File A Statement Of Capital Data
The report for Companies House' File A Statement Of Capital Data alpha assessment on the 12th August 2021
Service Standard assessment report
File A Statement of Capital Data
From: | Central Digital & Data Office (CDDO) |
Assessment date: | 12/08/2021 |
Stage: | Alpha |
Result: | Not Met |
Service provider: | Companies House |
Service description
The service allows users to tell Companies House about new shares that have been issued by their company.
Service users
- Directors of companies who are responsible for maintaining the company data.
- Users acting on behalf of directors such as company secretaries, accountants, solicitors etc.
- Companies House internal users
- Search customers – consumers of output data e.g. credit reference agencies, banks, financial institutions, company shareholders
1. Understand users and their needs
Decision
The service did not meet point 1 of the Standard.
What the team has done well
The panel was impressed that:
- the team has segmented users and has a broad understanding of the four user groups they have identified
- the team has used different methods to generate understanding of pain points with current processes
- the team is working with contact centre staff and making good use of insight from within the organisation to help them understand problems users are facing e.g. call listening and research with call centre coaches
What the team needs to explore
Before their next assessment, the team needs to:
- do open-ended research to gain a more contextual understanding of users’ day-to-day routines and behaviours. This might include how third party users use software and their internal systems, the nature of relationships and communication between third party users and their clients. This will help the team ensure they capture and elucidate the wider ecosystem of user needs
- understand user behaviours and motivations, alongside pain points. For example currently there is a novice user persona which covers all company Directors, and expert user persona covers all third party users. The team could consider iterating their personas to reflect an understanding of user behaviour, motivations for channel choice if relevant, as the current approach to personas is by broad user groups
- work together to develop their plan for user research in beta, define their research objectives and research questions. This will help the team focus their research activities and ensure they meet their broader objectives
2. Solve a whole problem for users
Decision
The service did not meet point 2 of the Standard.
What the team has done well
The panel was impressed that:
- the service manager (delegated authority from the Service Owner) is committed to a strategic vision of merging existing paper forms into a single digital service, of which this digital form is the first element
- the team could demonstrate the immediate value of releasing this digital form. The current Webfilings tool is difficult to use, leads to unneeded errors, and excludes some users who must then use paper forms - which require manual processing from internal staff
- the team is working closely with policy to improve language and processes where possible
- the team is investigating journeys from GOV.UK, such as from the company information page and existing forms pages
- the team is working on deciding an appropriate name, through research and running workshops
What the team needs to explore
Before their next assessment, the team needs to:
- test that releasing this new form will not confuse people who are already using Webfilings or 3rd party software tools. In particular, the team needs to check if there are users who will use both the new form and also file yearly confirmation statements using Webfilings
Before the beta assessment, the team should also:
- show the wider strategic plan. In particular the team will need to show a comms plan and for how long the webform will be dual-run with Webfilings. It may be that the service will stay in a long public beta if it is to eventually be part of a single joined-up journey
- use findings from contextual research to show the lived journey of the most important user type from start to finish. Knowing details such as what documents people use to complete the form can help with guidance both before starting the form and while completing it
- explore and test more scenario-based ways for users to find the form, and start from existing entry points before proposing new start pages. For example, the team could try filtering users from the existing ‘Tell Companies House about changes to your limited company’ start page. This could both help users find the right form without learning technical language, and also work towards the strategic vision of all forms being available online in a single place
3. Provide a joined-up experience across all channels
Decision
The service met point 3 of the Standard.
What the team has done well
The panel was impressed that:
- the team knew about the different channels people can use, and problems with them
- the team had ideas about how they would change paper forms and other channels
- the service manager/SRO is also in charge of the call centre and highly incentivised to improve both the digital and the call-centre channels. There is a clear method for feeding data back into improvements to the digital channel
- the team is working closely with the policy team, making changes to guidance off the main service
What the team needs to explore
Before their next assessment, the team needs to:
- have clear plans for keeping channels up to date without potential reputational damage. It wasn’t clear how the team would sequence updating paper forms and 3rd party software APIs as well as the digital service
- have a clearer plan around digital take up. The team will be able to have a better plan if they build on their knowledge of the as-is split of people using channels for particular reasons (in particular, if they use paper as a preference or because they have no other option) with some more detailed analysis
- think about iterating the paper form earlier than the current plans - there may be quick wins on language, but the team may also need to be mindful of print schedules
4. Make the service simple to use
Decision
The service met point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using GOV.UK styles and patterns (such as ‘one thing per page’)
- the team is making an effort to simplify language where possible, and is using Plain English. The team is working with policy to simplify language as well as processes
What the team needs to explore
Before their next assessment, the team needs to:
- test the end-to-end journey, paying particular attention to the Companies’ House common components
- monitor any issues with the authentication feature, particularly where it could pose problems for wider release - this is known to be challenging for businesses and people filling in forms on behalf of someone else
5. Make sure everyone can use the service
Decision
The service met point 5 of the Standard.
