Setting the standards
The IT industry strives for rules without regulation The general consensus is that the IT industry is not regulated and should not be regulated, but governed by standards its customers demand. Organisations such as the World Wide Web Consortium (W3C) create guidelines and frameworks for the global ICT sector, but these benchmarks are suggestions and companies are not forced by any regulation to comply with them.
The W3C is run by Tim Berners-Lee, the inventor of the World Wide Web, who together with other influential IT professionals created the organisation to develop protocols that would ensure the long-term growth of the web. W3C says the social value of the web is that it enables human communication, commerce and opportunities to share knowledge. One of the W3C’s primary goals is to make these benefits available to all people “whatever their hardware, software, network, infrastructure, native language, culture, geographical location or physical or mental ability”.
In New Zealand, there are various organisations that are developing guidelines for the ICT industry. The newly founded NZICT Group has grant ambitions for information technology in this country. Founding CEO Brett O’Riley said the attitude towards ICT and the way in which it is perceived is changing. The NZICT Group is currently developing a code of practice for its some 60 members that have all joined since the group was founded in December last year. The organisation is also working with the Auckland ICT Cluster to create a community of interest. O’Riley said: “These standards would apply to members and participants, and will give customers confidence and provide a minimum level of service. It would be much like other industries such as the building sector. We want to supply a centralised certification.”
O’Riley added that the industry itself was “in a better position” to set standards and procurement than the government. He said the challenge for the industry, in creating a united voice, was ensuring the views of everyone were represented and then deciphering how to measure the benefits of such unit standards. “We need standards in New Zealand that work to a specific framework but are independent and maximise opportunity and are accepted by customers. As an industry we are quite immature in terms of best practice. NZICT is a fairly new organisation but there have been a series of attempts to promote cohesion in the industry. We are actively working with other industry bodies such as the Australian Information Association and Intellect Technology Association in the UK. There is a lot of goodwill there [among these bodies].” He added: “We don’t have to re-invent the wheel here. We are working closely with the NZ Computer Society on best practice. It’s about closing the skills gap and providing certified programmes and positive feedback to the industry.”
O’Riley expanded on competition in the industry by saying: “Competition is good. It gets people to focus their attention on the industry and develops important skills. It encourages verbal and written skills as well as management experience.” He said that because New Zealand was mainly made up of small businesses there were not a lot of opportunities for internships for graduates. Competitions such as the Webby Awards and Microsoft’s Image Cup help bridge the gap between university and the workplace by encouraging innovation and opportunities for young people to make their mark in the industry. O’Riley, who was a judge for the Imagine Cup, said he was very impressed with New Zealand’s young talent. “It made you proud to be a Kiwi. As an industry we need to focus on internships to retain our talent, because let’s face it, not everyone is going to stay in New Zealand.”
OBS co-founder Brian Cook told IT Brief that customers and not the industry were driving best practice. Cook added that customers such as government departments and banking institutions demanded high standards because of the sensitive information they housed and that was setting standards for the industry. “A lot of these standards are coming out of the US. They are adamant about source codes and software codes there; they lock them up with third parties [just in case]. There is a bit of paranoia in the US. They are worried about litigation. They are risk- adverse by nature, but compliance and standards seem to work around this process.”
Intergen’s Joe Newton agreed that the only factor governing standards within the ICT industry and standards within the development of software were customer expectations. “There is no specific industry standard when developing software; anyone can write a piece of software or develop a program. Compliance within this area of the sector is often determined by the client. If a website is being created for the government, then certain regulations need to be enforced to protect sensitive information from being compromised. It’s a sweeping statement, but there are no set regulations in place. Companies tend to follow industry expectations more closely in countries such as the US because of litigation. In the US they sue each other. We don’t do that here. New Zealand is unregulated.”
Newton added that the level to which New Zealand software developers were compliant was dependant on the client. “To provide a service to a government department a provider needs to be able to satisfy the requirements of that specific industry. Some people want systems that have been benchmarked; others simply require best practice.”
Companies such as Microsoft are pro-active in creating guidelines and frameworks for the industry, but generally we our governed by our clients, Newton said. Microsoft has strict internal policies on how its software is developed. They play a huge part in the industry and are encouraging people to do “things the right way”. “But you would have to work there to know whether they eat their own dog food,” Newton added.
Newton said the IT industry was changing so rapidly that even if one specific body decided to enforce or build an industry standard, by the time it was finalised it would already be outdated. “But equally, the industry cannot just let one person do what they want. Compliance is really about what is accepted rather than one regulatory body enforcing it. People within the sector need to agree on what a standard should be, aim for that and then go forward. There needs to be an agreement in the industry on what makes good software.”
“It’s not like driving a car, where there are a bunch of road rules. Clients project these industry standards. But compliant-heavy solutions are costly and some clients prefer best practice to having a service benchmarked. Not everyone is prepared to pay for such compliance. The government does it because they have to. Banks have specific requirements due to internet banking. The same can be said for governments, which need to ensure content on the site is not changed or compromised, and that personal information is not breached,” Newton said.