Government of Canada Digital Standards: Playbook
Improving government services in the Digital Age
Our goal is to provide public services to Canadians which are simple to use and trustworthy. The Government of Canada’s Digital Standards form the foundation of the government’s shift to becoming more agile, open, and user-focused. They will guide teams in designing digital services in a way that best serves Canadians.
These digital standards were co-created with the public and key stakeholder groups. They are living standards and they will continue to evolve over time as we better understand the complexities involved in putting them into practice.
This guidance is aspirational. The behavioural guidance outlined below promotes ways of working in alignment with the Digital Standards. It is not a list of behaviours that is expected to reflect how the government presently operates. While teams are not expected to, at present, strongly align with all subsequent guidance, teams are expected to assess themselves and each other against the below guidance and strive to better align themselves. Teams are encouraged to make note of any questions they have, as well as any challenges they’ve encountered while trying to align with the Standards. The Digital Change Sector at TBS is available to help teams find colleagues with experience and expertise in particular areas associated with a Standard and can put you in touch for coaching, advice and learning opportunities. Experiences should be shared publicly online. What is the story of your journey to align your work to the GC Digital Standards?
The guidance does not include implementation details, such as specific frameworks of methodologies, even if such details exist in current policy instruments. For specifics, please refer to existing policy instruments, such as the Policy on Service and Digital.
Format: Each standard is subdivided into two sections.
- Aligned Behaviour: examples of behaviours that align with the Standard.
- Misaligned Behaviours: examples of behaviours which go against the spirit of the Standard.
Each section should be considered to contain lists of examples of aligned and misaligned behaviours, rather than exhaustive lists of behaviours.
- provision of a specific final output that addresses one or more needs of an intended recipient and contributes to the achievement of an outcome.
- a group of people who work together daily over prolonged periods of time and have their work prioritized by the same person.
- Data Steward:
- Data users who implement enterprise data governance and principles to control the use and maintenance of data assets.
Design with users
Research with users to understand their needs and the problems we want to solve. Conduct ongoing testing with users to guide design and development.
Guidance: Design with users
Services should not be built based on internal constraints or complexities of government, they should be built to address the needs of users. In order to deliver value to users, one must understand and prioritize their needs. Everything is a hypothesis until tested with the users of services.
To validate one's hypotheses, one must validate their assumptions through direct and frequent interactions with those who will be using the services. Users may be members of the public, or government employees or a combination thereof. Keeping in mind that users will come from diverse backgrounds, varying in location, experience, knowledge, and abilities, requirements for services are built first and foremost with the needs of all users. When designing services, one must take a holistic approach to service delivery -- from each member's individual contributions to the end goal, as defined by user requirements.
- End-user feedback is used to establish the requirements of our service(s).
- Our team has processes or tools in place for user feedback, including anonymous user feedback, to be incorporated into the design of the service.
- Our team conducts user research prior to deciding upon a given implementation.
- Our team has tested our primary systems in the users’ context with a wide range of users including users with varying needs and representing diverse backgrounds.
- Our team considers user needs and feedback in defining key service metrics.
- Our team uses automation to anticipate and detect operational or quality-of-service issues before our users tell us.
- Our team has within it, or direct access to, the expertise required to conduct user research and usability testing.
- Our team receives requirements through extensive documentation and builds against them.
- Our team does not involve internal or external users to collaborate on the design of the service.
- The technical development resources or IT senior management are prioritizing features.
- Our team's prioritization of tasks is driven by senior management.
- Senior executives and teams rely exclusively on desk-based research, or other proxy sources of information to inform policy, program and/or service design.
Iterate and improve frequently
Develop services using agile, iterative and user-centred methods. Continuously improve in response to user needs. Try new things, start small and scale up.
Guidance: Iterate and improve frequently
In contrast to high risk and long lead time ‘big bang’ deployments, working services must be put in the hands of users as early as possible to get rapid feedback. Said feedback is then used to iterate upon to improve the service.
