Government technology standards and guidance
This is collated guidance from government websites and independent bodies to help you follow the technology code of practice.
The technology code of practice is a set of criteria to help government design, build and buy technology.
Accessibility
- Making your service accessible: an introduction
- Testing for accessibility
- Designing for different web browsers and devices
- Equality Act 2010
- How to publish on GOV.UK
- Government approach to assisted digital
- Make your public sector website or app accessible
APIs
- API technical and data standards
- API design guidance
- Setting API service levels
- Writing API reference documentation
- How to document APIs
- API documentation for GOV.UK Pay
Application development
- Application development guidance: introduction (NCSC)
- Native or hybrid apps
- Mobile device guidance (NCSC)
- Apple iOS application development guidance (NCSC)
Buying technology
- Choosing technology: an introduction
- CCS aggregation
- Cabinet Office spend controls guidance version 4.0
- Crown Commercial Service (CCS) agreements search
- Commercial operating standards for government
- Common areas of spend: data definitions
- Commercial capability: contract management standards
- Government supplier assurance framework
- How to buy Digital Marketplace services fairly
- How to set your evaluation criteria when buying Digital Outcomes and Specialist services
- Lean sourcing: guidance for public sector buyers
- Public procurement policy
- Public sector discounts for software
- Talking to suppliers before you buy Digital Marketplace services
- Technology service principles
Cloud strategy
- Cloud first policy
- How to assess a hosting business case
- IaaS - Managing your responsibilities (NCSC)
Data protection
General Data Protection Regulation (GDPR)
Data provisioning and usage
Design and build government services
Design principles
Digital inclusion
- Digital inclusion evaluation toolkit
- Digital skills and inclusion policy
- Government digital inclusion strategy
Digital Marketplace
- Digital Marketplace buyers and suppliers information
- Digital Marketplace buyers’ guide
- Digital Marketplace suppliers’ guide
- Digital outcomes and specialist buyers’ guide
- Digital outcomes and specialists templates and legal documents
- eMarketplace: a guide for public sector buyers
- G7 fundamental elements for cyber security
- How Digital Marketplace suppliers have been evaluated
- How to award a contract when you buy services through the Digital Marketplace
- How to manage your digital outcomes and specialists contract
- How to shortlist digital outcomes and specialists suppliers
- How to talk about being a supplier on the Digital Marketplace
- Terms and conditions of Digital Marketplace frameworks
G-Cloud
Digital outcomes and specialists framework
- UK Digital Strategy
- Digital Outcomes and Specialists templates and legal documents
- Digital outcomes and specialists audit trail guidance
- Digital outcomes and specialists suppliers’ guide
- Digital outcomes and specialists: digital specialist roles
- How to answer supplier questions about your outcomes and specialist requirements
- How to evaluate digital outcomes and specialist suppliers
- How to make changes to your published digital outcomes and specialists requirements
- How to score digital outcomes and specialist suppliers
- How to sell your digital outcomes and specialist services
- How to write your requirements for digital outcomes and specialist services
- Ways to assess digital outcomes and specialists suppliers
Digital Service Standard
Digital transformation
- Digital Economy Act 2017
- Organisational design for digital delivery
- Government transformation strategy
- UK Digital Strategy
- Make video conferencing tools work across government
Emerging technologies
- Growing the artificial intelligence industry in the UK (DCMS & BEIS)
- AI in the UK: ready, willing and able? (House of Lords)
- Distributed ledger technology: Blackett review (Government Office for Science)
- Quantum technologies: Blackett review (Government Office for Science)
End user devices
GOV.UK Notify
GOV.UK Pay
GOV.UK Proposition
GOV.UK Platform as a Service (PaaS)
GovWifi
- Connect to GovWifi
- Connect to GovWifi using a Mac, iMac or Macbook
- Connect to GovWifi using a Windows device
- Connect to GovWifi using an iPhone or iPad
- Create a new GovWifi installation
- Terms and conditions for connecting to GovWifi
Green technology
- A Guide to financing energy efficiency in the Public Sector
- Energy Performance Contract (EPC)
- Greening Government Commitments 2016 to 2020
- The greening government: sustainable technology strategy 2020
- Greening government: ICT and digital services strategy 2020-2025
Hosting your service
- Deciding how to host your service
- Get a service domain name
- Managing service domains
- The Crown Hosting data centres framework on the Digital Marketplace
Identity assurance
- Introduction to identity and access management (NCSC)
- Multi-factor authentication for online services (NCSC)
- Biometric recognition and authentication systems (NCSC)
- Setting up two-factor authentication (2FA) (NCSC)
Job roles
Legacy
- Managing legacy technology
- Obsolete platforms security guidance (NCSC)
- Moving away from legacy systems
Managing government websites
- GOV.UK proposition
- Content design: planning, writing and managing content
- Naming and registering government websites
- Open central government websites
- Request an exemption from GOV.UK
Microsoft 365 Guidance
