Search

An agency operates a grants system using technology that doesn’t easily support interoperability. This means it is not able to operate in conjunction with other systems. 

The agency believes they can meet all Digital Service Standard requirements except Criterion 4 – Connect services. They would be exempt from designing for interoperability and joining services due to the limitations of the existing system.

An agency operates an informational website about their suite of services – the website is available to the public. The agency understands that the new Digital Inclusion Standard is applicable to existing services from 1 January 2026.  

The agency does not believe they will meet the deadline for compliance, without significant investment and risk to other priority programs. 

An agency is replacing a digital platform that allows tourists to apply for tax refunds for goods they purchased in Australia, that they take with them on a plane or ship when they travel out of the country. 

The agency believes they can meet all Digital Access Standard requirements except Criterion 4 – Follow the decision-making framework. In applying the decision-making criteria, the agency determines that most users are tourists who are not eligible for myGov accounts. 

This means that myGov is not the best access point for their replacement service. 

An agency provides a digital service that supports users who are experiencing extreme circumstances, such as trauma and hardship. 

The agency believes they can meet all Digital Performance Standard requirements except Criterion 4 – Measure if your digital service is meeting customer needs, as they don’t feel it’s appropriate to ask their customers for feedback at the time of transaction.

Exemptions for new services going through the budget process can be raised through the appropriate state of the Investment Oversight Framework (IOF).

Exemptions for existing services against the Digital Service Standard and Digital Inclusion Standard should be made in writing to standard@dta.gov.au.

Criterion requirements 

To successfully meet this criterion, agencies need to:

1. Develop a business case for change
2. Survey the policy and service landscape
3. Understand the service’s lifecycle
4. Adopt an agile methodology.

For existing services, this means that agencies should have clearly identified the problem the service is addressing and the whole of government priorities it is contributing towards.

Checklist items 

The current problem statement for the service is clear and addressed:

Best practice approaches:

• Consider the problems the service needs to solve and why they are important. Clearly state the risks of action and inaction, who might be impacted by the service, potential barriers to success and any knowledge gaps.

Government priorities the service is contributing towards have been identified:

Best practice approaches: 

• Assess how the problems identified play out in the broader policy and government service ecosystems. Use resources such as the Australian Government Architecture and Delivering Great Policy Toolkit to understand the landscape and the intentions of different policies.
• Have a clear understanding of how the service will contribute to government priorities, including the achievement of the Data and Digital Government Strategy 2030 vision.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible.

When to apply

Apply Criterion 1 during the Discovery phase to gain a deep understanding of your problem, the service’s business case and the policy and strategic landscape. 

As government is always evolving, revisit this criterion across the Service Design and Delivery Process to ensure your service remains fit for purpose.

How to apply

Questions for consideration 

• What problem exists?
• What is happening in the policy and service landscape?
• What government priorities and initiatives align to the problem space?
• What might success look like?

Criterion requirements

To successfully meet this criterion, agencies will need to:

• Understand the service’s users.
• Conduct user research.
• Test and validate designs.

For existing services, this means agencies should know who the service users are, have a deep understanding of user experiences with the service and how to improve those experiences.

Checklist items:

• The current users of the service and their needs are understood

  Best practice approaches: 

  • Regularly conduct user research to understand who your current users are and why they are accessing your service.
  • Make sure you also understand what devices, platforms, or technologies they use to access the service.
     

• Users’ experiences accessing your service and how to improve those experiences are understood.

  Best practice approaches:

  • Analyse any identified pain points or negative feedback to understand the root cause, make incremental changes based on feedback and test these changes with users to assess their effectiveness.
  • Prioritise action on pain points that have the most significant impact on user experience and ensure resources are allocated effectively.

Methods and tools to use:

• Interviews, surveys, observation or analytics to gather data on your users' needs, goals, expectations, and behaviours.
• existing research from other agencies or sources that are relevant to your service.
• past research reports, journey maps or project summaries from historical internal documentation, internal databases, project archives or management systems.
• relevant studies or research papers, from academic and industry journals.
• professional networks and opportunities to engage with experts and practitioners across the APS to share research findings, reports and insights.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible.

