Repository for versions of GDS Standards and guidance translated and/ or internationalised
View the Project on GitHub alphagov/gdmp-translated-standards
This document is an adaptation of guidance used to procure technology in the UK.
The Technology Code of Practice is a set of criteria to help government design, build and buy technology.
You should use the Technology Code of Practice for all of your technology projects or programmes. Consider each point and align your project or programme to them. You’ll get the most benefit by aligning your organisation’s technology and business strategies to the Technology Code of Practice.
Following the Technology Code of Practice will help you introduce or update technology so that it:
meets user needs, based on research with your users
is easier to share across government
is easy to maintain
scales for future use
is less dependent on single third-party suppliers
provides better value for money
The Technology Code of Practice contains guidance and case studies to help you migrate from legacy infrastructure and manage the full lifecycle of your technology.
The Technology Code of Practice can be used as part of a government spend control process.
Understand your users and their needs. Develop knowledge of your users and what that means for your technology project or programme.
To meet point 1 of the Technology Code of Practice you must show you understand your users and their needs.
You may have to explain how you’re doing this as part of a spend control process.
How user research will help your programme
Doing user research will help your technology project or programme by identifying:
any risks to introducing or changing the technology
the skills needed to deliver, use and manage the technology
the technologies that service support teams will need for their end users
the commercial and operational needs, for example, the need to decommission an obsolete mainframe in order to create a more resilient data and service tier
User research can also:
make sure that services such as online office suites, network shares, project management software and HR suites really do meet your users’ needs
support internal agreement of what you want the technology to help you achieve
Understanding user needs from the Service Standard for projects or programmes that include the creation of a service
Find out more about:
Make sure your technology, infrastructure and systems are accessible and inclusive for all users.
To meet point 2 of the Technology Code of Practice (TCoP) your plan or design must show how you’re making technology inclusive.
If you’re going through a spend control process you should explain how you’re meeting point 2 or any limitations you’ve encountered.
Your technology project or programme will benefit from:
making your technology work for as many users as possible
all staff members having easy access to the information and infrastructure they need to do their work, for example, your organisation’s network, authoring tools, project management software and HR suites
assurance that there is no barrier to employing people with specific access needs
avoiding possible legal challenges
When building IT infrastructure and systems make sure you consider accessibility from the start of your project or programme. Do research with users who have a range of abilities and decide on your accessibility requirements. Doing this means you can make sure that:
government workers are not restricted
it is easier to build accessible services for citizens
For example, you should consider:
the accessible space in your office environment or server rooms
which hardware you choose, how compatible it is with assistive technologies and what accessible functionality comes as standard
which software you choose, such as the authoring tools and software that operates as a user interface or as assistive technology
If you’re also building or buying technology to provide a service over the web, read the guidance on making your service accessible.
When you’re buying a technology product you buy something that’s as accessible as possible.
If you’re supplying a technology product to the public sector, you might need to make a statement about how that product meets accessibility standards.
Web Content Accessibility Guidelines (WCAG 2.1) is an international standard that covers websites and digital services. To make your service accessible should aim to meet level AA of the WCAG 2.1 as a minimum.
Part of making your service accessible is ensuring you procure web technologies and other types of technology, including hardware and non-web software in the right way. The UK follows standards based on WCAG 2.1 to achieve this, an example of which is the EU standards EN 301 549.
Some best practice about supplying accessible technology include:
answer questions buyers may ask about accessibility so it’s easy for potential buyers to tell whether your product meets their accessibility requirements
provide some more detail on how your product meets any relevant accessibility standard in the service definition document
When you’re providing more details consider:
what evidence you have that your product meets the relevant standard
whether your product was tested with assistive technology - and if so, which ones
how you’ll make sure that future updates to the product won’t have a negative impact on accessibility
You should be accurate about how far your product meets accessibility standards
Read the guidance on understanding WCAG 2.1.
You might want to consider paying to get your product audited against WCAG 2.1 by an accessibility expert.
Related guides
Publish your code and use open source software to improve transparency, flexibility and accountability.
To meet point 3 of the Technology Code of Practice your plan or design must show you’ve considered using open source and publishing your code openly.
If you’re going through a spend control process you should explain how you’re meeting point 3 or any limitations you’ve encountered.
Open source is a way of developing and distributing software. The code is often written collaboratively, and it can be downloaded, used and changed by anyone.
Open standards are common rules that allow any user to create compatible and consistent products, processes and services. They are designed collaboratively, are publicly available, and free or low cost.
