The BC Technology Code of Practice, being developed pursuant to BC's Digital Framework and the priority actions therein, is a DRAFT set of criteria to help the BC Government design, build and buy better technology. The Code is envisioned to be used as a cross-government agreed standard in government's new, in-development digital investment and implementation process.
The Code as it exists below is an alpha (https://developer.gov.bc.ca/Agile-Delivery-Journey/Alpha), modelled after exemplars from leading jurisdictions, being developed at the direction of central government. The intent is for this Alpha Code to be socialized and iterated with the BCGov digital community, ultimately coming to form a co-created Practice that is uniformly adopted and followed from the start of any BC Government technology programme, project or product development.
This Code is envisioned to be part of an interconnected set of guidance and standards for all BC Public Service employees and partners engaged in applying the culture, processes, business models and technology of the digital era to meet the needs and expectations of the people of British Columbia - that is to say, the Digital BC community:
- For employees, our British Columbia Public Service Oath of Employment (https://www2.gov.bc.ca/assets/gov/careers/managers-supervisors/managing-employee-labour-relations/oath_of_employment.pdf) and Standards of Conduct (https://www2.gov.bc.ca/gov/content/careers-myhr/about-the-bc-public-service/ethics-standards-of-conduct/standards-of-conduct);
- A new set of (DRAFT) Digital Principles - fundamental propositions - intended to serve as the foundation for a system of behaviors to guide the work of the Digital BC community (find those Principles here: https://github.com/bcgov/digital-principles/);
- A new (DRAFT) Service Standard, intended to guide internet era teams to create and run great public services, no matter the channel through which those services are delivered (i.e. whether digital or not); and
- For those using technology, this new (DRAFT) Technology Code of Practice.
It is envisioned that this Code will eventually reside as a GitHub repository at https://github.com/bcgov/ and online as part of https://digital.gov.bc.ca/. The content has been borrowed heavily - with gratitude - from the UK's Technology Code of Practice (https://www.gov.uk/government/publications/technology-code-of-practice/technology-code-of-practice). In the content below, the drafters of this BC TCoP have left a number of UK-specific references to policies, guidance, blog posts, etc., having done so as signals to the kinds of artifacts relevant teams in the BCGov must/should consider creating for the BC context.
A specific note re: cloud: At the time of original drafting of this BC TCoP, British Columbia has very recently amended its Freedom of Information and Protection of Privacy Act, having done so to, amongst other rationale, modernize this statute for the purpose of enabling the use of cloud services. However, while the UK Technology Code of Practice references a "cloud first policy," it would be very presumptive at this time to envision such a policy for British Columbia. Instead, the original drafters have taken the liberty of leaving reference to cloud in this BC TCoP, but using the term "intelligent." This language is not endorsed and is simply included as a placeholder for future consideration.
There are other uses of language in this in-development Code - e.g. "BC Private Cloud," "Investment & Implementation" - that should not be taken as anything more than placeholders, rather than foreshadowing or signals of future intent on the part of government or the agencies responsible for the matters set out below.
Following the Technology Code of Practice will help you gain approval to spend from your department investment process / from the BC Digital Service Investment & Implementation team, avoiding activities that’ll result in your application being rejected. It will also help you introduce technology that:
- meets user needs, based on research with your users
- can be shared across government
- is easily maintained
- scales for future use
- is less dependent on single third-party suppliers
- provides better value for money
The Technology Code of Practice contains guidance and case studies to help you migrate from legacy infrastructure and manage the full lifecycle of your technology. More guidance and case studies will continue to be added.
You should use the Technology Code of Practice for all of your technology initiatives. If your initiative needs funding approval you should contact the BC Digital Service (BCDS) Investment & Implementation team as soon as possible. They’ll guide you through the approvals process which can provide you with greater confidence that your spend request will be approved.
All points of the Technology Code of Practice must be considered. Where legacy technology limits your ability to adhere to the standard, this must be explained as part of the digital investment process. The Standards Assurance team consider individual circumstances for each application.
(Individual Code items are set out in greater detail below.)
Understand your users and their needs. Develop knowledge of your users and what that means for your technology project or programme.
