Guidance

Government technology standards and guidance

This is collated guidance from government websites and independent bodies to help you follow the technology code of practice.

• From: Central Digital and Data Office
• Published: 2 August 2016
• Last updated: 5 October 2023 — See all updates

The technology code of practice is a set of criteria to help government design, build and buy technology.

Accessibility

• Making your service accessible: an introduction
• Testing for accessibility
• Designing for different web browsers and devices
• Equality Act 2010
• How to publish on GOV.UK
• Government approach to assisted digital
• Make your public sector website or app accessible

APIs

• API technical and data standards
• API design guidance
• Setting API service levels
• Writing API reference documentation
• How to document APIs
• API documentation for GOV.UK Pay

Application development

• Application development guidance: introduction (NCSC)
• Native or hybrid apps
• Mobile device guidance (NCSC)
• Apple iOS application development guidance (NCSC)

Buying technology

• Choosing technology: an introduction
• CCS aggregation
• Cabinet Office spend controls guidance version 4.0
• Crown Commercial Service (CCS) agreements search
• Commercial operating standards for government
• Common areas of spend: data definitions
• Commercial capability: contract management standards
• Government supplier assurance framework
• How to buy Digital Marketplace services fairly
• How to set your evaluation criteria when buying Digital Outcomes and Specialist services
• Lean sourcing: guidance for public sector buyers
• Public procurement policy
• Public sector discounts for software
• Talking to suppliers before you buy Digital Marketplace services
• Technology service principles

Cloud strategy

• Cloud first policy
• How to assess a hosting business case
• IaaS - Managing your responsibilities (NCSC)

Data protection

General Data Protection Regulation (GDPR)

• Guide to the General Data Protection Regulation (GDPR) (ICO)

Data provisioning and usage

• Code of data matching practice for the National Fraud initiative
• Open Data Charter

Design and build government services

• Service toolkit

Design principles

• Security design principles for service design (NCSC)

Digital inclusion

• Digital inclusion evaluation toolkit
• Digital skills and inclusion policy
• Government digital inclusion strategy

Digital Marketplace

• Digital Marketplace buyers and suppliers information
• Digital Marketplace buyers’ guide
• Digital Marketplace suppliers’ guide
• Digital outcomes and specialist buyers’ guide
• Digital outcomes and specialists templates and legal documents
• eMarketplace: a guide for public sector buyers
• G7 fundamental elements for cyber security
• How Digital Marketplace suppliers have been evaluated
• How to award a contract when you buy services through the Digital Marketplace
• How to manage your digital outcomes and specialists contract
• How to shortlist digital outcomes and specialists suppliers
• How to talk about being a supplier on the Digital Marketplace
• Terms and conditions of Digital Marketplace frameworks

G-Cloud

• G-Cloud templates and legal documents
• G-Cloud buyers’ guide
• G-Cloud suppliers’ guide

Digital outcomes and specialists framework

• UK Digital Strategy
• Digital Outcomes and Specialists templates and legal documents
• Digital outcomes and specialists audit trail guidance
• Digital outcomes and specialists suppliers’ guide
• Digital outcomes and specialists: digital specialist roles
• How to answer supplier questions about your outcomes and specialist requirements
• How to evaluate digital outcomes and specialist suppliers
• How to make changes to your published digital outcomes and specialists requirements
• How to score digital outcomes and specialist suppliers
• How to sell your digital outcomes and specialist services
• How to write your requirements for digital outcomes and specialist services
• Ways to assess digital outcomes and specialists suppliers

Digital Service Standard

• Digital Service Standard

Digital transformation

• Digital Economy Act 2017
• Organisational design for digital delivery
• Government transformation strategy
• UK Digital Strategy
• Make video conferencing tools work across government

Emerging technologies

• Growing the artificial intelligence industry in the UK (DCMS & BEIS)
• AI in the UK: ready, willing and able? (House of Lords)
• Distributed ledger technology: Blackett review (Government Office for Science)
• Quantum technologies: Blackett review (Government Office for Science)

End user devices

• End user device: security guidance (NCSC)

GOV.UK Notify

• GOV.UK Notify overview

GOV.UK Pay

• GOV.UK Pay overview

GOV.UK Proposition

• GOV.UK Proposition overview

GOV.UK Platform as a Service (PaaS)

• GOV.UK Platform as a Service (PaaS) overview
• Technical documentation for GOV.UK PaaS

GovWifi

• Connect to GovWifi
• Connect to GovWifi using a Mac, iMac or Macbook
• Connect to GovWifi using a Windows device
• Connect to GovWifi using an iPhone or iPad
• Create a new GovWifi installation
• Terms and conditions for connecting to GovWifi

Green technology

• A Guide to financing energy efficiency in the Public Sector
• Energy Performance Contract (EPC)
• Greening Government Commitments 2016 to 2020
• The greening government: sustainable technology strategy 2020
• Greening government: ICT and digital services strategy 2020-2025

Hosting your service

• Deciding how to host your service
• Get a service domain name
• Managing service domains
• The Crown Hosting data centres framework on the Digital Marketplace

Identity assurance

• Introduction to identity and access management (NCSC)
• Multi-factor authentication for online services (NCSC)
• Biometric recognition and authentication systems (NCSC)
• Setting up two-factor authentication (2FA) (NCSC)

Job roles

• Digital, data and technology job roles in government

Legacy

• Managing legacy technology
• Obsolete platforms security guidance (NCSC)
• Moving away from legacy systems