Your technology project or programme could benefit from:
solving common problems with readily available open source technology
saving time and resources for customised solutions to solve rare or unique problems
lower implementation and running costs
allowing open source and closed source (proprietary) software to work together
Be aware that open source software is not completely free, so take into account the total cost of migrating, including exit and transition costs.
Publishing your code and data from the beginning of your technology project or programme will encourage:
clearer documentation, making it easier for your team to maintain the code, track changes to it and for other people to use it
cleaner and well-structured code that is easier to maintain
clarity around data that needs to remain protected and how that’s achieved
suggestions about how the code can be improved or where security can be improved
If your technology project or programme includes code in its development, refer to the Service Manual section on making source code open and reusable. There are times when it’s acceptable for code to be closed source. For example, keys and credentials, algorithms used to detect fraud and unreleased policy.
Give equal consideration to open source software when you choose technology.
The following questions are some of the points to consider when choosing technology and your preferred open source solution. These questions can also help if you are evaluating whether you want a proprietary or open source solution.
Will the staff need training or will expert users need to be employed to manage the solution?
If the solution is open source, how widely is the code already adopted? How mature is it?
Does the solution offer the level of support needed?
How reliable is the solution? This is hard to measure, but one way is to assess it by looking at its maturity.
How well will the solution scale to meet your needs?
Does the solution’s security meet your needs and does it have regular security patches?
Will the solution work with your other technology?
Is the solution’s licence acceptable to your organisation’s business requirements? Are there any restrictions or gaps that would cause issues? Are there any restrictions or gaps that would cause issues?
Build technology that uses open standards to ensure your technology works and communicates with other technology, and can easily be upgraded and expanded.
To meet point 4 of the Technology Code of Practice your plan or design must show you’ve considered using open standards and data.
If you’re going through a spend control process you should explain how you’re meeting point 4 or any limitations you’ve encountered.
Open source is a way of developing and distributing software. The code is often written collaboratively, and it can be downloaded, used and changed by anyone.
Open standards are common rules that allow any user to create compatible and consistent products, processes and services. They are designed collaboratively, are publicly available, and free or low cost
You can use open standards for individual parts of your project or programme. Using open standards increases interoperability and means you:
save time and money by reusing things that are already available
increase compatibility with a range of stakeholders
avoid vendor lock-in
You can make your technology project or programme more flexible and interoperable by:
using open standards
using the recommended open standards that meet your requirements
being clear what data your systems will hold, and which identifiers are in place to make sure the data can be used effectively
avoiding the duplication of data, and being very clear about their approved source
using RESTful APIs for integration where possible and the API technical and data standards
When you’re buying a technology product make sure you to request that open standards be used by the supplier comply with the definition of an open standard as described in the ‘Open Standards principles’.
Suppliers should be aware of the open standards that should be used in government. Wherever possible, suppliers should make these open standards part of their product offering, or offer products that are compatible with these open standards.
Consider using public cloud solutions first before considering other options .
To meet point 5 of the Technology Code of Practice your plan or design must show you have considered using the public cloud. The UK uses a cloud first policy to inform this approach
If you’re going through a spend control process you should explain how you’re meeting point 5 or any limitations you’ve encountered.
Cloud computing is a way of storing and retrieving data and software over the internet. The 3 main service areas are:
software-as-a-service (SaaS), which is the use of applications over the internet
platform-as-a-service (PaaS), which provides the platform for developing, testing and deploying your applications over the internet
infrastructure-as-a-service (IaaS), which provides the physical technology infrastructure/network virtually over the internet without the need for you to buy your own hardware
You can use cloud computing to treat compute, network, storage and power as utilities. This approach is beneficial because:
you can avoid upfront investments in your infrastructure, reducing overall costs
here’s greater flexibility to trial new services or make changes, with minimal cost
pricing models are scaleable - instead of building for the maximum usage you buy for less usage and increase or decrease as appropriate
it will be easier to make government greener- cloud facilities typically try to use server space and power in the most efficient way possible
upgrades and security patches can be applied continuously
the supplier will have responsibility for making sure your service has good availability for users
For greater detail on the benefits of using cloud, you can read the blog posts on Why we use the cloud: security and efficiency and Why we use the cloud: supporting services
In some cases you may wish to use an alternative to the cloud. You should only do so if you can demonste your chosen service represents the best value for money if selecting an alternative to public cloud. You should’nt also show you’ve allowed for flexibility by being able to change the system and reduce costs over time.
Read how the Department for Transport is using cloud technology.
