The Quest for Digital Assurance in the Public Sector

~ Written By Yannis Kafantaris

Hate Change - Love Progress?

As the World Quality Report shows, in an effort to ramp up QA and Testing to the level needed to achieve this, the Public Sector budget allocation has increased from 25% to 33% from 2015-2016 and is expected to rise to 40% by 2018.  However, the Public Sector’s quest for progress belies an underlying scepticism about modernisation and a strong desire to mitigate the many risks associated with Digital Transformation and protect itself from costly and reputation-damaging failures. So what are the risks and how can we provide business assurance, or rather to coin a more modern version of the phrase, digital assurance?

Agile Operations

Digital disruption is bringing new services to market at record speed. This means that organisations utilising traditional operating models are at high risk of these becoming almost instantly outmoded. In addition, customers in all sectors are increasingly taking to social media and other public channels to voice their feedback. The upshot is that a badly executed service risks a public slamming with loss of reputation and disastrous repercussions.

The key to mitigating these risks is to deploy Agile at the operational level and, in subsequent projects iterate the parts that have proven to work best and redesign the rest, just as you would in the Agile development process. Continuous feedback from end users, be they citizens or public servants, is also essential to ascertain performance, usability and overall quality. This customer-centric, Agile approach also delivers great cost savings and enables government organisations to deliver services faster and continuously improve them, so that value is built into every part of the project.  

46% of Public Sector organisations are currently using Agile testing and 39% adopting Test Driven and Behaviour Driven Development (World Quality Report). To meet this demand Sogeti has developed Managed Testing Services (MTS) that interact with both Agile development teams and legacy project teams. We identify the right tests at the right time for a flexible, scalable, efficient and collaborative service. In order to minimise risk it’s crucial to have clear visibility on how a release impacts the whole estate. To this end Sogeti’s MTS uses automated regression testing and continuous integration to create automated scripts that can be run during the development team Sprint process. This gives a clear view of the bigger picture and allows both developers and testers to focus on new functionality while the integrity of the overall product is validated. In this way, we instil Digital Assurance at every level, saving time, minimising risk and reducing the potential for reputational damage.

Assurance Through Automation

The key to building in Digital Assurance at every stage of the Development Lifecycle is Automation driven by a DevOps way of working. Automating the right thing at the right time results in higher levels of efficiency and effectiveness and optimal test coverage. At Sogeti we use existing frameworks created in our Automation Centre of Excellence. This includes our patented and domain-independent automation framework solution, the Capgemini Automation Framework for Enterprises (CAFE). This Framework provides instant, reusable and repeatable scripts for a variety of automation tools across a wide range of technologies.  It’s important to understand that Automation is not a magic wand, it is just part of a larger Customer Experience and Digital Assurance strategy that needs to include continuous integration, deployment and feedback and end-to-end testing.

Digital Assurance & Data

High quality data gives excellent insights, enables better policy decisions and empowers citizens. Public Sector organisations must balance enabling better engagement through data accessibility, with safeguarding that data to maintain its integrity and the trust of the general public. It’s unsurprising then that 49% of the Public Sector World Quality Report participants rate security testing as the most important focus. Currently 59% of Government and Public Sector respondents use an internal testing team with their own tools, while 57% use managed application security testing services (World Quality Report).  In addition to penetration testing and utilising tools that can analyse code at every stage in the development lifecycle for early bug detection, it’s important to implement an effective strategy for controlling records. This involves identifying where datasets are being created; determining the integrity and quality of the data; developing and applying standards; thorough training; and creating a compliance strategy and monitoring system. To find out more about Sogeti’s application security testing services, take a look at our website here.

Tethering the Cloud

19% of the QA and Testing budget in Government and the Public Sector is spent on Cloud solutions and the IoT is set to boost this expenditure exponentially in the coming years (World Quality Report). One of the biggest potential assurance issues is that many Cloud Service Providers take over responsibility for information processing meaning that the Public Sector organisation would no longer have total control over data environment and access. Issues can arise, for example, when there is a complex authentication infrastructure and users get frustrated with multiple passwords and start to write them down, creating a huge security risk. It’s therefore essential for Public Sector organisations to define baseline controls for their cloud services and maintain sufficient control over data access to successfully mitigate the risks. 

Risk Management Not Elimination

When seeking to mitigate risk and achieve Digital Assurance, it’s worth remembering 3 things:

1. Risk management is never going eliminate all risk; it is a balancing act of risk appetite and risk mitigation;
2. Envision the big picture, trial it on a small project and scale up and down as required; and
3. As Gary Moore Head of Delivery for Government Testing Services at Capgemini Group said in a recent interview “The main key to testing success is not just addressing the functional dynamics of a requirement. Public sector IT teams must focus on the entire customer journey and end-user satisfaction with an emphasis on usability, compatibility, performance, security and overall citizen and business customer experience.”

If you would like to hear more about the Public Sector's Digital Delivery in the war for talent - register for our upcoming webinar! Register today >