Criterion requirements

To successfully meet this criterion, agencies will need to:

• Understand the diversity of your users.
• Comply with legislation and standards, including the:
  • Disability Discrimination Act 1992
  • latest version of the Web Content Accessibility Guidelines (WCAG)
  • Australian Government Style Manual.
• Implement a feedback mechanism.

For existing services, this means that agencies must ensure they understand the diversity of the services’ users, actively manage compliance with relevant legislation and standards as part of service development and ongoing operations, and have a feedback mechanism in place.

Checklist items

• The different cohorts that may be impacted by or use the service is understood:

  Best practice approaches: 

  • Expand on the learnings from Criterion 2 of the Digital Service Standard, by conducting targeted and ethical user research with the diverse users of the service. Make sure the service captures and responds to unique circumstances and needs.
  • Collect and analyse information about different users to understand the different barriers they might experience when using the service. Eliminate these barriers through design and validate the effectiveness of solutions with real-world users.
  • Some types of users are under-represented in research, may be difficult to reach or require different or tailored engagement approaches. If this is the case, collaborate with other agencies, community groups or the private and not-for-profit sector to reach them. 
• The service is compliant with relevant legislation and standards, including the:
  • Disability Discrimination Act 1992
  • Latest version of the Web Content Accessibility Guidelines (WCAG)
  • Australian Government Style Manual.

• A feedback mechanism is in place. 

      Best practice approaches: 

  • Provide a user feedback mechanism that supports issue reporting and service improvement suggestions, with timely, transparent responses. Act promptly on feedback and provide timely, transparent responses describing how it’s being actioned. Promote the mechanism through an ongoing, multichannel awareness campaign.  

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible

Criterion requirements

To successfully meet this criterion, agencies will need to:

• Design for interoperability.
• Join up services.

For existing services, this means that agencies should ensure that the service has the capability to support interoperability with other services where possible.

Checklist items

• Where possible, the service integrates with other relevant government systems or platforms (if not possible, also mark this as complete):

  Best practice approaches:

  • Review any obligations against privacy policies and the Privacy Act 1988. If external data is used, make the service interoperable and leverage governments’ open datasets. Support safe, ethical data-sharing practices by using the government’s DATA Scheme.
  • Assess the data the agency already collects and whether it can be reused for the service. Where it can be reused, eliminate unnecessary data entry requests and fulfil a ‘tell us once’ approach.
  • Thoroughly document the service’s APIs. Where appropriate, open them for other services and third parties to build upon existing government offerings. Align with the API Design Standard to support cross-jurisdictional data sharing, maintain a consistent, reusable vocabulary and support wider API literacy.
  • Where appropriate, endeavour to integrate the Australia Government Digital ID System, accredited by the Trusted Digital Identity Framework (TDIF). This will allow users to access the service with a single set of credentials.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible

Criterion requirements

To successfully meet this criterion, agencies will need to:

• Adopt transparent data handling.
• Implement security measures.
• Maintain a reliable service.
• be accountable for the service.

For existing services this means that agencies should have mechanisms in place to manage the transparency, security, reliability and accountability for the service.

Checklist items

• Transparent data handling practices for the service are adopted.

  Best practice approaches:

  • Safeguard user data by adhering to the Australian Privacy Principles and the Privacy Act 1988. Always gets explicit, informed consent before colleting a user’s data and provide a means to update or delete it. Allow users to report inaccurate data and respond with how it has been rectified. Notify all users about their responsibilities to protect their data, such as not sharing their password with others.
  • Tell users what information they need before they start a task, and where appropriate, allow them to pause and resume at their own pace.
  • Where appropriate, consider how to embed provenance information to help establish and main trust. Resources such as Content Credentials: Strengthening Multimedia Integrity in the Generative AI Era should be consulted.