The main guidance for securing your network, services and data in the cloud is:
Asset protection and resilience
Keep systems and data safe with the appropriate level of security.
To meet point 6 of the Technology Code of Practice your plan or design must show how you are securing data and systems.
If you’re going through a spend control process you should explain how you’re meeting point 6 or any limitations you’ve encountered.
By securing your technology you will:
reduce the risk and impact of security threats
improve risk mitigation
improve your network’s mean time to recovery
You must consider security from the start of your technology programme, and for your service as a whole. Before you start, consider the following questions:
What security risks does your programme have?
Will your programme use or collect sensitive data? 3. How will your programme’s security interact with other systems?
How will your programme’s security integrate with your organisation’s departmental security and processes?
How will your programme’s security meet cyber security standards. For example, the UK uses theMinimum Cyber Security standard
Do you have access to the security expertise and skills you need?
How will you source the security expertise and skills you need?
What changes to your organisation’s security documentation and processes will your programme need?
How will you provide appropriate security assurance, both throughout the duration of the programme and for its product or service?
Each organisation’s security resources will depend on their budget, risk appetite and what information and services they’re handling. Discuss your programme’s security requirements with the team or individual responsible for security in your organisation. As part of this you should:
conduct a risk assessment for your programme
identify and comply with any relevant security regulations and frameworks. Examples of the ones used in the UK can be found here:technology security guidance list
agree how your programme will work with the security and assurance policies used within your organisation
assign roles and responsibilities for security within the programme
consider if you have access to the relevant security expertise, or if you need to bring in additional skills
Once you have identified your programme security risks, you should integrate these into your programme plan, and include:
how your programme will track, mitigate, or accept security risks
expected timetables for mitigating each risk
clear and well documented security processes
plans for training and controlling the access of your users
Choose proportionate security to control and monitor your technology programme. Security should protect your information technology and digital services, and enable users to access the data they need for their work.
You should consider the security of any tools you might use to implement and maintain your technology programme.
As you implement your technology programme you should continually review your security, and make sure that you’re mitigating or accepting the security risks that you’ve identified.
Network and infrastructure security Malicious access is always a risk. Plan how to:
identify
protect
detect
respond
quickly recover
Make sure you have processes and controls in place to collect, record, protect, and analyse information about any attacks and use this data to improve defences. It would be helpful for you to:
design and implement the components of any system according to government best practice - examples of this in the UK are including network principles and the security design principles for digital services
increase email security by using best practice guidance - in the UK this includes guidance on securing government email and how to set up government email services securely
When platforms have internet access and hold real data, threat actors or attackers may try to steal or alter the data. Also, there is a greater risk of an accidental real data leak. Some guides used in the UK which can help with this include:
the National Cyber Security Centre’s (NCSC) information risk management guidance
the Service Manual guidance on securing information for government services
You should integrate security controls and monitoring with the data and network flows using proportionate risk analysis.
You can find information on securing your services in point 9 of the Service Standard - Create a secure service which protects users’ privacy
Ensuring cloud security is critical. In the UK helpful guidance on this includes thee Cloud Security Principles, the Cloud security guidance and the Risk management guidance NCSC.
Whether you’re procuring software as a service (SaaS) or developing your own solution for a platform of tools and services, you should consider puting in place mitigations such as:
data encryption
single sign-on
two-factor authentication (2FA)
fine-grained access control
usage monitoring and alerts
timely patching
You will find it helpful to set up assurance mechanisms to monitor your programme security, identify potential risks, and provide confidence to senior leaders and stakeholders about the effectiveness of your security controls.
Continually evaluate your security controls to make sure they:
provide users with appropriate levels of access
effectively monitor for security risks
provide sufficient data for risk analysis
identify and record all activities and can find anomalies
enable you to make informed decisions about actions to mitigate discovered risks
You should provide ongoing assurance of your programme’s security and consider how it integrates with the rest of your organisation’s security. You should discuss this with the team or individual responsible for security in your organisation.
You should consider:
who will be responsible for the overall security of the programme
how will the programme’s security be continually assured, monitored, and assessed
what types of security software testing would be appropriate for your programme
who will assure, monitor, and assess the programme’s security
who will implement security updates to ensure the ongoing security of the programme
who will be responsible for responding to security incidents affecting the programme
Continuous improvement planning is helpful for your business-as-usual processes This will give you regular opportunities to review and improve your security as needed. The review process will also make sure that your security still meets user needs and evolving technology. The UK applies guidance for continuous improvement planning, which you may find helpful.
