Development stages
GCDigital Tools
1. Design with users
1.1 Research with users to understand their needs and the problems we want them to solve
Checklist
Alpha stage
- Put in place a plan to pay for user research throughout the design of the service and after it's built
-
Interview potential users to help develop the following for the service:
- User goals (e.g., As a [user type], I want [some goal] so that [some reason])
- User personas (e.g., based on habits, personality, attitudes and motives)
- User profiles (e.g., based on demographics such as gender, age, location, income and family size)
- Use a range of qualitative and quantitative research methods to determine people's goals, needs, and behaviours
- Create and maintain a list of priority tasks that users are trying to accomplish (i.e., "user stories")
- Document all end-to-end user journeys, including journeys that involve multiple services and external services
- Understand how will users interact with the service, optimizing the experience for online and offline interactions
Implementation guides
Alpha stage
1.2 Conduct ongoing testing with users to guide design and development
Checklist
Beta stage
- Use qualitative and quantitative data to help improve your understanding of user needs and identify areas for improvement
- Regularly test with users when building the service and after the service has been launched to ensure it meets the needs of user and to identify any parts of the service that users may find difficult
- Continuously measure client experience and create a customer-prioritized improvement plan. (2. Product management, not just project management. (Assess - Digital Design Playbook (ISED)))
-
Test with clients and others (1. Test the service before launching the service. (Assess - Digital Design Playbook (ISED)))
- You need to ensure that the service works from technical perspective and from the perspective of the user and the service provider (including the help desk agent who assists clients when they face challenges using the service). By testing with a diverse group and different type of users, you can capture a more comprehensive understanding of how your service is working.
- Make sure the participants are representative of your clients.
- Utilize user experience testing services offered by the Chief Information Office and the Communications team
-
Plan and deliver client testing cycles (1. Test the service before launching the service. (Assess - Digital Design Playbook (ISED)))
- Pilot your test: Make sure it all works
- Implement the test.
- Test often (e.g., six month or yearly intervals), apply the findings and keep on testing.
- Regularly assess the service, indentifying and fixing problem areas that are degrading the user experience
- Regularly measure how well the service is meeting user needs at each step of the service and for the end-to-end experience
- Provide a mechanism for users to provide feedback and to address service issues in a timely manner (as required by the Policy on Service).
Live stage
- Use qualitative and quantitative data to help improve your understanding of user needs and identify areas for improvement
- Regularly test with users when building the service and after the service has been launched to ensure it meets the needs of user and to identify any parts of the service that users may find difficult
- Continuously measure client experience and create a customer-prioritized improvement plan. (2. Product management, not just project management. (Assess - Digital Design Playbook (ISED)))
-
Test with clients and others (1. Test the service before launching the service. (Assess - Digital Design Playbook (ISED)))
- You need to ensure that the service works from technical perspective and from the perspective of the user and the service provider (including the help desk agent who assists clients when they face challenges using the service). By testing with a diverse group and different type of users, you can capture a more comprehensive understanding of how your service is working.
- Make sure the participants are representative of your clients.
- Utilize user experience testing services offered by the Chief Information Office and the Communications team
-
Plan and deliver client testing cycles (1. Test the service before launching the service. (Assess - Digital Design Playbook (ISED)))
- Pilot your test: Make sure it all works
- Implement the test.
- Test often (e.g., six month or yearly intervals), apply the findings and keep on testing.
- Regularly assess the service, indentifying and fixing problem areas that are degrading the user experience
- Regularly measure how well the service is meeting user needs at each step of the service and for the end-to-end experience
- Provide a mechanism for users to provide feedback and to address service issues in a timely manner (as required by the Policy on Service).
Implementation guides
Beta stage
Live stage
2. Iterate and improve frequently
2.1 Develop services using agile, iterative and user-centred methods
Checklist
Alpha stage
- work in an agile way, using agile tools and techniques, and continue to do so when the service is live (Digital Service Standard (Ontario / UK / AU))
- ensure the team reviews and iterates the ways problems are fixed (Digital Service Standard (Ontario / UK / AU))
- show that your service governance is agile, based on clear and measurable goals (Digital Service Standard (Ontario / UK / AU))
- explore design options for your prototype and explain why some are discarded (Digital Service Standard (Ontario / UK))
-
When iterating, focus on workable solutions over comprehensive documentation. (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Having a workable solution that can be tested and validated will give you useful information for improving your service. Whenever possible, focus on results rather than unnecessary documentation and reporting (while staying within policy and regulatory limits).
-
When you can, use agile tools and techniques. (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Techniques can include: daily stand ups, issue trackers, code reviews, rapid prototyping, design sprints, usability testing, user stories, retrospective meetings.
