You're viewing our new website - find out more

Technology standards and assurance

There are a number of standards and assurance procedures in place to help public sector organisations comply with legislation and best practice as they transform digitally.

Standards and guidance

The Digital First Service Standard was created to help organisations meet the minimum standard required when transforming their citizen-facing services.

The Open Data Strategy and Open Data Resource Pack support public sector organisations in making their non-personal data accessible.

Our Data Hosting and Data Centre Strategy sets out our vision for Scotland's public sector data hosting to be cost-effective, carbon-neutral and, where appropriate, cloud-based.

We offer additional guidance for organisations on cloud computing, virtualisation and colocation.

Our Green Digital Strategy provides guidance to help organisations achieve a cost-effective, sustainable and energy-efficient digital network.

Technology Assurance Framework

We have introduced a new technology assurance framework for central government. This new approach began in January 2017.

The framework is designed to improve the delivery of programmes and projects developing IT and digital solutions. It does this by:

The new technology assurance framework applies to central government organisations, including the Scottish Government, who need to provide a named assurance co-ordinator. This assurance co-ordinator will facilitate adoption of the framework within the organisation and to support reporting arrangements

Programmes and projects within those organisations, with a whole life cost of £5 million or more, or which carry a significant delivery risk, need to:

This information should be supplied to the Office of the Chief Information Officer (OCIO) within the Scottish Government, which is responsible for implementing and managing the new technology assurance framework.


We are also working with other corporate assurance providers within the Scottish Government to plan our respective assurance activities and explore opportunities to align project reporting.

Assurance Gates
The key stages for technology assurance set out in the framework cover the following project stages:

  • business justification - to make sure the basis for starting the project is sound, it is addressing user needs, and has a robust outline business case
  • pre-procurement - to test the contracting and procurement strategy and make sure the contractual and commercial risks are understood
  • during delivery - to make sure that the project addresses any significant issues, including cost or time slippage or significant issues expressed in an independent review
  • 'go live' - to make sure that systems and business processes are ready for service and capable of delivering

If a project is also subject to Digital First Service Standard assessments, these will be aligned as appropriate to the stages listed above.

In the event of a negative assessment during an assurance gate, recommendations for remedial action can be made to address the issues identified. Where there are significant concerns about delivery or value for money a "stop" recommendation can be made to the Scottish Government's Chief Information Officer (CIO). Where the CIO endorses the recommendation to stop a project, the project's Accountable Officer can only proceed with the project where explicit approval to do so is given by the lead Minister and the Cabinet Secretary for Finance and the Constitution.

Contact the Office of the Chief Information Officer (OCIO) at for more information about applying the technology assurance framework within your project.

Office of the Chief Information Officer (OCIO)

The Technology Assurance Framework is managed by the the Office of the Chief Information Officer (OCIO). The OCIO is responsible for programme assurance across the Scottish Government and public sector organisations.

All public sector organisations should have an assurance lead. If you're not sure whether your organisation has an assurance lead, please contact the OCIO on, 0131 244 7664.

New technology projects should be registered with the OCIO using the Investment Plan Checklist and Assurance Plan template.