Make sure users rights are protected by integrating privacy as an essential part of your system.
To meet point 7 of the Technology Code of Practice your plan or design must show how you are using privacy by design.
You may have to explain how you’re doing this as part of a spend control process.
Valuing the privacy of users, and being clear with them how their data is used is critical for:
making sure users trust interacting with government online
increasing the quality of data collection
To ensure trust, you should ideally tell users exactly how their data is going to be used when you collect it from them, and dispose of the data you collect once you no longer have a legitimate use for it. You should always take steps to ensure the data you collect is secure. Following this practice of privacy by design when building your service will also likely help you comply with relevant data privacy laws.
Maintaining the privacy of citizens’ personal data includes security. Privacy also includes how citizens:
consent to the use of their personal data
have the right to have personal data erased
have the right to restrict the processing of personal data
have the right to data portability so they can access and move their personal data
Your technology project or programme will benefit from:
being proactive about privacy and reducing the risks of data theft
identifying potential privacy issues earlier when they are easier and cheaper to solve
better awareness of privacy issues across the organisation
The following questions are useful when considering data and privacy:
individuals?
Programme?
not previously had routine access to the information?
or in a way it is not currently used?
Does the project or programme involve you using new technology that might be perceived as being privacy intrusive? For example, the use of biometrics or facial recognition.
Will the project or programme result in you making decisions or taking action against individuals in ways that can have a significant impact on them?
Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records or other information that people would consider to be private.
Will the project or programme require you to contact individuals in ways that they may find intrusive?
Avoid duplicating effort and unnecessary costs by collaborating across government and sharing and reusing technology, data, and services.
To meet Point 8 of the Technology Code of Practice you should consider whether your project or programme can share and reuse technology.
If you’re going through a spend control process you should explain how you’re meeting point 8 or any limitations you’ve encountered.
Before you start your technology project or programme, consider whether sharing your work could benefit other teams in your organisation, or other government organisations. By sharing your work you can benefit from:
easier collaboration with other organisations
a larger pool of experts who can help you find solutions to any issues more quickly
more integration between government technologies
By reusing existing technology you can benefit from:
avoiding duplication and unnecessary spending
speeding up initial project or programme phases
better value for money
It’s easier and cheaper to plan how you will share your technology solution from the start of your project or programme. Clear documentation will help your project or programme, and make it easier for you to share your work.
Government APIs The API technical and data standards and API design guidance can help your organisation provide data for government services in a consistent and shareable way. You can also use or contribute to the government’s API catalogue.
You should consider publishing your code in the open and use open source technology. Some examples of open government code from the UK include:
the Ministry of Justice’s GitHub page
the Home Office Design System repository which includes forms for reuse
the Government Digital Service’s source code
the GitHub account of the Department for Environment Food & Rural Affairs
GCHQ’s account that includes tools for data storage, processing and analysis
Your technology should work with existing technologies, processes and infrastructure in your organisation, and adapt to future demands.
To meet point 9 of the Technology Code of Practice your plans must show how your technology project or programme integrates into your organisation.
If you’re going through a spend control process you should explain how you’re doing this.
Good integration means making sure your new technology works with legacy solutions without limiting your ability to adapt to future demands or upgrade systems.
Your programme will benefit from:
less risk to your infrastructure as integration planning will discover compatibility gaps in the new technology
less downtime on your regular processes when you upgrade or amend them
systems which enforce built-in redundancy of services, minimising single points of failure
lower long-term support costs
Each organisation’s technology and infrastructure will have services and issues that are unique. But there are some common elements to consider when fitting new technology into your current or legacy system, including:
the coordination between your organisation’s IT operating model, the different business areas and their processes, governance, service support and service delivery
how the new technology will work with your service management
what skills and capabilities your organisation needs to deliver, support and continuously improve the new technology you’ll purchase
Read how the Department for Transport’s Chief Architect has created a Digital Design Authority to help integrate new technology with their current technology.
To optimise systems integration consider:
adopting a continuous integration model so you can solve smaller issues iteratively
designing your system using independently developed components that can easily work together
building a system architecture early in the program to describe your current or future system and mapping hardware and software components
defining a configuration management process
doing component-level testing to make sure integration is possible
doing regular integration and stress testing in your development environment to track progress and make sure the system remains robust
If you have chosen to use a systems integrator you should make sure they meet all of your requirements.
A number of government organisations are using or investigating emerging technologies. If you’re thinking about introducing emerging technology to your infrastructure, you should make sure it meets user needs. You’ll need to investigate alternative mature technology solutions thoroughly to check if this is the case.