One sets a north star to define a clear direction, then begins iterating towards this north star, keeping in mind that the path is not clear, and unexpected circumstances will require adjustments to be made along the way. By leveraging modern technologies and modern approaches to working, risk can be reduced by limiting the size of changes and increasing their frequency. Processes should empower teams to deliver value to services as often as possible, rather than increase risk by creating prolonged processes that use documentation in place of demonstrably functioning software. Focus on working software over comprehensive documentation and remember that perfect is the enemy of good.
- There are processes in place to prioritize and implement feedback from peers, stakeholders and end-users.
- When a new or updated service or feature is being created our team understands the minimum requirements for the system to be of value to users.
- Our team experiments with new approaches based on team reflections, lessons learned, and user feedback.
- Our team collects metrics to improve upon which are used throughout the development and lifecycle of the service.
- When resolving problems our team dedicates time to identify the root cause of the issue and address it.
- Our team is relentlessly inspecting, adapting, and automating their processes to increase the speed at which our team can deliver value to users.
- Our team has access to environments and resources to allow for rapid prototyping while initial requirements are being sought.
- Our team embraces learning about and using new digital skills, approaches, and tools to incorporate into our daily work.
- Our team only shares their work once it has been finalized and approved.
- Decisions regarding the direction of our team are made without reference to any collected performance metrics.
- Our team identifies solutions before it is clear what outcomes our team is working towards and how to measure them.
- Processes are rarely, if ever, reviewed to find and implement efficiencies.
- Our team must wait for the project to be approved and funded prior to environments being made available to teams to begin experimenting with solutions.
- Our team fully architects the end to the service delivery solution prior to starting to build.
Work in the open by default
Share evidence, research and decision making openly. Make all non-sensitive data, information, and new code developed in delivery of services open to the outside world for sharing and reuse under an open licence.
Guidance: Work in the open by default
Working in the open increases the transparency of services, increases trust in government, creates an ecosystem that promotes innovation, prevents needing to reinvent the wheel by increasing collaboration within, and external to, government. Working in the open promotes understanding of government processes and services and creates an environment whereby innovation can take place throughout the Government of Canada and through non-governmental organizations leveraging the government data and information to improve service delivery for Canadians.
This way of working aligns Canada with the Digital Nations Charter, of which it is a signatory and promotes “transparency and citizen participation and uses open licences to produce and consume open data”, and the Open Data Charter. Further, by working in the open the Government of Canada can increase its reuse of existing public solutions and allow others to reuse work conducted by the Government of Canada.
- Teams continually makes all non-sensitive and non-personal data, information, and new code publicly available, or at a minimum accessible across the GC, for sharing and reuse.
- Our team contributes back to the public projects from which they borrow content.
- Our team tracks and makes public the metrics upon which our team measures its success.
- Our team tracks, and makes publicly available, or at a minimum accessible across the GC, information regarding how often a change to our services fails (e.g., the deployment or rollout of a service or feature experiences issues or complications).
- Our team makes visual displays which show what they’re working on and the status of their work available publicly, or at least throughout the Government of Canada.
- Our team publicly documents, including examples of reuse, how others can use their service’s APIs, open data, or information.
- All of the team's work is done on systems behind the corporate firewall.
- The work of our team has permissions set so that only members of our team can access the team's work.
- Our team does not contribute to, or collaborate on, work being done by our colleagues.
- Team applies blanket security classification for the digital system to all data stored by the application.
- Our team has no process by which to declassify and release records when they are no longer protected or classified.
- The documentation for our APIs is only available to internal approved consumers.
Use open standards and solutions
Leverage open standards and embrace leading practices, including the use of open source software where appropriate. Design for services and platforms that are seamless for Canadians to use no matter what device or channel they are using.
Guidance: Use open standards and solutions
To maintain the trust of Canadians, the government must continually learn and improve by embracing leading practices to simplify access to government services to match the rising expectations of Canadians.
In alignment with the Digital Nations Charter, which calls for both the use of Open Standards and Open Source, this Digital Standard aligns with the ultimate Digital Vision which reads, “The Government of Canada is an open and service-oriented organization that operates and delivers programs and services to people and businesses in simple, modern and effective ways that are optimized for digital and available anytime, anywhere and from any device.” By leveraging open source software, and leveraging open standards and solutions, the Government of Canada can mitigate vendor lock-in and expand its vendor pool from which to acquire digital services.