Make sure your technology, infrastructure and systems are accessible for users.
Publish your code and use open source to improve transparency, flexibility and accountability.
Build technology that uses open standards to ensure your technology works and communicates with other technology, and can easily be upgraded and expanded.
Use public cloud intelligently, as stated in the government’s in-development cloud policy. [Note: Adapted from the UK's "cloud first" practice and policy.]
Keep systems and data safe with the appropriate level of security.
Make sure citizens’ rights are protected by integrating privacy as an essential part of your system.
Promote good practice and avoid duplicated efforts by sharing and reusing services, data and software components.
Your technology should work with existing technologies, processes and infrastructure in your organisation, and adapt to future demands.
Consider how to minimise data collection and reuse data to avoid duplication of datasets.
Your purchasing strategy must show you’ve considered commercial and technology aspects, and contractual limitations.
If you are building a service as part of your technology initiative, you will also need to meet the Service Standard.
Understand your users and their needs. Develop knowledge of your users and what that means for your technology project or programme.
To meet point 1 of the Technology Code of Practice you must show you understand your users and their needs.
You’ll have to explain how you’re doing this as part of the digital investment process.
Doing user research will help your technology initiative by identifying:
● any risks to introducing or changing the technology
● the skills needed to deliver, use and manage the technology
● the technologies that service support teams will need for their end users
● the commercial and operational needs; for example, the need to decommission an obsolete mainframe in order to create a more resilient data and service tier
User research can also:
● make sure that services such as online office suites, network shares, project management software and HR suites really do meet your users’ needs
● support internal agreement of what you want the technology to help you achieve
● [Service Design in the BC Public Service] (https://www2.gov.bc.ca/gov/content/governments/services-for-government/service-experience-digital-delivery/service-design/service-design-in-the-bc-public-service)
● User research training for central government workers
● ‘Understanding user needs’ from the BC Service Standard for initiatives that include the creation of a service
● User research for government services: an introduction
● Learning about users and their needs
Find out more about:
● user research
● service assessments
● assisted digital support
Make sure your technology, infrastructure and systems are accessible for users.
To meet point 2 of the Technology Code of Practice your plan or design must show how you’re making technology inclusive.
You’ll have to explain how you’re doing this as part of the digital investment process.
Your technology initiative will benefit from:
● Following the law set out in the Equality Act 2010 [No BC equivalent]
● Making your technology work for as many users as possible
● Being assured that all staff members on your team will be able to easily access the information and infrastructure needed to do their work including services such as online office suites, network shares, project management software and HR suites
● Being assured that there will be no barrier to employing people with specific access needs
Your research must include users with a range of abilities. Make sure your technology and systems can be used by a diverse set of users by:
● Meeting the requirements and following the accessibility guidance set out in the service manual [In-development in BC]
● Involving users with a range of impairments in user testing as you develop your services and systems
● Knowing the range of devices and software that need to work with your technology
● Enabling access to services through a range of web browsers and ensuring compatibility with assistive technologies and a range of end user devices
● [Accessble Government Toolkit] (https://www2.gov.bc.ca/gov/content/home/accessible-government)
● [Equality Act 2010]
● Meeting the accessibility standard
● Meeting compatibility with assistive technologies
Publish your code openly and use open source technology to improve transparency, flexibility and accountability.
To meet point 3 of the Technology Code of Practice your plan or design must show you have considered the use of open source and publishing your code openly.
You’ll have to explain how you’re meeting point 3 as part of the digital investment process or any limitations you’ve encountered that prevented you from achieving this.
Open source is a way of developing and distributing software. The code is often written collaboratively, and it can be downloaded, used and changed by anyone.
Open standards are a set of rules designed to do a specific job in technology. They are also designed collaboratively and free to use. Open standards allow open source and closed source (proprietary) software to work together.
Give equal consideration to open source software when you choose technology.
