving TRIM data records from Health. I wish all MoGs were so straightforward!
Is BYOD and working from home a challenge?
The protection of athlete health information is of critical importance and as a result we do not allow BYOD access to our systems or data. This approach allows us to enforce strong, risk-based authentication and access controls on all our data and systems.
Working from home and our business continuity process (BCP) response is a great testament of the value of the mobilisation of staff and the cloud-based Office365/D365 platforms we have established. On the day we enacted the BCP, we moved to 100% work from home with no real impact of our functions. We are still operating very effectively with around 80% of our staff working from home. And the value of the investments in ICT and security we have made continue to pay off.
There are certainly challenges with working from home, and long-term WH&S of staff is a prime concern. But collaboration tools like Teams and Stream have significantly reduced the impact COVID would have had on operations. In some ways it has made our teams stronger, with the collaboration platforms also being used for team bonding. For example, we recently held a trivia competition with Drug Free Sport New Zealand and I have picked up a lot of gardening advice from our deputy CEO!
Do AI and machine learning play a role in your operations?
We have the Microsoft Artificial Intelligence platform in our environment now and are starting to use the platforms for automation of common workflows; also key to this is the Power platform. These tools are aimed at moving ICT innovation and automation into the hands of business and power users rather than being exclusively an ICT tool.
Examples are a PowerApp we developed to attach to meetings allowing minutes, attendance, paper and decisions to be tracked and action items integrated into staff planners to allow tracing of the delivery of action items.
Another example that we are currently implementing is automation of the media analysis function. As you can imagine, sport and anti-doping are in the media regularly around the world. Traditionally this summary process was a manual task; we are building a solution using cognitive services to automate a large part of this. There is also some groundbreaking AI work led by the World Anti-Doping Authority (WADA) that is using AI to detect drug cheats based on variations in their athlete biological passports.
As exciting as these are, they are only just the beginning and I expect in two years’ time the number of AIs will outnumber the staff, allowing those staff to focus on the difficult and challenging programs that require creativity and imagination… leaving the mundane process work to the AIs.
How much do you rely on external partners?
To completely transform and grow previous operations from a paper-based operating model to the modern, cloud-based, data-informed Sport Integrity Australia is a massive task. The ICT team is comprised of two permanent and three contract staff.
Our transformation was based on a preface of ‘Lead at what is important, partner for everything else’. As such we have a strong partnering model which has allowed us to undertake such a large transformation; but it is a partnering model where the key ICT governance and operations remain with the agency.
Typically, this is referred to as the MSI (Master Service Integrator) role. In keeping this role in-house, we have been able to bring a range of vendors on board and deliver a series of complex, interrelated projects very quickly and cost-effectively. It is quite different to the operating model used in other government departments and has worked very well for us.
We have a set of very good, long-term partners who lead the delivery of various technologies under the operating model, namely:
- Forward IT (ASI) is responsible for mobile device management, O365 migration, Azure security, network and a host of smaller functions. I can’t speak highly enough of their professionalism and willingness to go well beyond my expectations.
- We have taken a leadership position in terms of government adoption of Protected Cloud and O365 services, and the support we receive from Microsoft is exceptional.
- Dialog is managing the implementation of Dynamics365, which digitises our CRM and business processes, and they have delivered a world-class service.
We also have formal MoUs and working partnerships with a range of government agencies and commercial vendors, including:
- VA & Jade — Intelligence systems
- Service Australia — Gateway and border security services
- Health — Financial and HR shared services
- AIHW — Mentoring data custodian staff
- ACSC — IT security
- AGD — Physical security
And some global and national sports partnerships:
- We are working with the Institute of National Anti-Doping Organisations (iNADO)/WADA on establishing a global security and privacy compliance program for all anti-doping agencies.
- It took a bit of a break due to COVID, but we plan on re-establishing a National Sporting Organisation security and privacy program, similar to the iNADO program, to help uplift the security and privacy controls of sports nationally.
- We are actively engaging with every national sporting body in Australia on integrity education and compliance. Ultimately it is better to work together and prevent the problem in the first place.
We partner extensively for services for which we do not have the volume or staffing or support, or which are not critical to our core business. The services offered by Health, Service Australia, ACSC etc are exceptional and we are constantly looking at how we can improve the relationships and integrations further.
Do issues such as doping and match fixing present any special challenges?
Absolutely. There are two key challenges in this space:
- The security and privacy of the athlete health information we hold. This is an area we have invested heavily in and is something that is discussed each Monday morning with the CEO and senior executive; it is taken extremely seriously right across the organisation. We are now looking to work globally and nationally to lift the security and privacy capabilities in the smaller national sporting organisations and globally with anti-doping organisations globally via iNADO/WADA.