- Our team prioritizes solutions using open standards over solutions that do not.
- Team members give back to the open source community as active contributors.
- Our team designs their services to be interoperable with other services.
- When searching for a new product, service or solution, our team considers open source solutions.
- Our team supports clients using any device, from anywhere and at any time.
- Our team renews existing contracts with vendors without first investigating open source tooling.
- Our team does not have the competencies within it to deliver its services without the help of consultants or closed source vendor software.
Address security and privacy risks
Take a balanced approach to managing risk by implementing appropriate privacy and security measures. Make security measures frictionless so that they do not place a burden on users.
Guidance: Address security and privacy risks
Digital services are core to service delivery, and they must securely store and manage the information of Canadians to maintain trust in government services.
Security and privacy should be taken as a consideration from the onset of work for a given service, in alignment with Iterate and Improve. The implementation of security and privacy controls should be considered part of daily work. Similarly, processes should promote and monitor the continuous implementation of security and privacy controls throughout the lifecycle of a service. This will demonstrably increase the security and privacy posture of digital services by leveraging automated testing and real time reporting and monitoring over anecdotal document-heavy manual processes. Said processes, and the security and privacy controls themselves, should be frictionless, ensuring that services are designed first and foremost for users, not to satisfy existing legacy government procedures, tooling, or processes. Furthermore, by creating frictionless processes and permitting services to be iterated and improved upon quickly, the government is better situated to respond quickly to security or privacy risk. By responding to these operational needs within hours or minutes rather than months, the government can improve its security and privacy posture.
- Our team considers security and privacy throughout the service design process.
- When implementing or enforcing security or privacy controls, our team takes into consideration how they would impact the quality or efficiency of the service and how it will impact the end users of the service.
- Security measures are frictionless so that they do not place a burden on users.
- Our team has privacy and security knowledge and understanding as a competency within the team.
- The service has implemented automated security checks and privacy protections include role-based access and audit functions against the service.
- There are procedures and processes in place to quickly respond to security or privacy breaches or incidents.
- Team has no internal privacy or security knowledge, relying on other teams to identify nearly all security or privacy controls and best practices.
- The core services upon which our team works have no automated security checks or privacy protections.
- Our team relies on security through obscurity, hiding services or information rather than improving the security posture of the service.
- Our team implements or enforces security or privacy controls without considering the impact on service usability.
Build in accessibility from the start
Services should meet or exceed accessibility standards. Users with distinct needs should be engaged from the outset to ensure what is delivered will work for everyone.
Guidance: Build in accessibility from the start
Quality should be built in from the start, preventing the need to revisit previously implemented components due to issues, such as accessibility. The faster and earlier issues are found the less costly they are to fix.
Accessibility in Canada is about creating communities, workplaces and services that enable everyone to participate fully in society without barriers. The Government of Canada is committed to taking a proactive and systemic approach for identifying, removing and preventing barriers to accessibility without delay complementing the rights of persons with disabilities under the Canadian Human Rights Act. To meet these commitments, accessibility should be a consideration throughout the service development lifecycle. This requires that accessibility be monitored and built into our processes to continually promote alignment with accessibility standards. While iterating and improving frequently and designing with users, accessibility should be a key consideration, and become a source of work items throughout the service design lifecycle. When designing with users, efforts should be made to identify a wide variety of users with a wide variety of needs, to ensure accessibility standards are met or exceeded.
- Starting at the outset, our team's service and platform design continually considers the lowest levels of digital skill, confidence and access.
- Our team understands how to make their services or products accessible.
- Our team considers accessibility throughout the service design process.
- Research and testing are conducted to ensure our service is accessible to people of all abilities no matter how, where, or when they access the service.
- Our team conducts ongoing user research with users with low level digital literacy, people with disability, and people from different cultural and linguistic backgrounds.
- Our team implements automated accessibility checks for our services.
- Our team has no competency with accessibility and relies on another team to identify accessibility shortcomings.
- Accessibility compliance is added at the end of the development cycle in order to pass compliance checks or audits.