- make sure you have the ability to deploy software frequently with minimal disruption to users (Digital Service Standard (UK))
Beta stage
- work in an agile way, using agile tools and techniques, and continue to do so when the service is live (Digital Service Standard (Ontario / UK / AU))
- ensure the team reviews and iterates the ways problems are fixed (Digital Service Standard (Ontario / UK / AU))
- show that your service governance is agile, based on clear and measurable goals (Digital Service Standard (Ontario / UK / AU))
- explore design options for your prototype and explain why some are discarded (Digital Service Standard (Ontario / UK))
-
When iterating, focus on workable solutions over comprehensive documentation. (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Having a workable solution that can be tested and validated will give you useful information for improving your service. Whenever possible, focus on results rather than unnecessary documentation and reporting (while staying within policy and regulatory limits).
-
When you can, use agile tools and techniques. (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Techniques can include: daily stand ups, issue trackers, code reviews, rapid prototyping, design sprints, usability testing, user stories, retrospective meetings.
- make sure you have the ability to deploy software frequently with minimal disruption to users (Digital Service Standard (UK))
Live stage
- work in an agile way, using agile tools and techniques, and continue to do so when the service is live (Digital Service Standard (Ontario / UK / AU))
- ensure the team reviews and iterates the ways problems are fixed (Digital Service Standard (Ontario / UK / AU))
- show that your service governance is agile, based on clear and measurable goals (Digital Service Standard (Ontario / UK / AU))
- explore design options for your prototype and explain why some are discarded (Digital Service Standard (Ontario / UK))
-
When iterating, focus on workable solutions over comprehensive documentation. (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Having a workable solution that can be tested and validated will give you useful information for improving your service. Whenever possible, focus on results rather than unnecessary documentation and reporting (while staying within policy and regulatory limits).
-
When you can, use agile tools and techniques. (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Techniques can include: daily stand ups, issue trackers, code reviews, rapid prototyping, design sprints, usability testing, user stories, retrospective meetings.
- make sure you have the ability to deploy software frequently with minimal disruption to users (Digital Service Standard (UK))
- make sure deployments have zero downtime in a way that doesn't stop users using the service (Digital Service Standard (UK))
- make sure you have enough staff to keep improving the service (Digital Service Standard (UK))
2.2 Continuously improve in response to user needs
Checklist
Alpha stage
- analyze user research and use it to improve your service (Digital Service Standard (UK))
Beta stage
- analyze user research and use it to improve your service (Digital Service Standard (UK))
Live stage
- analyze user research and use it to improve your service (Digital Service Standard (UK))
2.3 Try new things, start small and scale up
Checklist
Alpha stage
-
Start with a prototype (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Create a minimum viable product, that is, a version of the service with just enough features to gather insights, test assumptions and inform future improvements. Use the prototype to capture client feedback and then make improvements until you have a version that really meets client needs.
Beta stage
-
Start with a prototype (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Create a minimum viable product, that is, a version of the service with just enough features to gather insights, test assumptions and inform future improvements. Use the prototype to capture client feedback and then make improvements until you have a version that really meets client needs.
Live stage
-
Start with a prototype (3. Apply agile principles and be iterative. (Do - Digital Design Playbook (ISED)))
- Create a minimum viable product, that is, a version of the service with just enough features to gather insights, test assumptions and inform future improvements. Use the prototype to capture client feedback and then make improvements until you have a version that really meets client needs.
3. Work in the open by default
3.1 Share evidence, research and decision making openly
Checklist
Alpha stage
- document where you're getting the data for your metrics (Digital Service Standard (UK))
- set up your analytics package to collect user journey data (Digital Service Standard (UK))
- Publish metrics externally (Digital Services Playbook (US))
- make sure all stakeholders are actively involved in promoting or supporting digital delivery of the new service (Digital Service Standard (UK))
Beta stage
- document where you're getting the data for your metrics (Digital Service Standard (UK))
- set up your analytics package to collect user journey data (Digital Service Standard (UK))
- Publish metrics externally (Digital Services Playbook (US))
- make sure all stakeholders are actively involved in promoting or supporting digital delivery of the new service (Digital Service Standard (UK))
- track people moving from using the offline service to the online one (Digital Service Standard (UK))
Live stage
- document where you're getting the data for your metrics (Digital Service Standard (UK))
- set up your analytics package to collect user journey data (Digital Service Standard (UK))
- Publish metrics externally (Digital Services Playbook (US))
- make sure all stakeholders are actively involved in promoting or supporting digital delivery of the new service (Digital Service Standard (UK))
5. Address security and privacy risks
5.1 Take a balanced approach to managing risk by implementing appropriate privacy and security measures
Checklist
Alpha stage
- Plan recurring interactions with the business and information risk teams to ensure ongoing alignment.
