5th January 2017

How the GDS Technology Code of Practice will further shape digital transformation

The Government Digital Service (GDS) has just published a new version of its Technology Code of Practice. The result of a two-month consultation with government departments and the tech industry, it promises to be the benchmark for how government technology services and designed and developed. With a remit to provide guidance around areas such as accessibility, commercial engagement and technology re-use, it will have considerable impact on the next evolution of government digital transformation and Government-as-a-Platform.

The previous GDS Technology Code of Practice was introduced by GDS in 2013 as a means to help drive reform of government technology. The Code set the standard for how government should design, build and buy technology. Any organisation looking for Cabinet Office approval to spend on technology must adhere to the standards.

Was the code losing relevance?
The latest revision was made to address concerns that the Code was losing relevance as technology evolved and digital transformation of government services has progressed. The new Code seeks to:

  • Encourage a more mature approach to sourcing IT in government by moving away from large contracts to a preferred multi-supplier contracting model
  • Continue to promote competition and diversity of suppliers by improving buying practices and making government a more attractive and willing customer of innovative, new technologies
  • Help people make better decisions on when to design and build solutions and when to use commercial off-the-shelf products or commodities
  • Promote a more adaptive approach to technology, based on good practice principles as well as in the context in which technology will be planned, bought and used

The Code aims to help organisations improve existing or introduce new technology that meets real user needs, can be shared across government, is easily scaled and maintained, and is not dependent on a single supplier.

A new slimmed-down code
The new Code consists of 14 mandatory points, a reduction from the 21 elements of the previous version. As with its predecessor, it focusses on reducing the cost of implementing or amending services. Some of the key areas addressed include:

Make things open: all data should be open by default where this doesn’t pose a security risk, and equal consideration should be given to open source options versus commercial off-the-shelf solutions – taking into account the total cost of ownership of the service

  • Make things secure: keep user and government data, and systems safe by following appropriate policies and frameworks (including Security policy framework, Security Classification Policy, CESG’s information risk management guidance), designing according to government best practice guidelines, and following CESG’s Cloud Security Principles
  • Adopt cloud first: if anything other than public cloud is to be used it must be justified and there must be flexibility to change if necessary
  • Make things accessible: systems and services must be compliant with EN 301 549 [European Standard for the functional accessibility requirements of ICT products and services] and follow government accessibility guidance, and involve users with a range of impairments in testing
  • Share and reuse: making services, data and components available to others, and also use common government solutions such as GOV.UK Verify, Pay, and Notify where appropriate
  • Enter into sensible contracts: broken down into contracts ‘must’ or ‘should’:
  • Must: be capped at £100m in value unless for exceptional reasons, be explicit about data and IP ownership
  • Should: include a break cause at a maximum of 2 years, encourage competition by using smaller contracts where they improve value, address the need for continuous improvement to maintain market competitiveness and remain flexible

Even more SME-friendly?
The changes to the Code have realigned it with modern thinking around technology. It demonstrates a continued desire to reduce the overall cost of government solutions. This has been backed up by the mandate to break down monolithic contracts into smaller, more achievable contracts and a diversified supplier base. This, combined with the drive to use cloud computing, should encourage healthy competition between suppliers and open up more opportunities for SMEs to compete with the ‘big boys’.

Continued focus on user needs and accessibility
The inclusion of an accessibility-specific point hints to a wider government drive to highlight the importance of accessibility in the services it provides. It is something evidenced by some of the recent ‘Accessibility and me’ posts on the GDS blog. Involving users with a range of impairments when testing services and systems shows a good commitment to getting clear user feedback from all user types during delivery. This will help to design an end product or service which closely meets user needs, reducing the potential for costly redesigns further down the line. However, given Emily Ball’s recent comments on the challenge of recruiting users with exacting requirements it remains to be seen how easy it will be to put this point into practice.

Share and re-use technology
Providing a level playing field for open source technology is a continued theme from the original Code, as is employing open standards to ensure systems are interoperable. This ties in quite well with the requirement to share and reuse components and services, including relatively nascent GOV.UK solutions such as Notify and Pay. This should help to drive further improvement in these services over time as they are included on more platforms and more user feedback becomes available.

But improve how security is addressed
The ‘everything open’ policy also applies to data held within systems to improve accountability and transparency, however it has been quickly followed with a note of caution in the next point. Security is an obvious concern when handling personal or sensitive data, and the requirement to follow government and CESG guidance sends a strong message on the level of care required when building services to handle these kinds of data.

Ultimately the Technology Code of Practice has been designed to ensure that government departments consider every aspect of their solution both during the planning stage and throughout the implementation. The points outlined in the Code will help to ensure that the end result is a user-friendly and cost-effective service which can be reused as part of future solutions. Although conceived for government, it offers an excellent set of best practice guidelines for anyone considering adopting new technology.