Empower staff to deliver better services
Make sure that staff have access to the tools, training and technologies they need. Empower the team to make decisions throughout the design, build and operation of the service.
Guidance: Empower staff to deliver better services
To promote innovation and create agility within our organizations the teams that makeup our organizations must be empowered. Innovation increasingly flows from the bottom up rather than from the top down, and to benefit from this trend teams must be empowered.
Don’t hire good people to tell them what to do, hire good people to have them tell you what to do. The government manages large, highly complex and crucially important services for their users. A top-down command and control approach to service delivery and designs enforces a structure that aligns to the structure itself, rather than to the needs of the users, or based on the expertise of those building the services. Rather than bringing information to authority, bring authority to the information. Those best suited to solve a given problem, are those closest to the problem. By removing decision-making authority from the teams into complex governance structures, the innovative potential of teams is mitigated by legacy governance procedures and processes. To create organizations that can iterate and improve frequently, teams must be empowered to make decisions for themselves. Complex architectures that are responsive to the needs of users, including users within the organization, are emergent and are not derived through the compilation of hypotheses lacking the expertise of those closest to the complex problems needing to be solved.
- Team members self-organize and self-manage through self-assigning tasks.
- Team members meet with liberty to openly discuss challenges without fear of blame or reproach.
- Team members feel safe to challenge the status quo.
- Our team values learning as part of daily work.
- Team members can articulate how their work contributes to business outcomes.
- Our team can choose the tools they use to deliver their service.
- Our team's management actively removes impediments that prevent the team from focusing on delivering value.
- Our team has access to environments to experiment with new approaches, tooling, or solutions.
- Our team feels their feedback is valued.
- Failures are treated in our team as opportunities to improve and learn.
- Work is assigned directly to members of our team from management.
- Our team is required to get a series of approvals prior to being able to make routine changes to their service.
- Learning in our team is largely done through week or day long courses periodically throughout the year.
- Our team is unable, or finds it difficult, to acquire productivity tooling.
- Our team does not have access to Software as a Service (SaaS) productivity tools as they are blocked by the department.
- On our team, learning through reading books, blogs, or watching videos, talks, or tutorials is not viewed as work.
- Our team has restricted access to tools, training and software based on job classification.
Be good data stewards
Collect data from users only once and reuse wherever possible. Ensure that data is collected and held in a secure way so that it can easily be reused by others to provide services.
Guidance: Be good data stewards
Good data stewardship is required to ensure data is clean, reusable, and managed responsibly to be leveraged for data driven decision making and promote reuse of information rather than duplication of efforts.
This involves managing data and information responsibly and securely, which supports the sharing and reuse of data throughout the Government of Canada and through promoting its use through innovative new solutions within the private sector. In alignment with working in the open by default, data and information should be published to be readable, by humans or by machines by publishing well organized data in machine readable formats. In alignment with iterating and improving frequently, efforts should be made to continually improve the quality of the data, and the quality of the processes used to manage and publish said data. Further, by working in the open by default and properly managing data and information sources, issues such as duplication of data and information and rework can be mitigated, while promoting the creation of innovative solutions which are able to leverage information collected and published by the government.
- Our team strives to leverage data to continuously improve decision-making, operations, or service delivery.
- Our team identifies what data is needed to support decision-making, operations, or service delivery and reuses existing data as appropriate before acquiring new data.
- Our team strives to identify and remove barriers to data sharing and release.
- Our team ensures that users of our services can make corrections to their personal information.
- Our team publishes data and information on the open government portal.
- Our team publishes data in plain language and machine-readable formats.
- Our team has clearly defined roles, responsibilities, and accountabilities for data and information management and use.
- Our team captures appropriate metadata to provide context for the information and data we create and capture, thereby enabling its discovery and reuse by others.
- Our team has processes in place to regularly assess, maintain, and improve data quality.
- Our service has in place processes for ensuring proper management of information and data prior to being collected, used, disclosed, retained, disposed of, or declassified.
- Our team ensures that information and data of business value are saved in systems where it can be properly managed.
- Our team has processes in place for determining the classification of data and information.