- Integrate a security advisor into the delivery team to support IT security risk management throughout the full delivery of the service.
- Document the protective measures implemented to enable the secure processing and sharing of data and information across government
- Document how the service manages information and records (data) in order to protect their confidentiality and integrity, and ensure their availability.
- Ensure all APIs have appropriate authentication and that only authorized users/services are able to access the information; “open data” APIs are explicitly configured to allow access by all by default.
Beta stage
- Plan recurring interactions with the business and information risk teams to ensure ongoing alignment.
- Where collecting personal information, inform users about privacy rights and protections, and about their right to access and correct their own personal information.
- Use appropriate de-identification strategies to minimize the risk of disclosing personal information.
- Establish a data access audit process to provide assurance to users that their data has not been accessed in an unauthorized manner.
- Incorporate privacy safeguards into partnership and data sharing agreements.
- Ensure that privacy breach protocol is implemented and understood. Federal institutions are required to notify the Office of the Privacy Commissioner of Canada (OPC) and the Treasury Board of Canada Secretariat (TBS) of all material privacy breaches and of the mitigation measures being implemented, if the breach involves sensitive personal information and could reasonably be expected to cause serious injury to the individual.
- Establish terms of services to ensure users understand how their data will be used and how it will be accessed
- Ensure your service has properly documented event management processes, in the event of a data breach or compromise of the integrity of your systems.
- Provide users adequate information (Terms and Conditions / Privacy Agreement) to ensure they fully understand the authority they are providing to 3rd party services.
- Ensure all APIs are developed in alignment with secure connection guidance; APIs should be accessed over HTTPS.
Live stage
- Plan recurring interactions with the business and information risk teams to ensure ongoing alignment.
- Where collecting personal information, inform users about privacy rights and protections, and about their right to access and correct their own personal information.
- Use appropriate de-identification strategies to minimize the risk of disclosing personal information.
- Establish a data access audit process to provide assurance to users that their data has not been accessed in an unauthorized manner.
- Incorporate privacy safeguards into partnership and data sharing agreements.
- Ensure that privacy breach protocol is implemented and understood. Federal institutions are required to notify the Office of the Privacy Commissioner of Canada (OPC) and the Treasury Board of Canada Secretariat (TBS) of all material privacy breaches and of the mitigation measures being implemented, if the breach involves sensitive personal information and could reasonably be expected to cause serious injury to the individual.
- Establish terms of services to ensure users understand how their data will be used and how it will be accessed
- Ensure your service has properly documented event management processes, in the event of a data breach or compromise of the integrity of your systems.
- Provide users adequate information (Terms and Conditions / Privacy Agreement) to ensure they fully understand the authority they are providing to 3rd party services.
- Ensure all APIs are developed in alignment with secure connection guidance; APIs should be accessed over HTTPS.
- Establish agreements with 3rd parties who may benefit from receiving data from your service in accordance with guidance such as the TBS Guidance on Preparing Information Sharing Agreements Involving Personal Information, to ensure they will treat your data with appropriate care.
Implementation guides
Alpha stage
- Information Technology Policy Implementation Notices (ITPIN)
- GC Security Policy Implementation Notices (internal to Government of Canada)
- Security and Identity Management Policy Instruments
- Security Resource Centre
- OPC guidance for federal institutions (Office of the Privacy Commissioner of Canada (OPC))
- Guidance Document: Taking Privacy into Account Before Making Contracting Decisions
Beta stage
- Information Technology Policy Implementation Notices (ITPIN)
- GC Security Policy Implementation Notices (internal to Government of Canada)
- Security and Identity Management Policy Instruments
- Security Resource Centre
- OPC guidance for federal institutions (Office of the Privacy Commissioner of Canada (OPC))
- Guidance on Preparing Information Sharing Agreements Involving Personal Information
- Guidance Document: Taking Privacy into Account Before Making Contracting Decisions
- Guidelines for obtaining meaningful consent (Office of the Privacy Commissioner of Canada (OPC))
- Guidance on inappropriate data practices: Interpretation and application of subsection 5(3) (Office of the Privacy Commissioner of Canada (OPC))
- Direction for Electronic Data Residency
Live stage
- Information Technology Policy Implementation Notices (ITPIN)
- GC Security Policy Implementation Notices (internal to Government of Canada)
- Security and Identity Management Policy Instruments
- Security Resource Centre
- OPC guidance for federal institutions (Office of the Privacy Commissioner of Canada (OPC))
- Guidance on Preparing Information Sharing Agreements Involving Personal Information
- Guidance Document: Taking Privacy into Account Before Making Contracting Decisions
- Guidelines for obtaining meaningful consent (Office of the Privacy Commissioner of Canada (OPC))
- Guidance on inappropriate data practices: Interpretation and application of subsection 5(3) (Office of the Privacy Commissioner of Canada (OPC))
- Direction for Electronic Data Residency
Reusable solutions
Alpha stage
Beta stage
Live stage
5.2 Make security measures frictionless so that they do not place a burden on users
Checklist
Alpha stage
- Where possible, provide users easily-accessible means of authentication (e.g.: biometrics) to your service - take advantage of improvements in consumer technologies.