Your technology initiative could benefit from:
● Solving common problems with readily available open source technology
● More time and resource for customised solutions to solve the rare or unique problems
● Lower implementation and running costs
Be aware that open source software is not completely free so take into account the total cost of migrating, including exit and transition costs
Publishing your code and data from the beginning of your technology initiative will encourage:
● Clearer documentation, making it easier for your team to maintain the code, track changes to it and for other people to use it
● Cleaner and well-structured code that is easier to maintain
● Clarity around data that needs to remain protected and how that’s achieved
● Suggestions about how the code can be improved or where security can be improved
If your technology initiative includes code in its development, refer to the Service Manual section on making source code open and reusable.
The following questions are some of the points to consider when choosing technology and evaluating whether you want a proprietary or open source solution:
- Does the solution do what you need it to do?
- Does the solution meet the needs of your end users?
- What are the solution’s initial and ongoing costs?
- Will the staff need training or will expert users need to be employed to manage the solution?
- If the solution is open source, how widely is the code already adopted? How mature is it?
- Does the solution offer the level of support needed?
- How well is the solution maintained and is there evidence of further development?
- How reliable is the solution? This is hard to measure, but one way is to assess it by looking at its maturity.
- How well does the solution perform? Can you analyse performance data or reviews?
- How well will the solution scale to meet your needs?
- Does the solution’s security meet your needs and does it have regular security patches?
- Is the solution flexible? You can customise the solution to fully meet your needs but be aware this can make future updates and security patches hard to implement.
- Will the solution work with your other technology?
- Is the solution’s licence acceptable to your organisation’s business requirements? Are there any restrictions or gaps that would cause issues?
- Is the solution’s warranty acceptable and is there an option to buy one?
Open Source Initiative
[Choosing technology] (https://www.gov.uk/service-manual/technology/choosing-technology-an-introduction)
Making new source code open by default
[Ministry of Justice case study - why we code in the open] (https://mojdigital.blog.gov.uk/2017/02/21/why-we-code-in-the-open/)
[GDS case study - making the register to vote code open] (https://gdstechnology.blog.gov.uk/2016/01/26/working-out-how-to-open-up-the-register-to-vote-code/)
Build technology that uses open standards to ensure your technology works and communicates with other technology, and is easily upgraded and expanded.
To meet point 4 of the Technology Code of Practice your plan or design must show you are using or have considered using open standards and data. You must make your technology initiative as interoperable as possible.
You’ll have to explain how you’re doing this as part of the digital investment process.
Open source is a way of developing and distributing software. The code is often written collaboratively, and it can be downloaded, used and changed by anyone.
Open standards are a set of rules designed to do a specific job in technology. They are also designed collaboratively and free to use. Open standards allow open source and closed source (proprietary) software to work together.
Open standards can be used when designing individual elements of the solution.
Using open standards means you:
● Save time and money by reusing things that are already available
● Increase compatibility with all stakeholders
● Potentially open up the range of companies you can purchase from as more of them are likely to use the same standard as you
● Can move between different technologies when you need to and don’t get locked into contracts
Build flexibility into your technology by:
● Using open standards, complying with any that are compulsory for use in government, unless you’ve been granted an exemption
● Being clear what data your systems will hold, and which identifiers are in place to make sure the data can be used effectively
● Avoiding the duplication of data, and being very clear about their approved source
● Using RESTful APIs for integration where possible
● Publishing your APIs on the [BC Government API Registry] (https://catalogue.data.gov.bc.ca/group/bc-government-api-registry) to make them reusable
[API Guidelines] (https://devhub-static-test-devhub-test.pathfinder.gov.bc.ca/Data-and-APIs/BC-Government-API-Guidelines?intention=LOGIN#error=login_required)
[API Registry] (https://catalogue.data.gov.bc.ca/group/bc-government-api-registry)
Open Standard Principles
Open Standards for government
About APIs
Use public cloud intelligently as stated in the government’s cloud policy.
To meet point 5 of the Technology Code of Practice your plan or design must show you have considered using the public cloud as stated in the government’s cloud policy.
You’ll have to explain how you’re meeting point 5 as part of the digital investment process or any limitations you’ve encountered that prevented you from achieving this.