Your emerging technology programme will also benefit from checking:
whether other organisations across government are using or investigating the same emerging technology
whether your organisation has the skills and resources to manage the technology
what would happen if the emerging technology fails or is discontinued
any privacy implications
any security implications
You can find guidance on choosing technology for services here, including how to adopt new technology.
‘Emerging technologies’ is a broad term for a range of tools and techniques that are at different stages of development. Examples of emerging technology include:
artificial intelligence and machine learning
distributed ledger technologies (DLT)
quantum computing
But although emerging technologies are sometimes categorised together, some are more mature than others.
Several UK departments are already using artificial intelligence or machine learning in different ways. For example, GDS is using machine learning to process large amounts of data to aid human decision-making. And Oxford City Council is leading a group of local authorities in a joint discovery on how chatbots and AI might help to solve service design problems.
If you are considering using artificial intelligence, read the guidance on using artificial intelligence in the public sector.
Bodies like the Food Standards Agency and Land Registry are undertaking discoveries into DLT to understand if the technology is suitable for public sector use. DLT offers great promise, but it is unclear where the technology might offer government significant improvements over other types of infrastructure.
Some government bodies are also funding research into quantum computing. This technology is in the theoretical phase and the government is unlikely to use this technology in the short term.
Use data more effectively by improving your technology, infrastructure and processes.
To meet point 10 of the Technology Code of Practice your plans must show you’ve considered the data lifecycle.
If you’re going through a spend control process you should explain how you’re meeting point 10 or any limitations you’ve encountered.
Improve how you use and manage data to:
save time and money, by reusing open data that is already available
make sure infrastructure and services contain consistent information
give your users a more consistent experience when using government services online, which builds trust
minimise data collection and duplication
make datasets interoperable which will increase opportunities for data use
To ensure user trust you should ideally tell them exactly how their data is going to be used when you collect it from them, and dispose of the data you collect once you no longer have a legitimate use for it. You should always take steps to ensure the data you collect is secure. Following this practice of privacy by design when building your service will also likely help you comply with relevant data privacy laws.
Some guides from the UK which you may find helpful in this include
how to consider ethical issues around using data, and assessing these according to the principles of the Data Ethics Framework
how to consider the Open Data Principles
how to conduct the ICO’s Data Protection Impact Assessment
how to apply the Government Transformation Strategy and the UK Digital Strategy
Here are some best practices for collecting, storing, analysing and sharing data from other departments, other governments and other sectors.
Getting the right technology, processes and training
Make sure your data collection practices, data tools and infrastructure meet user needs, are scalable and encourage collaboration. Also consider the following questions:
Do you have the right tools to capture and store the data you need?
Are your processes for data collection ethical and transparent?
Are your processes for data collection secure?
Have you chosen the most efficient data collection processes for the data you need?
Do staff have the skills they need or do you need to arrange training?
Does the way you do data entry ensure data accuracy and trust?
Do you standardise the data after collection so it is easier to create interoperable Data?
Does the data have an assigned owner?
Do you need to anonymise your data to make it non-attributable?
Make sure you secure your data tools and infrastructure and hold it for specified purposes to comply with data laws
You should also make sure that newly collected data is easily accessible to APIs for future use. Consider the following questions:
Where is your data stored and does the location meet your organisation’s security requirements and meet guidance on your country (for reference UK Guidance: moving data outside)
Have you considered whether to use cloud technology, data centres such, or on-premise networks?
Does your technology meet the required standards and is it scalable/flexible?
Is your technology set up according to data security best practice?
Does any of your data have protected characteristics that needs encryption or more secure storage?
Are your security processes regularly reviewed and updated?
Do you use Open Standards and clear processes to make sure you can analyse, and where appropriate, share data with other departments?
Do your processes make it easy to keep data current and accurate?
Does your data have clear audit trails that clearly show how individual data records are accessed and updated?
Do you have the right amount of storage for the volume of data your organisation processes, or a way to scale your storage as data usage changes?
Make sure you’re using data efficiently and based only on user needs, for example the UK uses a Data Ethics Framework. Consider the following questions regarding data use:
Where will you publish your data?
How can you share your non-sensitive data to minimise duplicate data sets?
How can you choose data tools and infrastructure that keep pace with user needs, are scalable and encourage collaboration?
Do you use open standards and patterns to make it is easier to analyse data, and where appropriate, share it with other departments?
