The Technology Code of Practice sets the standard on the best way for government organisations to design, build and buy technology. If you’re designing, building or buying technology for a government organisation, you must follow these guidelines.
The purpose of the Technology Code of Practice
Following the Technology Code of Practice will help you introduce or improve technology that:
- meets user needs based on research with your users
- you can share across government
- you can easily maintain and scale for future use
- isn’t dependent on a single third party supplier
Using the Technology Code of Practice
You must follow the Technology of Code of Practice throughout your programme. To use these guidelines most effectively, you should apply them to the individual services or components in your proposed technology as well as the service as a whole.
As an organisation, you should:
- have a plan for digital and technology spending
- know how to find the skills for proposed digital and technology work
- be able to adapt programmes as circumstances and understanding change
Plan for digital and technology spending
Your organisation should write a plan that covers all of your proposed digital and technology spending, programme by programme. The plan should also outline how you will make major decisions about each digital or technology programme and must explain how your organisation will be able to adapt the plan if required.
Skills for proposed digital and technology work
Your organisation should demonstrate how you’ll make sure you have the skills and capabilities needed for each proposed programme in your plan. You can include your ability to hire staff, contractors or outsource programmes when considering the skills available.
Adapt programmes if required
You may find that user needs, government policies and your organisation’s requirements change during a programme. You must use a flexible approach that allows you to respond to changing requirements you can’t control.
You should aim to keep the design of the technology as flexible as possible. Rather than trying to design everything at the start of a programme, start small and build on your design as you progress to make sure the final product or service is fit for purpose. You may need to develop prototypes to try out different ideas and approaches.
The Technology Code of Practice
The following points are mandatory. You must follow these standards to get approval to spend.
1. Define user needs, aims and capabilities
Keep your programme focused and productive by:
- meeting user needs (the things that the people who will use the technology need)
- agreeing internally what you want the technology to help you achieve
- identifying any risks to introducing or changing the technology
- making sure your organisation has the necessary skills to deliver, use and manage the technology
2. Make things interoperable
Help promote the exchange of systems and information and build flexibility into your technology by:
- using open standards, complying with any that are compulsory for use in government, unless you’ve been granted an exemption
- being clear what data your systems will hold, and what identifiers are in place to ensure it can be connected together appropriately
- avoiding the duplication of data, and be very clear what the canonical source of any data is
- considering the use of RESTful APIs for integration
3. Make things open
Improve transparency and accountability by:
- making data open by default, while minimising and securing personal data, or data restricted for national security reasons – follow Open Data principles when publishing public data
- making sure, by default, that users of transactional services have access to and control over data held about them – the service should clearly communicate how data will be used
- giving equal consideration to free or open source software when you choose technology – taking account of the total cost of ownership of the service, including exit and transition costs
- making all new source code open by default
4. Make things secure
Keep user and government data, including personal data, and systems safe by:
- following the principles set out in the Security policy framework and Security Classification Policy
- following the National Technical Authority for Information Security (known as CESG)’s information risk management guidance
- designing and implementing the components of any system according to government best practice, including network principles, security design principles for digital services and the secure email blueprint
- determining the security requirements of cloud services using the Cloud Security Principles and accompanying guidance
5. Adopt cloud first
Follow the cloud first policy by:
- evaluating potential public cloud services before you consider alternatives such as Crown Hosting
- demonstrating that the chosen service represents best value for money if you select any alternative to public cloud – you must allow for flexibility to change the system and reduce costs over time
6. Make things accessible
Make sure your services and systems can be used by the diverse set of users who’ll interact with them by:
- making services and systems compliant with EN 301 549 and following accessibility guidance
- involving users with a range of impairments in user testing as you develop your services and systems
- providing assisted digital support for any services you build when your research shows that users need it
- enabling access to services through a range of web browsers to support people using assistive technology and a range of end user devices
7. Share and reuse
Help promote good practice and avoid duplicate efforts by sharing and reusing:
- services, information, data and software components available to others to avoid duplication and prevent redundant investments
- documentation from discovery and pilot projects such as value chain maps, businesses cases and job descriptions to avoid duplicating effort
- services and capabilities that already exist outside of government where they provide best value for money – use commodity services such as cloud hosting where available
8. Use common government solutions
Make use of technology and resources available to all government organisations including:
- GOV.UK for web publishing (as long as the content is in proposition)
- performance platform for service data, GOV.UK Platform as a Service for hosting, GOV.UK Pay for payments, and GOV.UK Notify for user notifications where appropriate
- GOV.UK Verify as an option for identity assurance
- registers to access and use current and accurate data
- guidance on how to choose and implement common technology services
9. Meet the Digital Service Standard for digital services
.
10. Comply with the Greening Government ICT strategy
.
11. Define your sourcing strategy
You should consider both commercial and technology aspects in your sourcing strategy. Don’t treat them as separate from one another.
Commercial approach
Your sourcing strategy should demonstrate that you have a thorough understanding of the commercial undertakings required to deliver, use and manage your programme. This includes:
- using value chain mapping to understand the maturity of the market you want to buy from
- moving from large contracts with a single supplier to using multiple suppliers
- understanding where and how you’ve disaggregated the technology that underpins your programme
- ensuring your organisation has the skills and capability needed to deliver, support and continuously improve the product or service you will purchase
- using a sourcing model that fits your services, and works in your organisation’s specific circumstances
Technology considerations
Your sourcing strategy must consider technology approaches that will encourage the future use of your product or service, including:
- breaking up services in line with industry best practices
- avoiding large contracts with single suppliers and making best use of the services available in the market, regardless of supplier size
- using off the shelf products and services where possible – avoid customising these products in a way that stops you from maintaining, upgrading or removing them in future
12. Demonstrate an end-to-end service
You should also be able to show how you plan to manage and integrate the individual components of your service to provide an effective end-to-end service.
You should consider:
- all aspects of the IT operating model
- service management and integration
- organisational capability and capacity
13. Use common government sourcing routes
Find appropriate services and suppliers to avoid lengthy and expensive procurement processes. Use approved sourcing routes including:
- the Digital Marketplace for technology or people for digital projects
- technology frameworks available from Crown Commercial Service
14. Enter into sensible contracts
Contracts must:
- not be over £100 million in value – unless there’s an exceptional reason
- be explicit about the ownership of government data, including data created through the operation of the service
- be explicit about the ownership of intellectual property (including software code and business rules involved in the delivery of a technology service)
Contracts should:
- where economic, include a break clause at a maximum of 2 years which allows you to terminate the contract with minimal exit costs
- ensure competition from the widest possible range of suppliers using smaller contracts where they improve value
- include usage-based billing models where appropriate and where this represents best value for money
- address the need for continuous improvement, maintaining market competitiveness and flexibility to meet changing requirements
Remember that:
- suppliers must not provide either systems integration, service integration or service management services at the same time as providing a component service within that system
- you cannot automatically extend contracts unless there are extenuating circumstances
- you should align contract duration to industry best practice for the product or service in question