• There are processes in place to ensure ongoing compliance of the service with up-to-date security measures.

  Best practice approaches:

  • Use the Information Security Manual, the Essential Eight and other resources from the Australian Cyber Security Centre to thoroughly assess the service’s threats, posture and protections. Plan for the requirements and system hardening that will support the service throughout design, build, operation and decommissioning. 

• There are processes in place to manage reliability of the service for availability and consistency.

  Best practice approaches:

  • Make the service available, stable and consistent for users in different places and time zones, at different times, on different days. Schedule maintenance for a predictable period of downtime and give notice to users well ahead of time.

• There are accountability measures in place for the service to maintain contestability and periodic auditing:

  Best practice approaches:

  • Offer clear avenues for users to submit complaints, contest decisions or report issues, including security data and cyber concerns. To increase the likelihood of useful feedback, make avenues anonymous by default and identifying by choice wherever possible. To demonstrate that feedback has been addressed or will inform future action, provide users with timely and transparent responses. Responses should be tailored to the feedback.
  • Audit the service, data-handling practices, security incidents and compliance with whole-of-government policies. Use an independent review to test assumptions and identify issues that may be taken for granted. Use these results to improve and keep the service fit for purpose.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible:

Criterion requirements

To successfully meet this criterion, agencies will need to:

• ‘Build once, use many times’.
• Design for a common, seamless experience.
• Reuse data where possible.

For existing services, this means that agencies should enable the re-use of designs and data where it is possible to do so.

Checklist items

• Where possible, components, solutions and/or data, such as forms, content, workflows, APIs, design components or information, are able to be reused in other services (if not possible, also tick this box).

  Best practice approaches:

  • Share designs with other teams and agencies that are establishing services that could benefit from the work your agency is doing with your service. Similarly, share data, where possible, with other services that require the same data to provide a seamless experience for the users.  

Criterion requirements

To successfully meet this criterion, agencies will need to:

• Protect users’ digital rights.
• Understand privacy impacts.
• Understand the limits of data.

For existing services, this means that agencies must have mechanisms in place to protect users’ digital rights and understand the privacy impacts of the services and the limits of data.

Checklist items 

• The digital rights of users are protected.

  Best practice approaches:

  • Consider how the service might impact the digital rights of users. Identify users facing greater personal risks and make sure they’re provided with the means to access, communicate and contest the service transparently or anonymously. If rights are breached, move quickly to implement changes that prevent future harm.
  • Consider the implications of the service beyond its immediate impacts. Workshop environmental, economic or social impacts and undertake scenario planning to explore unforeseen issues and opportunities. 
     

• The services’ privacy impacts are understood and appropriately responded to.

  Best practice approaches:

  • Undertake regular Privacy Impact Assessments to capture issues. Mitigate unwarranted and unauthorised surveillance, data collection and malicious data breaches and share these actions with users.
  • Where required, seek and obtain informed consent from users prior to collecting, storing or disclosing any of their data. Consider opt-out options and ensure the service requires as little user data as possible.
  • Communicate how data will be used or may be used in the future at the time of consent. This includes how it may be shared with other people or between services and secondary or less obvious uses.

• The limits of data that is collected and / or used by the service is understood:

  Best practice approaches:

  • Data should only be collected and used for the stated purpose that the user agrees to. Account for how data models, datasets and algorithms may produce discriminatory results and provide transparent detail to users on how decisions and calculations are made. Before sharing data, apply the DATA Scheme’s Data Sharing Principles to help assess whether it would be safe to do so.
  • Quantitative data, which is numeric or measurable, helps us understand what is happening on a service. Qualitative data, which is descriptive or observable, helps us understand why. Use both to fully understand the story and match any correlation with a provable causation. Do this before making important decisions.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible.

Criterion requirements

To successfully meet this criterion, agencies will need to:

• Follow guidance on critical and emerging technologies.
• Maintain interoperability in the face of new technology.
• Track adoption of new technology.