You can use scientific analysis and conduct A/B testing to help make data driven decisions. For example, how the Government Digital Service used data to improve content and user journeys on GOV.UK.
When you’re publishing data, make it open by default and follow the Open Data Principles. Also consider these questions:
Do you have processes and safeguards to check what data you publish and how you keep your sensitive data safe?
Do you follow a code of practice for data sharing? The UK follows the Information Commissioner’s Office Code of Practice for data sharing
Do you use the API technical and data standards and the government’s API catalogue?
You should check where your data is in its lifecycle and only keep data for as long as necessary. You should consider these questions:
Is there a process in place to decide when it is right for your organisation to retire or archive data?
Is there a process in place to decide what data you can delete and replace with new or updated data?
Is there a process in place to ensure individuals data is deleted on their request to ensure your service is delivering privacy by design data on their request?
Do you have a process for securely deleting data when it’s no longer needed?
Policies and guidance used in the UK includes:
Unlocking the power of data in the UK economy and improving public confidence in its use - part 7 of the UK Digital Strategy
Making better use of data - part of the Government Transformation Strategy 2017- 2020
summary of the Better use of data consultation by the Cabinet Office
Local Government Association - better use of data
Indication of what to include and what to leave:
Government technology standards and guidance
Data Ethics Framework
Publish and use government’s open data
Government transformation strategy - better use of data
Using registers to build a service
API documentation for registers
API technical and data standards
Local Government Association - better use of data
Open Standards for government data and technology
Open data principles
Your purchasing strategy must show you’ve considered commercial and technology aspects, and contractual limitations.
To meet point 11 of the Technology Code of Practice your plan or design must show your sourcing strategy and how your contracts meet government rules and guidelines.
You should to explain how you’re doing this as part of a spend control process.
Your technology project or programme will benefit from:
competitive and innovative commercial products and opportunities
long-term financial savings
improved supplier negotiations
a commercial approach that supports the disaggregation of contracts
managing contract exits successfully, making sure the exiting supplier passes over any relevant knowledge and capabilities
help with the transition to the cloud, commodity and common technology services
shorter, more manageable contracts with a streamlined renewal process
a clearer view of contract status, risks and issues
Your sourcing strategy must demonstrate that you have a thorough understanding of the commercial undertakings required to deliver, use and manage your programme. You should plan how to manage multiple suppliers, where that structure is appropriate for the organisation’s operating model, and when they’re working as part of the same delivery teams. This includes:
routinely challenging your sourcing strategies to consider whether your requirements can be simplified or broken up to allow for greater competition in the marketplace, including by small and medium-sized enterprises.
using value chain mapping to help identify the products and their components you need, and whether it would be better to build or buy depending on their maturity as a product
moving from large contracts with a single supplier to multiple suppliers where there’s an operational and value for money justification
understanding where and how you’ve disaggregated the technology that underpins your programme and the contracts that supply the technology
considering what skills and capabilities your organisation needs to deliver and support the product or service you’ll purchase
using a sourcing model that fits your services, and works in your organisation’s specific circumstances
Your sourcing strategy must consider technology approaches that will encourage the future use of your product or service, including:
breaking up services in line with industry best practices including using a lean sourcing approach, pre-procurement market engagement and being as open as possible
using off the shelf products and services where possible - avoid customising these products in a way that stops you from maintaining, upgrading or removing them in future
reduce your organisation’s environmental impact
Find appropriate services and suppliers to avoid lengthy and expensive procurement processes. Work with your departmental commercial team to understand which route is most appropriate.
Contracts should:
not be over £100 million in value – unless there’s an exceptional reason
be explicit about the ownership of government data, including data created through the operation of the service
be explicit about the ownership of intellectual property involved in the delivery of a technology service (including software code and the business rules that process information between user interfaces and stored data)
Contracts should:
where economic, include a break clause at a maximum of 2 years which allows you to terminate the contract with minimal exit costs
ensure competition from the widest possible range of suppliers using smaller contracts where they improve value
include usage-based billing models where appropriate and where this represents best value for money
address the need for continuous improvement, maintaining market competitiveness and flexibility to meet changing requirements
Remember that:
suppliers must not provide either systems integration, service integration or service management services at the same time as providing a component service within that system
you cannot automatically extend contracts unless there are extenuating circumstances
you should align contract duration to current best practices for the product or service in question
If you’re building a service as part of your technology project or programme you will also need to meet the Service Standard.
Who to contact for help
GDMPglobal.digitalmarketplace@digital.cabinet-office.gov.uk