Central government bodies will have to follow an ‘earned autonomy’ model for their digital spending under the new version of the relevant controls.
The Central Digital and Data Office (CDDO) has published an update – version six – of the digital and technology spend control guidance, along with a series of notes on more specific requirements, including the use of the One Login service and assessments of essential shared data assets.
Changes to the main document include the introduction of the earned autonomy model, whereby departments that can demonstrate high levels of internal assurance capability can be granted higher thresholds for relevant spending.
CDDO, which works within the Cabinet Office, will be in charge of granting the autonomy, and organisations will still need to complete a service assessment where necessary.
Approval to spend will also involve scoring against a risk and importance framework that includes series of questions for digital services, platforms and common components, commodity technology and licences, and specialist technology.
Other new features including spending control requests being made through a digital service rather than by email, and mandatory requirements for spending to align to the Transforming for a digital future roadmap. There have also been updates to simplify processes and guidance.
A Cabinet Office spokesperson said: "The Digital and Technology Spend Control, originally published in 2018, ensures departments and other public bodies spend on digital and technology is in line with government priorities and represents the best value for money.
"The update to the Digital and Technology Spend Control guidance, aligns to our commitments in the Government’s digital future roadmap, and ensures all money spent helps us in achieving this goal, whilst cutting down on bureaucracy and red tape."
The series of guidance notes reiterate various requirements, including plans to use the One Login sign-on – being rolled out by the Government Digital Service – for all public facing services.
Another note states that all essential shared data assets should be assessed for data quality, made findable and be available through APIs. This involves adhering to the minimum data specifications and government API standards, and publishing details of any data quality issues.
Others cover issues such as: avoiding automatic contract extensions; taking steps to prevent technical debt and legacy in digital services; following the Government Cyber Security Standard; and providing quarterly service performance data.