Networking
- 10 steps: network security (NCSC)
- Government network policy changes
- Provisioning and securing security certificates (NCSC)
- How to install network infrastructure in shared buildings
- Sharing workplace wireless networks
Open source
- Open government
- Open Source Initiative
- Making new source code open by default
- When code should be open or closed
- Security considerations when coding in the open
Open standards
- Open Data Charter
- Open formats implementation plan
- Open standards for government data and technology
- Open standards principles
- Procurement policy note 07/15: open standards for technology
- Working with open standards
Performance platform
Public Service Network (PSN)
PSN certification
- Access or provide PSN services and connectivity
- Apply for a GCN connectivity service compliance certificate
- Apply for a PSN connection compliance certificate
- Apply for a PSN connectivity service compliance certificate
- Apply for a PSN service provision compliance certificate
Connect and configure PSN systems
- Connect and configure your systems to PSN
- Connect and configure your systems to the Public Services Network
- IT Health Check (ITHC): supporting guidance
PSN compliance
- Find out about PSN compliance
- PSN Code of Connection (CoCo)
- PSN Code of Interconnection (CoICo)
- PSN Code of Practice (CoP)
- PSN Compliant services
- PSN Connectivity services
- PSN governance obligations for all connectivity services
PSN forms
PSN allocation and management
- PSN incidents and problems
- PSN IP address allocation
- PSN IP address management
- PSN management information requirements
- PSN management information requirements for GCNSPs
- PSN network architecture
- PSN obligations
- PSN Quality of Service (QoS) specification
- PSN Quality of Service (QoS) testing and reporting
- PSN service management good practice
- PSN service management obligations for GCN services
- PSN standard terms and conditions
- PSN Virtual Points of Connection (VPoCs)
- Public Services Network (PSN): Deed of Undertakings (DoU)
Registers
- Becoming a custodian
- Creating a register
- Introducing registers
- Registers guidance
- Using registers to build a service
Risk management
- Risk management guidance (NCSC)
- Management of risk in government: summary
- System administration architecture (NCSC)
Smarter working
Security
Standards and regulations
- Minimum Cyber Security Standard
- NCSC NIS guidance
- Payment Card Industry Data Security Standard
- General Data Protection Regulation
- ISO/IEC 27001 Information Security Management
- Cyber Essentials Scheme
Cloud security
- Introduction: understanding cloud security (NCSC)
- Implementing the cloud security principles (NCSC)
- Using cloud tools securely
- Managing the risk of cloud-enabled products (NCSC)
- Securing your cloud environment
Cyber security
- 10 steps to cyber security (NCSC)
- 10 steps: incident management (NCSC)
- 10 steps: malware prevention (NCSC)
- 10 steps: managing user privileges (NCSC)
- 10 steps: monitoring (NCSC)
- 10 steps: removable media controls (NCSC)
- 10 steps: user education and awareness (NCSC)
- Cyber security guidance for business
- Cyber security regulation and incentives review
- Cyber security supplier to government scheme
- Internet edge device security (NCSC)
- Investigatory Powers Act
- Security governance, enabling sensible risk management decisions & communication (NCSC)
- Transaction monitoring for HMG online service providers
- Working with cookies and similar technologies
- Introduction to logging for security purposes
Addressing cyber attacks and fraud
- Common cyber attacks: reducing the impact (NCSC)
- Data sharing for the prevention of fraud: code of practice
- Defence cyber protection partnership: an overview
- Denial of service (DOS) guidance (NCSC)
- Digital service security (NCSC)
- The phishing threat following data breaches (NCSC)
- Protecting your organisation from ransomware (NCSC)
- Protecting your service against fraud
- Ransomware: latest NCSC guidance (NCSC)
Securing data and consent
- ‘OFFICIAL SENSITIVE’ data and IT
- Key features and benefits of secure electronic transfer
- Government security classifications
- Data ethics framework
- Protecting bulk personal data - collection (NCSC)
- Securing your information
- Using Transport Layer Security (TLS) to protect data
- Pattern: Safely Importing Data
Digital service security
- Digital service security: designing a secure digital service (NCSC)
- Digital service security: building a secure digital service (NCSC)
- Digital service security: operating a secure digital service (NCSC)
- Securing SaaS tools for your organisation
- SaaS security principles
- SaaS security collection
- Email security standards
- How to ask users for their email address
- How to email your users
- New computerised transit system (NCTS) email: service availability and issues
- Set up government email services securely
- Securing government email
- Use of private emails
Passwords
- Password guidance summary: How to protect against password-guessing attacks (NCSC)
- Password guidance: simplifying your approach (NCSC)
- Multi-factor authentication for online services
Phishing
Talent acquisition
- Talent action plan: guide for civil servants
- The right people in the right place with the right skills
- Civil service competency framework
Telecommunications
User research
Updates to this page
Published 2 August 2016Last updated 5 October 2023 + show all updates
-
Added a new section and link for Microsoft 365 Guidance
-
First published.