[gerardnll]

Not even the government uses backups... crazy. Imagine other issues like privacy, I do not expect them to be compliant. They do not look to be that different than an average citizen at least in IT terms.

[ocdtrekkie]

The big thing is that government organizations are very complicated, and due to bidding processes, have a lot of different vendors with different solutions involved. Vendors respond to proposals with complete bespoke solutions that may or may not integrate well with existing infrastructure design, and then some of those vendors are actively resistant to changes that integrate them in.

It's really fun explaining to a vendor that 1. A system is going to be domain-joined so it can be managed and monitored. 2. The users will not have administrative rights to the machine. 3. The vendor will not have the ability to remote access the machine whenever they want. 4. Security software and policy settings will be applied to the machine. It continues to amaze me how often these four items absolutely blow the minds of the vendors I've dealt with.

[vaduz]

Infrastructure and operation of PNC has been outsourced to Logica (now CGI, since 2012). It's not operated by the government itself.

I consider it par the course, though in this case I cannot be objective as my $CurrentCorpo had to kick off CGI/Logica early by 2014 from multiple projects - for, appropriately, gross incompetence in managing their own data centre (a redundant data centre in Wales that goes down for a week due to border routers being out of commission and failover problems tends to ruffle some feathers at high levels, when you asked and paid for for 99.95%+ SLA).