- Use deployment scripts to ensure configuration of production environment remains consistent and controllable.
- Test and certify components in each layer of the technology stack for security vulnerabilities, and then to re-use these same pre-certified components for multiple services.
- Ensure all APIs are developed in alignment with secure connections requirements from TBS and CSE; all APIs should be accessed over HTTPS only.
- Ensure all APIs have appropriate authentication and that only authorized users/services are able to access the information; “open data” APIs are explicitly configured to allow access by all by default
Beta stage
- Implement an Identity and Access Management (IAM) solution that aligns with trusted digital identity frameworks, such as the Pan-Canadian Trust Framework, for security commensurate to service sensitivity, ID portability across platforms, and authentication and authorization agility.
- Where possible, provide users easily-accessible means of authentication (e.g.: biometrics) to your service - take advantage of improvements in consumer technologies.
- Use deployment scripts to ensure configuration of production environment remains consistent and controllable.
- Test and certify components in each layer of the technology stack for security vulnerabilities, and then to re-use these same pre-certified components for multiple services.
- Ensure all APIs are developed in alignment with secure connections requirements from TBS and CSE; all APIs should be accessed over HTTPS only.
- Ensure all APIs have appropriate authentication and that only authorized users/services are able to access the information; “open data” APIs are explicitly configured to allow access by all by default
- Ensure your digital service offers a quick and easy reporting mechanism, that enables the process of security vulnerability disclosures; alerts should be treated with care and consideration equal to internal evaluations.
- Develop robust IT Continuity plans, including infrastructure and data backups, to ensure that your digital service is able to return to operational status with minimal disruption.
- Document the plan and process for technical updates and support for services/system software
- Leverage existing services and frameworks such as the Pan-Canadian Trust Framework to foster multi-jurisdictional service delivery.
Live stage
- Implement an Identity and Access Management (IAM) solution that aligns with trusted digital identity frameworks, such as the Pan-Canadian Trust Framework, for security commensurate to service sensitivity, ID portability across platforms, and authentication and authorization agility.
- Where possible, provide users easily-accessible means of authentication (e.g.: biometrics) to your service - take advantage of improvements in consumer technologies.
- Use deployment scripts to ensure configuration of production environment remains consistent and controllable.
- Test and certify components in each layer of the technology stack for security vulnerabilities, and then to re-use these same pre-certified components for multiple services.
- Ensure all APIs are developed in alignment with secure connections requirements from TBS and CSE; all APIs should be accessed over HTTPS only.
- Ensure all APIs have appropriate authentication and that only authorized users/services are able to access the information; “open data” APIs are explicitly configured to allow access by all by default
- Ensure your digital service offers a quick and easy reporting mechanism, that enables the process of security vulnerability disclosures; alerts should be treated with care and consideration equal to internal evaluations.
- Develop robust IT Continuity plans, including infrastructure and data backups, to ensure that your digital service is able to return to operational status with minimal disruption.
- Document the plan and process for technical updates and support for services/system software
- Leverage existing services and frameworks such as the Pan-Canadian Trust Framework to foster multi-jurisdictional service delivery.
Implementation guides
Alpha stage
Beta stage
Live stage
Reusable solutions
Alpha stage
Beta stage
Live stage
7. Empower staff to deliver better services
7.1 Make sure that staff have access to the tools, training and technologies they need
Checklist
Alpha stage
- Determine technical choices and programming tools.
- Determine how you will net value for money spent on tools and how you will monitor your service.
Beta stage
- Determine how you will manage limits placed on the service.
- Document purchases and value for money, how you will monitor the service, support arrangements, and the specifics and reasons behind third-party decisions.
Live stage
- Document tech stacks and development toolchain changes made during beta and why.
- Document how you are continuing to get the value for money, how you will check the health of the service, support arrangements that have been set up, and the specifics and reasons behind outsourced decisions.