What the team has done well
The panel was impressed that:
- the team has done some testing with people with lower digital skills and access needs
- there is an existing support model which the team can use
- the form already has a paper channel which the team will not remove without need
What the team needs to explore
Before their next assessment, the team needs to:
- continue testing with people with access needs
- identity any changes they will need to make to the support model for the new digital form and test them
- continue to monitor existing channels to make sure that they don’t make things worse for some users by introducing changes (for example, dual tracking webfilings and the digital form)
- accessibility test the entire journey, including Companies House shared components
6. Have a multidisciplinary team
Decision
The service met point 6 of the Standard.
What the team has done well
The panel was impressed that:
- the alpha team was entirely civil servants, who were planning to remain with the service into the beta
- the service manager (delegated authority from the Service Owner) is empowered and interested. While there are regular boards, the service manager is able to make decisions. He owns the wider service, particularly call centres, which is a strong incentive to improve the digital service
- the team is working closely with policy, with a policy subject matter expert embedded in the core team
What the team needs to explore
Before their next assessment, the team needs to:
- be careful about the plans for beta, which include a secondary scrum team that is entirely contractors. This presents a risk in terms of sustainability, and also in terms of the two teams working together and sharing information. A proposal that is more of a mix of civil servants and contractors might work better
7. Use agile ways of working
Decision
The service met point 7 of the Standard.
What the team has done well
The panel was impressed that:
- The team had discussed which remote-working tools would work best for them, rather than simply choosing whatever was provided by the organisation
8. Iterate and improve frequently
Decision
The service met point 8 of the Standard.
What the team has done well
The panel was impressed that:
- the service team can easily make changes to the citizen-facing service without having to go through a lengthy change process for the internal legacy system
- the team were able to demonstrate several examples where the prototype had been iterated during alpha in response to user feedback
What the team needs to explore
Before their next assessment, the team needs to:
- make sure they have the capacity to continue to make changes as a result of new strategic thinking while also trying to introduce additional functionality
- try and regularly improve the other elements of the service, particularly the API that allows software users to file from their own system, and the paper form. The panel accepted the team’s rationale that many paper-users will wish to move away from this format to digital, and there are user-based reasons not to change the form without 3 months’ notice, but these users should be given the same opportunities to take advantage of improvements to the service
9. Create a secure service which protects users’ privacy
Decision
The service met point 9 of the Standard.
What the team has done well
The panel was impressed that:
- team is using the encryption for data in transit with TLS and at rest with data stored on MongoDB encrypted volumes
- team has published their GDPR charter: https://www.gov.uk/government/organisations/companies-house/about/personal-information-charter
- team has published their Cookie Policy and Privacy Policy
https://beta.companieshouse.gov.uk/help/cookies
- team has done threat modelling done on the delta process this service depends on
- external tests are consistently run on our CHS service by the NCC Group 3rd party. The same company also performs Pen Tests on our new services as the team proceeds through the Beta lifecycle stages
What the team needs to explore
Before their next assessment, the team needs to:
- team should complete the Security Risk, Threat and Vulnerabilities assessment and the Pen test
10. Define what success looks like and publish performance data
Decision
The service met point 10 of the Standard.
What the team has done well
The panel was impressed that:
- the team have come up with additional sensible KPIs on top of the 4 mandatory ones, and and understand how they will measure them
- the team will draw on the centralised Companies House analyst function, which is mature
- the team have reviewed data from the call centre as part of the alpha, and have some ideas about how to change and monitor user behaviour
What the team needs to explore
Before their next assessment, the team needs to:
- think about other measures, particularly across other channels
11. Choose the right tools and technology
Decision
The service met point 11 of the Standard.
