WA Communities plans child protection CRM overhaul

The Western Australia Department of Communities is under pressure to improve its 15-year-old child protection case management platform amid concerns about weaknesses in data security, system reliability and access controls.

While the department plans to replace its customer relationship management (CRM) application - called Assist - by 2028, it's been urged to upgrade its access permissions and disaster recovery plans by the end of the year.

Launched in 2010, the Assist application is used by 2500 caseworkers and care professionals to assess and monitor children at risk, which stood at over 70,000 in 2023-24.

An audit report described Assist as a “complex” and “highly customised" legacy application that fails to “support Communities to efficiently manage its interactions with children and families”.

The audit flagged several issues [pdf], including overly broad access to sensitive child records by 2500 caseworkers, many of whom had access to files unrelated to their direct responsibilities.

Disaster recovery was also flagged as a critical issue due to the unavailability of the backup site and IT infrastructure designed to restore systems following an unspecified “incident”.

In addition, it was noted that Assist’s service provider only provided “best effort” out-of-hours support but is not contractually bound to provide it.

Further concerns were also raised about Assist’s inability to obfuscate sensitive information accessible to third-party vendors in non-production environments.

The department said it accepted the nine audit recommendations to address access, recovery and duplicate information in Assist by the end of the year.

Steps to be taken include developing business continuity plans, upgrading the support partner's contract and updating access permissions on a "need-to-know" basis.

The department has also received an initial $4.5 million in funding to produce a “project definition document (PDD), which will “inform the delivery of a new, fit-for-purpose system,” a spokesperson told iTnews.

“Communities has undertaken appropriate planning to address all findings and recommendations and is actively working to resolve identified issues within the agreed timeframes through its governance group,” the spokesperson added.