File a Confirmation statement Beta Reassessment
The report for the File a Confirmation statement beta reassessment on the 06 April 2022
Service Standard reassessment report
File a Confirmation statement
| From: | Central Digital & Data Office (CDDO) |
| Assessment date: | 06/04/2022 |
| Stage: | Beta |
| Result: | Met |
| Service provider: | Companies House |
Service description
The confirmation statement is an annual prompt for companies to check and confirm that their company record is up to date. The service supports this requirement by displaying the current company data within the filing journey and prompting the user to confirm it is correct. The service also acts as the vehicle for the company to pay their annual fee. Where necessary, the service will direct the user to take the appropriate action to update their record. The update journey is not in scope for this service assessment. When a confirmation statement is accepted, it will appear on the company’s filing history on the public record.
Service users
This service is for:
- Directors of companies who are responsible for maintaining the company data.
- Presenters acting on behalf of directors such as company secretaries, accountants, solicitors etc.
- Companies House internal users
- Search customers – consumers of output data e.g. credit reference agencies, banks, financial institutions
Previous assessment reports
4. Make the service simple to use
Decision
The service has met point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the flow of the journey has continued to be iterated based on user research and the team plan to continue testing the new ‘update company details’ screen
- the service no longer uses the Step by Step navigation pattern within the transactional user journey and it’s been replaced with a simple page pattern that follows GOV.UK Design System guidance and makes it easy for users to understand what they need to do
9. Create a secure service which protects users’ privacy
Decision
The service met point 9 of the Standard.
What the team has done well
The panel was impressed that:
- the team have carried out a risk assessment, threat modelling and had an external pen test
- the team have taken steps to raise the profile of security within the development process, increasing awareness and clarifying responsibilities for security leadership
- significant improvements have been made to the validation of inputs and tests put in place for unexpected inputs
What the team needs to explore
Before their re-assessment, the team needs to:
- continue to improve security awareness and training for the software engineering team in web security vulnerabilities and best practices
- ensure that shared components created and used within the organisation are subject to the same security considerations and level of risk assessments as the project codebase
- place a greater emphasis on gathering more detailed evidence to support this point in the next assessment. Consider adding a security architect to the team at the assessment meeting