- The legal rigour around the testing process and any ensuing arbitration processes. We need to ensure all processes are consistent, timely and fair. Our largest ICT investment in the past two years has been in this area, aiming to digitise every aspect of the anti-doping process. Of the 5500 tests we do each year, any of them could wind up in the Court of Arbitration for Sport, so process, rigour and fairness are paramount.
Do your operations require any special IT structures or practices?
Our technology platforms are based on the tools that can be used across government, but have been configured to meet the business needs of Sport Integrity Australia. This ranges from the digitisation of the anti-doping program through to the use of virtual and augmented reality for athlete education.
The strength of the Office and Dynamics platforms is that we have zero customisation in our environment, making upgrades etc automatic; but the environment has been configured to suit our business process.
Keep an eye out for our education presenters, most of whom are current professional athletes, all equipped with iPads and web-based education tools like our VR and AR applications!
Is data sovereignty a big issue?
We do have mandatory reporting requirements with WADA for some athlete information as part of our obligations under the world anti-doping code. We work closely with WADA security staff to ensure their system security is at a level where we are confident in their capacity to protect the athlete information that we have been entrusted with.
A great global initiative is that WADA and iNADO (plus the 10 largest anti-doping organisations globally, including us) are working together to lift the anti-doping community’s cyber resilience.
That said, all our data outside of the mandatory reporting to WADA is held in Australian-owned data centres, in Australia (Canberra Data Centres and Azure Central)… and anyone who has visited knows how good the security is in CDC!
What is your background in ICT and government?
I started my career in Defence intelligence before moving into the security sector with a company called SecureNet (now Verizon after many mergers), where I managed the security and compliance operations in the Asia–Pacific.
Since then I’ve held a range of CTO/CIO roles in the government and commercial sectors, the most notable being CTO for nine hospitals in the northern region of New Zealand and at Sport Integrity Australia. Although the scale is vastly different, the journey I took both organisations on to the cloud and modern technology is remarkably similar. It has been amazing to see the difference staff mobility and modern tools have made to the work practices in these organisations.
Where do you see ICT going next?
I started my career in ICT in the days of 286 computers and dial-up modems… so there has been a bit of change. The capacity for genuine transformation that is given by technologies such a cloud (SaaS), modern security practices, blockchain and artificial intelligence is greater than the realisation of computers in general.
I think over the next decade we will see a seismic change in the way government and business operate; some very visible, but a lot of the change will be using technology like blockchain to streamline and automate workflows and simplify the way we work and allow staff to focus on the important and complex work and not simple process management.
Another big area of change we are already seeing realised is around integration. A seemingly never-ending problems in business are siloes of workflow and information. There is a lot of great work occurring in Microsoft and others to both simplify the integration progress and empower staff to tune the IT environment to suit themselves through codeless application development and automated workflows.
One of the most exciting aspects to ICT service delivery I see occurring is a shift from traditional ICT maintenance to being business-focused and working in partnership with business stakeholders to configure the environment. At Sport Integrity Australia we have business staff now doing their own dashboard reporting, integrated application development and have just starting looking at artificial intelligence to automate routine tasks… all without any technical IT skills. Exciting times!
What can we expect to learn at the Tech in Gov conference?
We present regularly at Technology in Government. Last year we talked about organisational courage to make change and overcoming some the common inhibitors to large-scale organisation improvement.
This year we have two presentations scheduled:
- Using Artificial Intelligence to Transform Business. The benefits that blockchain and AI offer are well known; what is harder is realising the value. This talk will be on challenging traditional thinking to transform work.
- David v Goliath, a story of government collaboration to defeat a state-sponsored cyber campaign (presented between Sport Integrity Australia and Service Australia). We have been the subject of state-level cyber attacks since November 2019, and the response between SA, ACSC and Sport Integrity Australia is a great example of how the use of strategic partners (but retaining the MSI role) can result in a cost-effective capability that far exceeds the cost of delivery.
Any final points?
The journey ASADA/Sport Integrity Australia has been on for the past two years has effectively been a comprehensive transformation of business capabilities; but this is not the end. We have built a capability that allows the business to challenge and optimise itself, and for IT to respond rapidly to changes as required. It has been a tough journey but one that any organisation can take, and it has been successful because of our partnerships across the commercial and government sectors.
This year’s Technology in Government conference will be a virtual event, held over two days on 3 and 4 November. You can find full details at https://www.terrapinn.com/conference/technology-in-government/index.stm.
This article was first published on 21 August 2020
Blockchain Australia has called for the development of forward-thinking, agile regulatory and...
OpenCities Founder and GM of Global Platform Strategies for Granicus Alex Gelbak* reflects on...
Australian Government organisations have been forced to deliver more remotely, using fewer...