Create and manage DDT standards
Guidance and information to create and manage DDT standards.
Overview
DfE standards are established norms or requirements that we must comply with, to enact policies.
They often define products or actions required, and may suggest patterns, processes and components for their implementation.
Standards should be accessible to teams so they can understand and plan for delivery obligations. They are enforceable, meaning compliance can be objectively assessed. Standards must also be actionable, achievable, and ideally driven by policy intent.
New standards are identified and managed through a lifecycle process, with all standards reviewed at least annually. They can be superseded or retired. Typically, standards fall into the following 3 categories based on a hierarchy of needs.
Legal and regulatory obligations
These are non-negotiable.
They are mandated by law. Organisations must comply or face serious consequences.
Examples include ICO policies for the UK GDPR (General Data Protection Regulation) or the Public Sector Bodies (Websites and Mobile Applications)(No. 2) Accessibility Regulations 2018.
Industry standards
These can be influenced and must be followed, where mandated.
Established by industry bodies and adopted by the organisation, they offer potential for interoperability and resource sharing across organisations. Although, they require active monitoring as fall outside the organisation's control.
Examples include the Government Service Standard, Technology Code of Practice, Algorithmic Transparency Recording Standard, or ISO 27001 for Information Security Management.
Organisational standards
These are decided internally based on business aspirations.
Examples include selection of standard technology products to support portfolio consolidation. DfE's technical standards are now stored in Find and use DDT standards.
Managing these standards requires processes to handle exceptions, grant exemptions, and update them as needed over time.