Europol, the European Union’s law enforcement agency, plays a key role in supporting member states in their fight against serious international crime and terrorism. Within Europol, the ICT Business Area (ICT BA) is responsible for the development, delivery, and operation of critical ICT systems that underpin both the agency’s core operational work and its internal support functions.

A central part of this responsibility lies with the ICT Engineering Group, which develops and maintains a range of bespoke software solutions—both web-based and client-server—as well as integrating and customizing COTS solutions. These tools are essential not only for law enforcement collaboration but also for administrative efficiency within Europol.

To meet the demands of its dynamic work environment, the ICT BA regularly relies on external suppliers of consultant specialists. These contractors are sourced through framework agreements established via formal tender procedures, enabling Europol to flexibly scale its ICT workforce in line with the annual workplan and changing priorities. However, the process of requesting, selecting, and onboarding these consultants is complex and fragmented. It spans multiple groups—including ICT Contract & Financial Coordination, ICT Solution Delivery, ICT Infra & Operations, Application Delivery Services, Commercial Law, Procurement, Budget Administration, and Information Security—each of which performs distinct tasks using different applications and solutions.

Over time, the number of stakeholders, tools, and dependencies involved in this process had grown. As a result, the lack of clearly defined responsibilities, coupled with limited coordination, had led to inefficiencies and uncertainty. The process had become time-consuming, resource-intensive, and increasingly misaligned with the urgent needs of the business, ultimately hindering Europol’s ability to onboard the qualified ICT specialists it depends on.

Objectives

Public sector organisations like Europol operate under strict legal, security, and data protection frameworks. These regulatory boundaries demand a broad, cross-domain approach capable of addressing the full depth and complexity of the problem domain from multiple perspectives simultaneously; business, legal, security, finance and ICT. Understanding and navigating these layers is a prerequisite to build a fit-for-purpose problem definition that serves as a strong starting point for developing an effective solution. This meant dedicating sufficient time for studying the background and history of the process, identifying key stakeholders and in-depth interviews to explore differing perspectives, uncover pain points, and align expectations.

From this process, it became clear that the solution would need to bridge organizational silos and reconcile multiple definitions of success. Despite the inherent complexity, the project executive defined a focused set of objectives to guide the initiative:

1. Design and implement a clearly defined end-to-end business process—one that maps all involved stakeholders, systems, data artefacts, and workflows from request initiation to successful onboarding.

2. Enable seamless adoption across all involved groups by introducing clarity around ownership, roles, and responsibilities—fostering trust, alignment, and confidence in the revised process.

3. Reduce the total time required on average from start-to-end for all types of contractors irrespective of their supplier, minimizing delays that hinder operational agility.

4. Eliminate excessive back-and-forth communication by replacing fragmented updates with a unified application portal that provides real-time status tracking for all stakeholders.

5. Improve overall stakeholder engagement and accountability by ensuring their insights are reflected in the process—resulting in greater commitment and higher productivity across the board.

Solution

The solution journey began with a deliberate focus on understanding the problem from all relevant angles. Close to half of the total project time was allocated to this exploratory phase, where we engaged not only with primary stakeholders directly involved in the process, but also with secondary stakeholders who, while not owning any part of the workflow, influenced its outcomes. Through a series of interviews, process reviews, and collaborative sessions, we constructed a comprehensive "as-is" state model. This model captured the process from multiple perspectives, highlighted points of friction, and identified areas of ambiguity in roles, ownership, and accountability.

With a complete view of the current state in hand, we moved into the second phase—solution definition or the "to-be" state model. This phase shifted the dialogue from problems to possibilities. We initiated a new round of interviews, this time with a future-oriented focus: What would the ideal process look like? What features or safeguards would make stakeholders feel confident and in control? Through open discussion, idea sharing, and iterative modelling, the "to-be" state model began to gain momentum and capture stakeholder support. Eventually the target model evolved through several rounds of stakeholder feedback and validation, steadily gaining clarity, precision, and cross-functional alignment.

In the final phase, we turned our attention to refinement and consolidation. With the revised business process broadly accepted, the focus shifted to strengthening it further through automation, reducing manual effort, and improving traceability across the lifecycle of each contractor type. Here, tools were introduced not as a starting point, but as a final enabler—selected and configured specifically to empower stakeholders and reinforce the new process.

This three-phased approach ensured that the solution was stakeholder-driven from beginning to end. We prioritized the people behind the process first, then the process itself, and only then introduced the supporting tools needed to sustain it.