Cloud computing is a way of storing and retrieving data and software over the internet. The 3 main service areas are:
● Software-as-a-service (SaaS), which is the use of applications over the internet
● Platform-as-a-service (PaaS), which provides the platform for developing, testing and deploying your applications over the internet
● Infrastructure-as-a-service (IaaS), which provides the physical technology infrastructure/network virtually over the internet without the need for you to buy your own hardware
You can benefit from adopting an intelligent cloud approach because:
● You can avoid upfront investments in your infrastructure, reducing overall costs
● There’s greater flexibility to trial new services or make changes, with minimal cost
● Pricing models are scaleable - instead of building for the maximum usage you buy for less usage and increase or decrease as appropriate
● It will be easier to meet the [Greening Government Commitments] - cloud facilities typically try to use server space and power in the most efficient way possible
● Upgrades and security patches can be applied continuously
For greater detail on the benefits of using cloud you can read the blog posts on ‘Why we use the cloud: security and efficiency’ and ‘Why we use the cloud: supporting services’.
Follow the cloud policy by:
● Evaluating potential public cloud services before you consider alternatives such as BC On-Prem Hosting, which is a data centre available for all of government, and BC Private Cloud, which is an on-premise container hosting service
● Demonstrating your chosen service represents the best value for money if selecting an alternative to public cloud - you must also show you’ve allowed for flexibility by being able to change the system and reduce costs over time
Assessing a hosting business case
BC On-Prem Hosting
[BC Private Cloud] (https://developer.gov.bc.ca/Getting-Started-on-the-DevOps-Platform/BC-Government-OpenShift-Container-Platform-Service-Definition)
Keep systems and data safe with the appropriate level of security.
To meet point 6 of the Technology Code of Practice your plan or design must show how you are securing data and systems.
You’ll have to explain how you’re doing this as part of the digital investment process.
Include security at the start of the project. Have your team involved in making each element secure, from the start, instead of your security experts adding technical countermeasures to a finished product.
Training users and having clear processes are important for security, as is doing realistic threat assessments and taking a balanced approach to managing risk.
Plan how to deny, and quickly recover from, malicious access. Make sure you have processes in place to record information about any attacks and use this data to improve defences.
Choose the appropriate level of security for your technology initiative. Consider the risks and have processes in place to mitigate against them and improve time to recovery.
You can protect your data and infrastructure by:
● Following the principles set out in the [Information Security Policy and Guidelines] (https://www2.gov.bc.ca/gov/content/governments/services-for-government/policies-procedures/information-security-policy-and-guidelines) and [Information Security Classification Standard] (https://www2.gov.bc.ca/gov/content/governments/services-for-government/information-management-technology/information-security/information-security-classification)
● Following the [National Cyber Security Centre’s information risk management guidance]
● Designing and implementing the components of your system according to government best practice, including [network principles, security design principles for digital services and securing government email]
● Determining the security requirements of cloud services using the [Cloud security principles] and accompanying guidance
Security policy framework Network principles Security classification policy Securing government email Security considerations when coding in the open NCSC risk management collection NCSC security design principles for digital services NCSC cloud security principles NCSC cloud security collection
Make sure citizens’ rights are protected by integrating privacy as an essential part of your system.
To meet point 7 of the Technology Code of Practice your plan or design must show how you are considering privacy by design.
You’ll have to explain how you’re doing this as part of the digital investment process.
[Following section from UK TCoP left in for purposes of a template for BC]
The EU General Data Protection Regulation (GDPR) website and the Information Commissioner's Office (ICO) provide information about the GDPR. The Technology Code of Practice summarises the key points.
The GDPR will come into force on 25 May 2018. It’s about protecting citizens’ personal data while it is being processed or moved.
You must be ready to comply with this new regulation and consider the ethical and appropriate use of data and technology.
GDPR is adopting privacy by design as part of the regulation. There is a legal requirement in the GDPR for the protection of citizens’ data to be included from the start of the design process. GDPR includes upfront penalties for not complying.
Maintaining the privacy of citizens’ personal data includes security. Privacy also includes how citizens:
● Consent to the use of their personal data
● Have the right to have personal data erased
● Have the right to restrict the processing of personal data
Your technology initiative will benefit from:
● Being proactive about privacy and reducing the risks of data theft
● Identifying potential privacy issues earlier when they are easier and cheaper to solve
● Better awareness of privacy issues across the organisation
● Adherence to GDPR when it comes into law
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. It provides consistency of data privacy laws across Europe.