- Our team is aware of which information and data has business value and prioritizes its management.
- Our team, or the service our team manages, asks users for the same information more than once.
- The service, or services, our team is responsible for collects all the data or information required without reusing existing data or information.
- The documentation for our APIs is only available to internal approved consumers.
- Our team does not have the data it needs to make informed policy, program, or service decisions.
Design ethical services
Make sure that everyone receives fair treatment. Comply with ethical guidelines in the design and use of systems which automate decision making (such as the use of artificial intelligence).
Guidance: Design ethical services
Designing ethical systems means that systems created by the government ensures that everyone receives equitable treatment.
Services should address client needs and provide public benefits. In the digital age, the underlying systems that run Canada’s services come to conclusions that can be opaque to both the external users, and those managing the systems. Efforts are required to increase the transparency and address potential biases of computational decisions, and to ensure that decisions made or supported using these systems are legal, consistent, accurate and align with the expectations and intents of those managing them. The responsible use of automated-decision systems includes being open about their use and being able to explain how decisions are made. Through iterative service design where results are continuously monitored against expected and desired outcomes, the organization positions itself to ensure it is designing ethical services. Furthermore, with extensive monitoring solutions, one must ensure their services are not enforcing biases, whether conscious or unconscious.
- Our team continually seeks out indicators of bias and ensures their services are not reinforcing unintended biases.
- Our team continually seeks out evidence of unintended consequences to the user in service design and delivery and works to mitigate these consequences for the user.
- When automated decision-making is being leveraged by our team, possible biases in the data and algorithms are acknowledged, accounted for, and mitigated.
- Our team designs services which address cultural, linguistic, geographical, disability, technological, socioeconomic, or other access barriers to uptake.
- Our team has considered the impacts of decisions on the users and negative outcomes are reduced, when encountered.
- Our team uses data in a manner consistent with the purpose of its collection.
- No training is provided to our team regarding the potential impacts of the service they are designing or delivering.
- Our team conducts little to no monitoring of outcomes of the service to identify implicit bias.
- Our team delegates ethical analysis to a vendor or external service, without direct accountability to management.
- Our team designs and deliver services without fully considering relevant legislation
- Our team delivers services without assessing the impacts of negative outcomes.
Create multidisciplinary teams with the range of skills needed to deliver a common goal. Share and collaborate in the open. Identify and create partnerships which help deliver value to users.
Guidance: Collaborate widely
Collaborating widely allows us to learn from others to minimize mistakes already experienced and reduces work through identifying and sharing existing solutions. The problems that government solves are often unique, though they are not unique amongst governments.
Many of the same solutions by the same, or similar vendors, are used throughout the world, or at varying levels of government within different jurisdictions. When designing a service, or implementing a service using tools or systems, identify which other departments, jurisdictions, or organizations, have leveraged similar technologies to solve similar use cases in order to collaborate widely, reduce work, share solutions, and benefit from lessons already learned by others. Furthermore, using multidisciplinary teams, especially when coupled with the empowerment of staff, the government improves its posture to deliver modern and innovative services. Through wide collaboration, organizations begin to break down the silos developed over time through the overreliance on functionally based teams. Going forward, working across skill sets, and leveraging work from others, while learning from their lessons, promotes the development of modern services better able to meet the changing needs of citizens in the digital age.
- Our team is multidisciplinary, having all the skills and capabilities required to fully deliver our service to users.
- Our team is active in communities of practice, events, or groups that pertain to the areas of expertise of team members.
- Our team has identified, and collaborates with, other teams, in or outside of our organisation, including other levels of government, other governments, the public, or private sector organizations, who have done, or are doing, similar work.
- Our team documents any APIs for our service using modern and common protocols and standards and provides examples to others regarding their use.
- Our team uses data from performance monitoring tools to inform business decisions.
- Our team develops most of the service on our own, without leveraging existing solutions and services to reduce duplication of effort.
- Our team overwhelmingly relies on tickets to manage collaboration between internal stakeholders or teams.
- The team does not consider the impacts on teams working across the value stream, or on the outcome of the service.
Posters to share
Report a problem or mistake on this page
- Date modified: