Our vision: HMRC's IT Strategy


I’m Kristian Miller, HMRC’s Head of IT Strategy and I’d like to share with you our long term IT vision…

Most people know HMRC has a very complex IT landscape with around 600 different IT applications. Some of these were built when data was entered into a big mainframe computers using punched cards; and then our core tax systems were designed to manage products, not customers, so we’ve ended up with product silos. To further complicate things the 2005 merger of Inland Revenue and HM Customs & Excise resulted in duplicate systems, especially around financial accounting, and some of these duplicate systems still exist.

Today our focus has changed, and thankfully there’s not a punched card in sight!

Our challenge is to update our ageing ICT estate where data fragmentation allied to manual processing interventions sometimes struggle to support the demands of the digital age.

So we are putting the customer at the heart of the service design with a fundamental shift away from batch processing to real-time updates which better support our online digital services.  We want to use the substantial amounts of data we hold to gain more customer insight to help us maximise compliance, increase efficiency and improve the experience of our customers.

In parallel with building the new, we need to transform the existing IT estate, re-engineering what we have so that the majority of our IT applications can run on virtualized infrastructure environments with as much as possible hosted on commodity cloud services; this is a huge opportunity given the pace at which cloud hosting is developing.

We haven't forgotten our colleagues; we are introducing a better range of IT equipment providing a more engaging and social experience for them when collaborating across teams.

Our HMRC IT Strategy 2016 describes how we’ll deliver the services required to enable and support the Departmental Business Strategy for this Spending Review Period. It will be updated annually.

We’ve made great progress recently but there’s still more to do. We’ll post about our progress on this blog throughout the year, so stay tuned.




Share this page


  1. Comment by Jonathan Lloyd White posted on

    Lis, thanks for getting in touch. I'm Jonathan Lloyd White, Director of Security and Information. Your question is a really good one. Handling the personal details of every taxpayer in the country is a huge responsibility and the security of this data, especially online, is a top priority for HMRC. We have worked with our suppliers to develop world-leading security solutions and strengthened our capability to monitor our systems 24/7 and protect, detect and respond to cyber threats. Our cloud storage suppliers are UK-based and the data is held in UK datacentres. Our plans are to use several cloud based suppliers to improve the resilience of our services.

    We know that the methods that fraudsters use to get information are constantly changing so people need to be alert. We regularly update our advice on how recognise when a contact from HMRC is genuine, and how to recognise phishing/bogus emails. You can find that on GOV.UK using this link:

    When using our online services I would urge all our customers to be vigilant, and remember that HMRC will never send an email to ask for your personal information or password, or include a link or attachment. We want to help you stay safe online.

  2. Comment by Becci Helm - Communications Team posted on

    Hi Jack

    The team have already created a digital version of the SA700 and although we can't give you an exact date, it will be available as soon as testing is completed.

    In answer to your second question, we do try to answer as many comments as we can. Some we can't publish because they're too personal. Others take longer to answer as they don't relate to the blog they're posted against so we have to find the right expert within HMRC to provide the answer. Wherever we can, we will respond.


  3. Comment by Lis Daly posted on

    Hi Kristian, with cyber attacks on the rise and thinking about the 'substantial amounts' of sensitive personal data that HMRC hold already (which will increase massively under these proposals), I am worried about the concept of HMRC joining up the systems and placing that data in the cloud. Presumably there can be no guarantee that personal data will be safe and there is no option for taxpayers other to provide access to the data. What security measures are HMRC putting in place to protect personal data and how can I be assured that these measures are more effective than those used by all the large corporates that have been hacked recently? Is it not reckless to hold all data on essentially every UK citizen within a single cloud-based system? I am actually pro-digital in theory, but am hugely concerned about cyber security at present. Lis

  4. Comment by Jack posted on

    Is there a timescale on when you will be able to file the SA700 online.

    Also with regards to the gov website when people comment, is there a way to allo wus to view all our comments, so logging into a profile, as a number of questions asked to not even appear under the articles, and so many have not been answered.