File a Confirmation statement Beta Reassessment

The report for the File a Confirmation statement beta reassessment on the 06 April 2022

Service Standard reassessment report

File a Confirmation statement

From: Central Digital & Data Office (CDDO)
Assessment date: 06/04/2022
Stage: Beta
Result: Met
Service provider: Companies House

Service description

The confirmation statement is an annual prompt for companies to check and confirm that their company record is up to date. The service supports this requirement by displaying the current company data within the filing journey and prompting the user to confirm it is correct. The service also acts as the vehicle for the company to pay their annual fee. Where necessary, the service will direct the user to take the appropriate action to update their record. The update journey is not in scope for this service assessment. When a confirmation statement is accepted, it will appear on the company’s filing history on the public record.

Service users

This service is for:

  • Directors of companies who are responsible for maintaining the company data.
  • Presenters acting on behalf of directors such as company secretaries, accountants, solicitors etc.
  • Companies House internal users
  • Search customers – consumers of output data e.g. credit reference agencies, banks, financial institutions

Previous assessment reports

4. Make the service simple to use

Decision

The service has met point 4 of the Standard.

What the team has done well

The panel was impressed that:

  • the flow of the journey has continued to be iterated based on user research and the team plan to continue testing the new ‘update company details’ screen
  • the service no longer uses the Step by Step navigation pattern within the transactional user journey and it’s been replaced with a simple page pattern that follows GOV.UK Design System guidance and makes it easy for users to understand what they need to do

9. Create a secure service which protects users’ privacy

Decision

The service met point 9 of the Standard.

What the team has done well

The panel was impressed that:

  • the team have carried out a risk assessment, threat modelling and had an external pen test
  • the team have taken steps to raise the profile of security within the development process, increasing awareness and clarifying responsibilities for security leadership
  • significant improvements have been made to the validation of inputs and tests put in place for unexpected inputs

What the team needs to explore

Before their re-assessment, the team needs to:

  • continue to improve security awareness and training for the software engineering team in web security vulnerabilities and best practices
  • ensure that shared components created and used within the organisation are subject to the same security considerations and level of risk assessments as the project codebase
  • place a greater emphasis on gathering more detailed evidence to support this point in the next assessment. Consider adding a security architect to the team at the assessment meeting

Updates to this page

Published 18 August 2022