What the team has done well
The panel was impressed that:
- team is using the right set of tools and technologies including the GOVUK design standards, HerokuApp prototyping system, JavaScript with TypeScript for the Web Frontend and the Nunjucks framework is used as the templating engine
- team is using NodeJS as a web server to host the site
- the Jetbrains GoLand IDE (Extended for Node projects) is preferred when working on Node projects for help with intellisense, build tools and library management
- DapperDox and Swagger/OpenAPI 3 is our technical specification tooling to present API documentation both internally and publicly to users.
- MongoDB is used on CHS and Oracle SQL Database on the CHIPS Legacy service
- Redis caching is used as the user session object data access tool, as opposed to accessing the DB each time
- Jira is a work management tool and Confluence is used for documentation, Sharepoint is used from a project management point of view
- Github is the version control system for all our code bases
- team is doing tests on all new code for a complete coverage in terms of Unit and Integration testing, checked by the SonarQube reports
- testers produce Selenium and Karate based automated tests, consistently run before releases are permitted
- load testing is managed by Lead Testers on services to ensure the service scales effectively, identifying issues like memory leaks
What the team needs to explore
Before their next assessment, the team needs to:
- can the team explore the opportunity to replace the Oracle SQL database on CHIPS with open source system
12. Make new source code open
Decision
The service met point 12 of the Standard.
What the team has done well
The panel was impressed that:
- team has published the code in open:
- prototype repository is publicly available, https://github.com/companieshouse/statement-of-capital-prototype-
- team has plans to publish all new services in the public repositories. The team has not identified any issue which would prevent it from coding in the open
- team has plans for adherence to ‘12 factor app’ open standard (https://12factor.net/) as best practice for building applications
- team is using OAuth2 Protocol for authentication
- team is using JSON and YAML as data and infrastructure definitions
13. Use and contribute to open standards, common components and patterns
Decision
The service met point 13 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using the GOV.UK design system and prototyping using the GOV.UK prototype kit
- the team is using shared elements across other forms within Companies House, and aiming to reuse some of their work in other areas
- Team is using common components such as: Company Lookup Service – responsible for a consistent web interface for users to find their company and authenticate against it, Account service – Companies House identity access management service, ERIC – Reverse Proxy for all service requests, responsible for adding user access headers and rate limiting, Transactions API – Acts as the centralised filing system for CHS which manages the filing pipeline through to our CHIPS back-end administration system. This includes notifications, data reporting, save and resume behaviour etc and, CHIPS – Legacy monolith internal administration service. Responsible for examiner’s administration over all filings including case and contact, filing corrections, image generation, response notifications (accepted/rejected to Webfiling and CHS)
What the team needs to explore
Before their next assessment, the team needs to:
- make sure that the shared elements do not compromise usability and accessibility - the team may have to share insights with other teams on journey or content changes
14. Operate a reliable service
Decision
The service met point 14 of the Standard.
What the team has done well
The panel was impressed that:
- team is using Concourse as CI/CD build tool. Docker is used from Dev to Live on all new services to ensure consistent deployments
- Terraform manages the resourcing of new services on AWS as well as consistency in the management of policies and resources associated with that service, abstracted per environment by configuration
- team has plans for 99.9% uptime as it is the same for all other CHS services.
- team has plans that the paper route will still be available as well as the option for software filing through the XMLGateway for professional users.
- team has well established guidelines for outage times, reporting, escalating workflows and call centre for operations
- team is doing audit, monitoring and logging through the use of Matomo as a web analytics tool. Team has plans to produce the dashboards to represent KPIs as well as board reports and service reports to inform changes
What the team needs to explore
Before their next assessment, the team needs to:
- explore how to maintain consistency of language when making changes i.e. internal style guides
Next Steps
[reassessment]
In order for the service to continue to the next phase of development, it must meet the Standard and get GDS spend approvals. The service must be re-assessed against the points of the Standard that are not met at this assessment.
The panel recommends the team sits their next assessment in around [6 - 12] weeks time. Speak to your Digital Engagement Manager to arrange it as soon as possible.
This report will be published on GOV.UK
If there is a factual inaccuracy in the report, contact the assessments team immediately. If the assessments team do not hear from you within 5 working days of sending this report out, it will be published on gov.uk/service-standard-reports as is.