This was just waiting to happen...
If you know anything about this Orable HR system then there are several things of note:
1) Operations are the same people who have been running it for the last 20 years. They may have been TUPEd to all sorts of companies, but it's the same people, or their children, or their children's children...
2) The people running the system have a single view on security processes, its manual and its been that way for 20 years, so must be good! They will not accept that process is not the same as security.
3) There is only one security classification to cover all the data. But then strictly speaking there are only 3 classifications for the whole MOD... This system is not in the top classification.
4) There is only one HR system to cover the whole of the MOD... it doesn't matter who you are, where you are, what you do or how you do it, Think about that one carefully.
So is this the crown Jewels of MOD data, hidden in plain sight and jobsworthiness or just a signpost to it?
I don't actually blame SSCL for the shitshow... They were just the last ones in the hotseat, they did try to tell the MOD... its the people rearranging the chairs that are really at fault here, because they dont understand what they have and its all they know how to do.
P.s. Read point 4 again and again until I sinks in...