Technology Group

DRAFT

Technology Code of Practice

The Technology Code of Practice sets out principles of how to use technology in government. It’s designed to enable the Civil Service to become more efficient and effective by making better use of technology. This will contribute to the transformation of the relationship between the citizen and the state and the delivery of public services.

Assessment and assurance of all government digital services and technology is conducted by the Government Digital Service (GDS) Standards Assurance team against two functional standards: the Technology Code of Practice and the Service Standard. These are enforced through spend controls. There are four red lines that spend controls will not usually allow a department to cross.

This assurance ensures that spending on technology is proportionate and directed at programmes and projects that meet the commonly agreed digital and technology strategies. It’s an independent confirmation that the department has undertaken thorough consideration of the user need and value for money.

Standards and patterns will be added to this code as they become available and are approved by Technology Leaders. More substantial changes will be approved through the Technology Leaders Network.

Getting started

Departments must carefully consider the:

• user - discover the needs of those who will use the technology
• strategic context - what you want the technology to help you achieve
• organisational context - including delivery capability and readiness for change

Approach

Departments should:

• publish a technology pipeline, updated at least quarterly, showing planned digital and technology expenditure and decision points, as well as how you will iterate your plans or change course where necessary
• demonstrate a credible plan for putting in place the skills and capabilities needed to deliver their pipeline in accordance with this code
• use methodologies that are a good fit for the nature of the product(s) and service(s) being delivered - governance must enable delivery teams to rapidly respond to changing needs and context, whatever methodology is used

Designing the solution

Whatever methodology is used, departments should do ‘just enough’ upfront design for the product or service in question and build in flexibility for ongoing discovery throughout the lifetime of the project. Departments may need to develop prototypes to fully understand which approach is right for a given component.

Departments must adhere to the following principles when designing technology solutions.

1. Make things open by:

• using open standards, complying with any that are compulsory for use in government, unless you’ve been granted an exemption
• making data open by default, while minimising and securing personal data, or data restricted for national security reasons - public data should be proactively published in line with the Open Data principles: structured, machine-readable, and discoverable through data.gov.uk
• ensuring users have access to, and control over, their own personal data
• ensuring a level-playing field for open source software when you choose technology – taking account of the total lifetime cost of ownership of the solution, including exit and transition costs

2. Make things secure by:

• following the mandatory outcomes defined in the HMG Security Policy Framework and Security Classification Policy which, if applied properly, will ensure that legal obligations are met and that security is proportionate, justifiable and meets user needs

• following CESG information risk management guidance
• designing and implementing the components of any system according to government best practice, including:

• Network Principles
• Identity Federation Principles
• Digital Services
• Email Services 

• determining the security requirements of cloud services using the Cloud Security Principles

3. Choose cloud first by:

• identifying the capabilities and services that make up your technology design
• objectively evaluating potential public cloud solutions first – before you consider any other option
• demonstrating that the solution chosen represents best value for money

4. Make things accessible by:

• ensuring that you follow accessibility guidance and provide assisted digital support where your research shows that users need it
• designing services and systems for the diverse set of users who will interact with them - including people with visual, hearing, cognitive and physical disabilities and impairments - in line with EN 301 549
• allowing access to applications through a range of browsers to ensure your solution will work for any end user device

5. Share and reuse:

• services, information, data and software components available to others to avoid duplication and prevent redundant investments
• services and capabilities that already exist outside of government where they provide best value for money, eg fraud and debt management and cloud-based commodity services

6. Use common government:

• platforms such as GOV.UK, Performance Platform, and shared services where available
• components such as GOV.UK Verify, GOV.UK Pay and GOV.UK Notify where available  
• designs for common technology services

7. Meet the Digital Service Standard for digital services

8. Comply with the Greening Government ICT strategy

Buying the solution

Ensure the right commercial and contractual approach by obtaining specialist commercial advice from:

• Crown Commercial Services who provide support on framework commodity procurements
• The Cabinet Office Complex Transactions Team who help with:

• complex sourcing strategies
• planning and organising transactions such as contract exits and re-procurements
• leading and supporting negotiations with third parties

Departments must adhere to the following principles for sourcing solutions and agreeing contracts.

1. Define the sourcing strategy for your programme by:

• using value chain mapping to understand the maturity of the marketplace for your organisation’s and users’ needs
• moving from large single supplier contracts to a multi-supplier model
• ensuring your organisation has the capability and capacity to deliver, support and continuously improve the service being purchased
• breaking up services in line with industry best practices to make best use of the services available in the market
• using a sourcing model that fits your services, and works in your organisation’s specific circumstances

• using commercial off the shelf products and services where possible, and ensuring such products are not subsequently customised in a way that would hinder their future maintenance, upgrade or removal
• planning in detail to show how you’ll deliver integrated services at every stage of the transition and ongoing management of the end state, including:

• all aspects of the IT operating model
• service management and integration
• organisational capability and capacity

2. Use common government sourcing solutions, such as:

• technology or people for digital projects in the public sector through the Digital Marketplace
• technology frameworks available from Crown Commercial Service

3. Enter into sensible contracts

Contracts must:

• not be allowed over £100 million in value – unless there is an exceptional reason to do so
• be explicit about the ownership of government data including data created through the operation of the service
• be explicit about the ownership of intellectual property (software code and rules for example) involved in the delivery of a technology project

Contracts should:

• where economic, include a break clause at a maximum of 2 years which allows the department to terminate the contract should they wish to with minimal exit costs
• ensure competition from the widest possible range of suppliers using smaller contracts where they improve value  
• include usage-based billing models where appropriate and where this represents best value for money
• address the need for continuous improvement, maintaining market competitiveness and flexibility to meet changing requirements 

 Remember that:

• suppliers must not provide either systems integration, service integration or service management services at the same time as providing a component service within that system

• contracts will not be automatically extended unless there are extenuating circumstances
• contract duration should align to industry best practice for the goods or services in question