For existing services, this means that agencies must demonstrate that they have adopted emerging technologies only when there is an inherent benefit, maintain interoperability where relevant, and have implemented measures to monitor for changes relating to critical and emerging technologies that may impact the service.

Checklist items

• There are processes in place to monitor and implement guidance for critical and emerging technologies for the service/.

  Best practice approaches:

  • Stay current, technology can advance at a staggering pace. If available, refer to government guidance on risks, opportunities and developments for up-to-date advice on critical or emerging technology that may impact the service.
  • Regularly check the Australian Government Architecture: Follow published guidance in the Australian Government Architecture for the adoption of critical and emerging technologies.

• There are processes in place to maintain the interoperability of the service in the face of new technology:

  Best practice approaches:

  • Consider if new technologies will impact the service’s interoperability. Plan for its introduction or implementation in partnership with other affected agencies to prevent further divergence or disconnection.
  • Undertake an assessment of the preparedness for new technologies. Consider the resources and training for a new technology that will be required by the agency and team.

• There are processes in place to track adoption of new technology:

  Best practice approaches:

• Prior to implementing a new technology, determine whether it aligns with the clear intent of the service and whether it risks leaving certain types of users behind. If implemented, monitor how users respond to the new technology and respond to any accessibility or usability concerns.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible.

Criterion requirements 

To successfully meet this criterion, agencies will need to: 

• Establish a baseline for the service.
• Identify the right performance indicators.
• Measure, report and improve according to strategies.

For existing services, this means that agencies must demonstrate that there is continuous monitoring and measurement of services to ensure they operate smoothly, remain secure and cater for users’ evolving needs.

Checklist items

• There is an established performance baseline for the service.

  Best practice approaches:

  • Determine the current state by identifying and reviewing existing metrics for the service. Use this as a yardstick to measure progress.
  • Compare the service to similar services or existing standards to identify areas of improvement. Seek out best practices of similar and well-performing services to consider if they can be adopted.

• Appropriate performance indicators have been identified for the service.

  Best practice approaches:

  • Use metrics that accurately capture the service’s ability to deliver the outcomes that users expect. These might include adherence to design standards and privacy legislation, site/app performance, security benchmarks or tasks completed by users.

• The service is measured, reported against and improved according to strategies.

  Best practice approaches:

  • Make sure the service meets the Data and Digital Government Strategy and consider how information collected and reported could improve the service in line with the Strategy’s implementation plan. All digital and ICT-enabled investment proposals must define their purpose, outcomes and methods for measuring, monitoring and optimising them. Find out more in the Benefits Management Policy.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible.

Criterion requirements 

To successfully meet this criterion, agencies will need to:

• Improve the service across its life.
• Schedule regular assessments.
• Communicate service upgrades.

For existing services, this means that agencies must seek to continuously improve their services, schedule regular assessments and communicate service upgrades.

Checklist items

• There are mechanisms in place to make improvements to the service across its life.

  Best practice approaches:

  • Increase people’s use of the service by continuously optimising performance, enhancing security, introducing relevant features, addressing bugs and increasing compatibility. Use metrics identified in Criterion 9 (‘Monitor your service’) to reveal the biggest opportunities for impact and ground improvements in evidence. Provide ongoing training and materials for staff to support change.

• Regular assessments are scheduled to review the performance and experience of the service over time.

  Best practice approaches.

  • Define the goals and scope of the assessment then observe performance and experience over time. Performance metrics might include load times, responsiveness or bottlenecks. Experience metrics might include entry/exit points, dwell time or task abandonment. Ongoing monitoring should be part of business-as-usual processes and a detailed review part of regular service evaluation.

• Service upgrades appropriately communicated with users.

  Best practice approaches.

  • Develop an iterative communication plan for how, when and through what channels updates and findings will be shared with users. When writing content, show how users’ feedback informed the actions that have been taken. Highlight key achievements or milestones reached and use real-life stories to demonstrate how users shaped change.

Optional

• Describe how the digital service complies with this criterion, referencing best practice approaches deployed where possible.