Technology standards and assurance
There are a number of standards and assurance procedures in place to help public sector organisations comply with legislation and best practice as they transform digitally.
Standards and guidance
The Digital First Service Standard was created to help organisations meet the minimum standard required when transforming their citizen-facing services.
Our Data Hosting and Data Centre Strategy sets out our vision for Scotland's public sector data hosting to be cost-effective, carbon-neutral and, where appropriate, cloud-based.
Our Green Digital Strategy provides guidance to help organisations achieve a cost-effective, sustainable and energy-efficient digital network.
Technology Assurance Framework
We have introduced a new technology assurance framework for central government. This new approach began in January 2017.
The framework is designed to improve the delivery of programmes and projects developing IT and digital solutions. It does this by:
- providing a standardised approach to assurance using stop/go assurance gates at key stages
- embedding lessons learned from previous experience within current and future practice
- supporting the development of integrated assurance and approval plans
- testing compliance with the Digital First Service Standard
The new technology assurance framework applies to central government organisations, including the Scottish Government, who need to provide a named assurance co-ordinator. This assurance co-ordinator will facilitate adoption of the framework within the organisation and to support reporting arrangements
Programmes and projects within those organisations, with a whole life cost of £5 million or more, or which carry a significant delivery risk, need to:
- provide a named contact within the project to co-ordinate assurance activity and provide regular status update reports
- complete an ICT investment plans checklist
- develop an integrated assurance and approval plan
- supply copies of any risk potential assessment forms prepared as part of assurance obligations set out in the Scottish Public Finance Manual
This information should be supplied to the Office of the Chief Information Officer (OCIO) within the Scottish Government, which is responsible for implementing and managing the new technology assurance framework.
We are also working with other corporate assurance providers within the Scottish Government to plan our respective assurance activities and explore opportunities to align project reporting.
The key stages for technology assurance set out in the framework cover the following project stages:
- business justification - to make sure the basis for starting the project is sound, it is addressing user needs, and has a robust outline business case
- pre-procurement - to test the contracting and procurement strategy and make sure the contractual and commercial risks are understood
- during delivery - to make sure that the project addresses any significant issues, including cost or time slippage or significant issues expressed in an independent review
- 'go live' - to make sure that systems and business processes are ready for service and capable of delivering
If a project is also subject to Digital First Service Standard assessments, these will be aligned as appropriate to the stages listed above.
In the event of a negative assessment during an assurance gate, recommendations for remedial action can be made to address the issues identified. Where there are significant concerns about delivery or value for money a "stop" recommendation can be made to the Scottish Government's Chief Information Officer (CIO). Where the CIO endorses the recommendation to stop a project, the project's Accountable Officer can only proceed with the project where explicit approval to do so is given by the lead Minister and the Cabinet Secretary for Finance and the Constitution.
Contact the Office of the Chief Information Officer (OCIO) at OCIOAssurance@gov.scot for more information about applying the technology assurance framework within your project.
Office of the Chief Information Officer (OCIO)
The Technology Assurance Framework is managed by the the Office of the Chief Information Officer (OCIO). The OCIO is responsible for programme assurance across the Scottish Government and public sector organisations.
All public sector organisations should have an assurance lead. If you're not sure whether your organisation has an assurance lead, please contact the OCIO on OCIOAssurance@gov.scot, 0131 244 7664.
New technology projects should be registered with the OCIO using the Investment Plan Checklist and Assurance Plan template.