Managing government websites

• GOV.UK proposition
• Content design: planning, writing and managing content
• Naming and registering government websites
• Open central government websites
• Request an exemption from GOV.UK

Microsoft 365 Guidance

• Microsoft 365 Guidance for UK Government

Networking

• 10 steps: network security (NCSC)
• Government network policy changes
• Provisioning and securing security certificates (NCSC)
• How to install network infrastructure in shared buildings
• Sharing workplace wireless networks

Open source

• Open government
• Open Source Initiative
• Making new source code open by default
• When code should be open or closed
• Security considerations when coding in the open

Open standards

• Open Data Charter
• Open formats implementation plan
• Open standards for government data and technology
• Open standards principles
• Procurement policy note 07/15: open standards for technology
• Working with open standards

Performance platform

• Performance Platform overview

Public Service Network (PSN)

PSN certification

• Access or provide PSN services and connectivity
• Apply for a GCN connectivity service compliance certificate
• Apply for a PSN connection compliance certificate
• Apply for a PSN connectivity service compliance certificate
• Apply for a PSN service provision compliance certificate

Connect and configure PSN systems

• Connect and configure your systems to PSN
• Connect and configure your systems to the Public Services Network
• IT Health Check (ITHC): supporting guidance

PSN compliance

• Find out about PSN compliance
• PSN Code of Connection (CoCo)
• PSN Code of Interconnection (CoICo)
• PSN Code of Practice (CoP)
• PSN Compliant services
• PSN Connectivity services
• PSN governance obligations for all connectivity services

PSN forms

• PSN DSN Change form
• PSN incident reporting form

PSN allocation and management

• PSN incidents and problems
• PSN IP address allocation
• PSN IP address management
• PSN management information requirements
• PSN management information requirements for GCNSPs
• PSN network architecture
• PSN obligations
• PSN Quality of Service (QoS) specification
• PSN Quality of Service (QoS) testing and reporting
• PSN service management good practice
• PSN service management obligations for GCN services
• PSN standard terms and conditions
• PSN Virtual Points of Connection (VPoCs)
• Public Services Network (PSN): Deed of Undertakings (DoU)

Registers

• Becoming a custodian
• Creating a register
• Introducing registers
• Registers guidance
• Using registers to build a service

Risk management

• Risk management guidance (NCSC)
• Management of risk in government: summary
• System administration architecture (NCSC)

Smarter working

• 10 steps: home and mobile working (NCSC)

Security

Standards and regulations

• Minimum Cyber Security Standard
• NCSC NIS guidance
• Payment Card Industry Data Security Standard
• General Data Protection Regulation
• ISO/IEC 27001 Information Security Management
• Cyber Essentials Scheme

Cloud security

• Introduction: understanding cloud security (NCSC)
• Implementing the cloud security principles (NCSC)
• Using cloud tools securely
• Managing the risk of cloud-enabled products (NCSC)
• Securing your cloud environment

Cyber security

• 10 steps to cyber security (NCSC)
• 10 steps: incident management (NCSC)
• 10 steps: malware prevention (NCSC)
• 10 steps: managing user privileges (NCSC)
• 10 steps: monitoring (NCSC)
• 10 steps: removable media controls (NCSC)
• 10 steps: user education and awareness (NCSC)
• Cyber security guidance for business
• Cyber security regulation and incentives review
• Cyber security supplier to government scheme
• Internet edge device security (NCSC)
• Investigatory Powers Act
• Security governance, enabling sensible risk management decisions & communication (NCSC)
• Transaction monitoring for HMG online service providers
• Working with cookies and similar technologies
• Introduction to logging for security purposes

Addressing cyber attacks and fraud

• Common cyber attacks: reducing the impact (NCSC)
• Data sharing for the prevention of fraud: code of practice
• Defence cyber protection partnership: an overview
• Denial of service (DOS) guidance (NCSC)
• Digital service security (NCSC)
• The phishing threat following data breaches (NCSC)
• Protecting your organisation from ransomware (NCSC)
• Protecting your service against fraud
• Ransomware: latest NCSC guidance (NCSC)

Securing data and consent

• ‘OFFICIAL SENSITIVE’ data and IT
• Key features and benefits of secure electronic transfer
• Government security classifications
• Data ethics framework
• Protecting bulk personal data - collection (NCSC)
• Securing your information
• Using Transport Layer Security (TLS) to protect data
• Pattern: Safely Importing Data

Digital service security

• Digital service security: designing a secure digital service (NCSC)
• Digital service security: building a secure digital service (NCSC)
• Digital service security: operating a secure digital service (NCSC)
• Securing SaaS tools for your organisation
• SaaS security principles
• SaaS security collection

Email

• Email security standards
• How to ask users for their email address
• How to email your users
• New computerised transit system (NCTS) email: service availability and issues
• Set up government email services securely
• Securing government email
• Use of private emails

Passwords

• Password guidance summary: How to protect against password-guessing attacks (NCSC)
• Password guidance: simplifying your approach (NCSC)
• Multi-factor authentication for online services

Phishing

• The phishing threat following data breaches (NCSC)

Talent acquisition

• Talent action plan: guide for civil servants
• The right people in the right place with the right skills
• Civil service competency framework

Telecommunications

• Resilient communications

User research

• Understanding user needs
• User research for government services: an introduction
• Learning about users and their needs

Published 2 August 2016
Last updated 5 October 2023 + show all updates

1. 5 October 2023

   Added a new section and link for Microsoft 365 Guidance

2. 2 August 2016

   First published.