The Information Commissioner's Office (ICO) has a self-assessment questionnaire about your organisation's readiness in implementing the GDPR. They also have a guide to data protection and suggest using Privacy Impact Assessments (PIAs) as part of your initiative's risk management process. The following questions from the PIA code of practice are useful to consider:
- Will the initiative involve the collection of new information about individuals?
- Will individuals have to provide information about themselves to the initiative?
- Will information about individuals be disclosed to organisations or people who have not previously had routine access to the information?
- Are you using information about individuals for a purpose it is not currently used for, or in a way it is not currently used?
- Does the initiative involve you using new technology that might be perceived as being privacy intrusive? For example, the use of biometrics or facial recognition.
- Will the initiative result in you making decisions or taking action against individuals in ways that can have a significant impact on them?
- Is the information about individuals of a kind particularly likely to raise privacy concerns or expectations? For example, health records, criminal records or other information that people would consider to be private.
- Will the initiative require you to contact individuals in ways that they may find intrusive?
EU General Data Protection Regulation
European Commission: Protection of personal data
GDPR summary of legislation
UK Digital Strategy
Data Science Ethical Framework
[/end UK template]
Promote good practice and avoid duplicated efforts by sharing and reusing services, data and software components.
To meet point 8 of the Technology Code of Practice your plans must show you have considered sharing and reusing technology.
You’ll have to explain how you’re meeting point 8 as part of the digital investment process or any limitations you’ve encountered that prevented you from achieving this.
Sharing solutions from your initiative
When building a solution consider that others may want to use it in the future. It’s easier and cheaper to build this possibility in at the start than at the end. Consider the general application, not just your own departmental application, of the specific problem you are solving. Other initiatives can benefit if you share a solution to a common problem.
Reusing solutions to help your initiative
Your technology initiative will benefit from reuse by:
● Avoiding duplication and unnecessary investments by sharing and reusing government services, information, data and software components
● Speeding up the initial project or programme phases by sharing and reusing documentation from discovery and pilot projects
● Finding the best value for money by looking outside government for existing services and capabilities such as cloud hosting
There are several technology resources and common government platforms available to all government organisations.
Communities
There are 4 cross-government technology communities that discuss the latest thinking on services. You can apply to join through the Service Manual. [UK exemplars left in place for BC guidance]
● Technology community (backend development)
● Technology community (frontend development)
● Technology community (technical architecture)
● Technology community (web operations)
Government platforms
Consider using common government platforms and services where appropriate. These include: [UK exemplars left in place for BC guidance]
● GOV.UK Notify for user notifications [In-development in BC]
● GOV.UK Pay for payments [PayBC?]
● GOV.UK Platform as a Service for hosting [OCP?]
● GOV.UK Verify for secure identity assurance [BC Services Card?]
● performance dashboards for Services data [GDX Analytics?]
● registers to access and use current and accurate data
● guidance on how to choose and implement common technology services
Common technology
Common technology guides and services include:
[UK exemplars left in for BC guidance]
Secure email
● Email security standards
● Securing government email
● Set up government email services securely
● Protect domains that don’t send email
Networks and GovWifi
● Sharing workplace wireless networks
● Sharing wide area network connections in shared buildings
● GovWifi
● Set up GovWifi on your infrastructure
● Set up managed end user devices to automatically connect to GovWifi
● Connect to GovWifi
● Terms and conditions for connecting to GovWifi
Public Services Network
● Introducing the UK public sector DNS
Government code for reuse
Government publishes code openly in several places including GitHub. Some of the repositories in GitHub include:
● MOJ’s repository of services on their platform, for example, the postcode lookup. Find out more about their platform and some of their services or contact them at [email protected]
● the Home Office repository which includes useful forms for reuse
● GDS' repository contains their source code
● DEFRA’s repository
● GCHQ’s repository that includes their platform for data storage, processing and analysis
Aggregation opportunities
Crown Commercial Service provides information about current and future opportunities to aggregate buying requirements when purchasing technology.
