Technology Assurance Framework
The Technology Assurance Framework was introduced in 2017 to support programmes and projects to deliver successful outcomes. The Framework is intended to improve delivery and ensure that the lessons learned from previous experience are reflected and embedded in future practice.
The framework is managed by the Digital Assurance Office in the Scottish Government.
Engaging with the Digital Assurance Office
The Digital Assurance Office engages with projects in scope to:
- establish points of contact and agree reporting arrangements
- support the development of a integrated assurance and approval plan and timeline
- conduct major project reviews
- assess compliance with the Digital Scotland Service Standard
We also work with the other corporate assurance providers within the Scottish Government’s Directorate for Internal Audit and Assurance, to jointly plan our respective assurance activities and explore opportunities to align project assurance.
Who the Technology Assurance Framework applies to
The Technology Assurance Framework applies to central government organisations, including the Scottish Government. Organisations within scope of the framework must provide the Digital Assurance Office with:
- a named assurance co-ordinator to facilitate adoption of the framework within the organisation and to support reporting arrangements
- information about their IT and digitally enabled projects - it is helpful to let us know about these as early as possible
This information should be emailed to the Digital Assurance Office at firstname.lastname@example.org.
Scope of the Technology Assurance Framework
The Technology Assurance Framework applies to new digital public services and new investments in technology. Its main components are major project reviews and Digital Scotland Service Standard assessments. Routine business as usual activity is not covered by the framework.
Major Project assurance
Major projects are those which meet the definition of a major investment project in the Scottish Public Finance Manual. Major project reviews (stop/go gates) apply at key stages and projects must satisfy the conditions of the review before moving to the next stage.
For each major project you should provide the Digital Assurance Office with:
- a named project contact to co-ordinate assurance activity and provide regular status update reports
- an integrated assurance and approval plan and timeline
- copies of any risk potential assessment forms prepared as part of the assurance obligations set out in the Scottish Public Finance Manual
This information should be emailed to DigitalAssurance@gov.scot.
Major Project Reviews (Stop/Go Gates)
The key stages for assurance set out in the framework cover the following project stages:
- Business justification – to ensure the basis for starting the project is sound, addresses user needs and has a robust, strategic, business case
- Pre-procurement – to test the contracting and procurement strategy and ensure the contractual and commercial risks are understood
- During delivery – to ensure that the project addresses any significant issues expressed in an independent review including cost or time slippage
- Go live – to ensure that systems and business processes are ready for service and capable of delivering
Digital Scotland Service Standard Assessment
New digital services must comply with the Digital Scotland Service Standard.
The appropriate assessment for a service is based on a triage process and the risk/cost ratio for a service. The Digital Assurance Office will complete the triage with the Service Team.
There are three types of assessment:
- Digital Standard Assessment 1 (DSA1) for high risk/cost services which are assessed by an Assessment Team against the full Minimum Evidence Framework
- Digital Standard Assessment 2 (DSA2) for medium risk/cost services which are assessed by an Assessment Team against a reduced Minimum Evidence Framework
- Digital Standard Assessment 3 (DSA3) for low risk/cost services which are assessed by the Digital Assurance Office against a reduced Minimum Evidence Framework – service teams provide the Digital Assurance Office with a written submission, setting out how they comply with the Standard using a supplied template
You can find out more about the triage and assessment process by contacting the Digital Assurance Office at DigitalAssurance@gov.scot.
Arranging an Assurance Review
Ifyou already have an assigned lead from the Digital Assurance Office, you should discuss your assurance requirements with that individual. For any projects that don’t already have an assigned lead, please contact the Digital Assurance Office at DigitalAssurance@gov.scot for more information about applying the technology assurance framework within your project.