Case Study 17 | Company E, an SIer for Business Applications for Local Governments and Public Institutions
Supporting the security of local-government DX with agents.
Autonomous AI operations save public IT sites facing labor shortages
Industry
Contract development and maintenance of business applications for local governments and public institutions
Implementation target
Security operations department for public-sector application suites
Implementation period
2-month PoC → 7-month phased rollout
Company E is an SIer that provides business application suites directly connected to residents’ lives, including resident information, tax, welfare, and disaster-prevention systems, for local governments and public institutions. Compliance with multiple regulatory requirements, such as the Personal Information Protection Act, local-government security guidelines, and My Number-related regulations, is mandatory, and the quality requirements for vulnerability response are extremely high. At the same time, the public-sector SI business has strict constraints on unit prices and margins, creating a management structure where increased manual response workload cannot simply be added to operating costs. This case shows how CLAVI Mining’s agent technology was applied to structurally reduce operating costs while maintaining the quality of regulatory response.
Challenges Before Implementation
Company E’s challenge was the impossibility of balancing the economics of its public-sector SI business with the quality required for regulatory compliance. Projects for local governments face strict unit-price constraints, and the company could not pass the growing workload for security response on to project pricing. As a result, maintenance engineers’ workloads continued to rise, and turnover above the industry average had become the norm.
Local governments also had their own security policies and operational requirements, and individually managing 180 systems pushed the information systems department to its limits. The inefficiency of “creating 180 different response documents for the same vulnerability” had become a constant issue.
Management shared the view that “the continuity of the public-sector SI business cannot be achieved without operational automation,” and investment in autonomous AI-agent operations was positioned as a core part of the business continuity strategy.
Selection Reasons
Company E selected CLAVI Mining’s agent technology because it supported the following three points for balancing regulatory compliance and operating cost.
First, the flexibility to train agents on the different security policies of each local government and automatically generate response documents for each of the 180 systems. This design addressed the structural problem where “individual handling for each municipality” inflated operating costs.
Second, transparency logs and audit APIs. The ability to cover evidence management required for municipal audits, resident audits, and various regulatory responses as standard functionality was decisive because it could be achieved without adding workload to the operations team.
Third, patented hallucination-suppression technology. Because incorrect handling in systems that process resident information can directly lead to serious personal-information incidents, preventing erroneous responses was an absolute requirement for business continuity.
Effects After Implementation
[Vulnerability response workload] The average workload for municipality-specific handling per case decreased from 180 hours to 14 hours, a 92% reduction. Maintenance engineers’ workloads were significantly reduced, and turnover began to improve.
[Quality of regulatory response] Evaluations in municipal and resident audits improved significantly, and findings decreased by 75% year over year. Automated generation of compliance documents standardized document quality while improving accuracy.
[Business continuity] Operating costs for the public-sector SI business were structurally reduced, greatly improving competitiveness when winning new projects. Business performance improved to the point where medium-term management plan targets could be revised upward.
[Talent strategy] Branding as “an SIer that supports public DX with AI” had a positive impact on recruiting, and applications from young engineers doubled year over year.
CISO comment: “The public-sector SI business is an industry with high social significance but economic limits. I feel that agent operations are the only way to solve this structural problem.”
Insights from This Case
Company E’s case shows that “industries with strict unit-price constraints, such as public-sector SI, are precisely where autonomous agent operations become a prerequisite technology for business continuity.” Agent operations structurally deliver operational efficiency that cannot be achieved through manual scaling.
Balancing the quality of regulatory response with operating cost depends on three decisive factors during selection: transparency logs, hallucination suppression, and flexible response-document generation. For public-sector and regulated-industry SIers, choosing agent technology is a core business-strategy decision.
As a Model Case for Public DX
Company E’s case has become a highly valuable model case for local-government DX overall. Local governments across the country face similar security operations issues, and Company E’s initiative is attracting attention in the public IT industry as an early example of an operating model that goes beyond a labor-based premise.
Municipalities have also increasingly asked whether they can use a similar platform within their own information systems departments, and Company E is considering directly providing its agent operations platform to municipalities. A new business model is beginning to emerge in which “an SIer provides the platform to its municipal customers.”
The structural challenges of public-sector IT businesses may be solved through autonomous agent operations and industry collaboration. Company E’s case offers important insights for considering the next decade of public DX.