Read the GOV.UK proposition guide to make sure your content is appropriate for publication on GOV.UK.
[/end UK exemplars]
Your technology should adapt to future demands and work with existing technologies, processes and infrastructure in your organisation.
To meet point 9 of the Technology Code of Practice your plan or design must show how your technology initiative integrates into your organisation.
You’ll have to explain how you’re doing this as part of the digital investment process.
Good integration means making sure your new technology works with legacy solutions without limiting your ability to adapt to future demands or upgrade systems.
Your initiative will benefit from:
● Less risk to your infrastructure as integration planning will discover compatibility gaps in the new technology
● Less downtime on your regular processes when you upgrade or amend them
● Systems which enforce built-in redundancy of services, minimising single points of failure
● Lower long-term support costs
Each organisation’s technology and infrastructure will have services and issues that are unique. There are some common elements to consider when fitting new technology into your current or legacy system, including:
● How different aspects of your organisation’s IT operating model come together, including business areas such as processes, governance, service support and service delivery
● How the new technology will work with your service management
● What skills and capabilities your organisation needs to deliver, support and continuously improve the new technology you’ll purchase
To optimise systems integration consider:
● Adopting a continuous integration model so you can solve smaller issues iteratively (this is generally easier and cheaper than waiting to test everything at the end of an initiative)
● Designing your system using independently developed components that can easily work together
● Building a system architecture early in the program to describe your current or future system and mapping hardware and software components
● Defining a configuration management process
● Doing component-level testing to make sure integration is possible
● Doing regular integration and stress testing to track progress and make sure the system remains robust
If you have chosen to use a systems integrator you should make sure they meet all of your requirements.
When managing system processes and service management integration aim to:
● Define the governance, processes, tools and information required to meet business needs and user needs
● Map and track the interdependencies between the infrastructure and the services running on it
● Provide support to the infrastructure and make sure you have the flexibility to add hardware and software
● Be flexible so that processes can incorporate legacy and new infrastructure, including the use of cloud services
● Understand the probable lifespan of your technologies (being aware of expiry and renewal timings) and create a roadmap showing your plan for retiring legacy systems
System integration is important for the overall network performance and for considering your organisation’s service management.
Service management depends on how your current infrastructure is managed, what new technology is being integrated and what the longer-term business objectives are for IT in the organisation.
List of [UK] guides on the topics of:
● Networking
● Legacy
● Buying technology
Consider how to minimise data collection and reuse data to avoid duplication of datasets.
To meet point 10 of the Technology Code of Practice your plans must show you’ve considered minimising data collection and duplication.
You’ll have to explain how you’re meeting point 10 as part of the digital investment process or any limitations you’ve encountered that prevented you from achieving this.
Minimising data collection and duplication will mean your project benefits from:
● Adhering to the [BC Digital Framework] (https://digital.gov.bc.ca/digital-transformation/)
● Saving time and money by reusing open data that is already available
● Infrastructure and services that contain consistent information
● Giving your users a more consistent experience when using government services online, which builds trust
● Potentially reducing unnecessary new demands for data storage
When using data your obligations include:
● Making your data open by default, following Open Data principles when publishing data
● Making sure users of transactional services have access to data held about them - the service should clearly communicate how data will be used
● Following the [UK] Information Commissioner’s Code of Practice for data sharing
● Conducting a Privacy Impact Assessment in line with the [UK] ICO Code of Practice when using personal data
● Anonymising personal data in accordance with the [UK] ICO Code of Practice for anonymisation
● Considering ethical issues around using data, and assessing these according to the principles of the [UK] Data Science Ethical Framework
● Holding data securely and for specified purposes, in accordance with point 7 in the Service Standard
● Making sure newly collected data can be made easily accessible to APIs for future use
● Minimising the amount of data shared for achieving a specific purpose (large amounts of personal information should not be shared or copied unnecessarily)
● Using common standards and patterns to ensure data can be easily analysed, and where appropriate, shared with other departments
● Understanding best practices for collecting, storing, analysing and sharing data from other departments, other governments and other sectors
● Keeping data for only as long as necessary, and securely deleting the data when it’s no longer needed
[UK] Policies and guidance available includes:
● Data Science and Ethical Framework
● Publish and use government's open data
● Unlocking the power of data in the UK economy and improving public confidence in its use - part 7 of the UK Digital Strategy
● Making better use of data - part of the Government Transformation Strategy 2017-2020
● Government transformation strategy - better use of data
● Data Protection Act which will be replaced by the EU General Data Protection Regulation (GDPR)
● Using registers to build a service
● Summary of the Better use of data consultation by the Cabinet Office
● Local Government Association - Better use of data
Your purchasing strategy must show you have considered commercial and technology aspects, and contractual limitations.
To meet point 11 of the Technology Code of Practice your plan or design must show your sourcing strategy and how your contracts meet government rules and guidelines.
You’ll have to explain how you’re doing this as part of the digital investment process.
Your technology initiative will benefit from:
● Competitive and innovative commercial products and opportunities
● Long-term financial savings
● Improved supplier negotiations
● A commercial approach that supports the disaggregation of contracts
● Managing contract exits successfully, making sure the exiting supplier passes over any relevant knowledge and capabilities
● Help with the transition to the cloud, commodity and common technology services
● Shorter, more manageable contracts with a streamlined renewal process
● A clearer view of contract status, risks and issues
Your sourcing strategy must demonstrate that you have a thorough understanding of the commercial undertakings required to deliver, use and manage your initiative. You should plan how to manage multiple suppliers, where that structure is appropriate for the organisation’s operating model, and when they're working as part of the same delivery teams. This includes:
● Routinely challenging your sourcing strategies to consider whether your requirements can be simplified or broken up to allow for greater competition in the marketplace, including by small and medium-sized enterprises.
● Using value chain mapping to help identify the products and their components you need, and whether it would be better to build or buy depending on their maturity as a product
● Moving from large contracts with a single supplier to multiple suppliers where there’s an operational and value for money justification
● Understanding where and how you’ve disaggregated the technology that underpins your initiative and the contracts that supply the technology
● Considering what skills and capabilities your organisation needs to deliver and support the product or service you’ll purchase
● Using a sourcing model that fits your services, and works in your organisation’s specific circumstances
Your sourcing strategy must consider technology approaches that will encourage the future use of your product or service, including:
● Breaking up services in line with industry best practices including using a lean sourcing approach, pre-procurement market engagement and being as open as possible
● Where you use off the shelf products and services, avoiding customizations that stops you from maintaining, upgrading or removing these products and services in future
● Complying with the [UK] Greening Government Commitments to reduce your organisation’s environmental impact
Find appropriate services and suppliers to avoid lengthy and expensive procurement processes. Work with your departmental commercial team to understand which route is most appropriate. Use approved sourcing routes including:
● The [in-development in BC] Digital Marketplace for technology or people for digital projects
● Technology frameworks available from [UK] Crown Commercial Service
Contracts must [UK exemplars left in]:
● Not be over £100 million in value – unless there’s an exceptional reason
● Be explicit about the ownership of government data, including data created through the operation of the service
● Be explicit about the ownership of intellectual property involved in the delivery of a technology service (including software code and the business rules that process information between user interfaces and stored data)
Contracts should:
● Where economic, include a break clause at a maximum of 2 years which allows you to terminate the contract with minimal exit costs
● Ensure competition from the widest possible range of suppliers using smaller contracts where they improve value
● Include usage-based billing models where appropriate and where this represents best value for money
● Address the need for continuous improvement, maintaining market competitiveness and flexibility to meet changing requirements
Remember that:
● You can use the CCS technology category framework agreements which have pre-defined terms and conditions
● Suppliers must not provide either systems integration, service integration or service management services at the same time as providing a component service within that system
● You cannot automatically extend contracts unless there are extenuating circumstances
● You should align contract duration to current best practices for the product or service in question
Technology service principles
Government buying collection .
Lean sourcing guidance
Technology aggregation opportunities
Commercial operating standards for government
Public procurement policy
Central government spending controls
Contract management standards
Commercial operating standards for government