Search

Incorporate feedback: Offer users the ability to provide feedback, report issues and suggest service improvements. Promptly act on feedback and provide a timely, transparent response describing how it’s being actioned.

Raise awareness of your service: Plan an ongoing awareness campaign and deploy it across a variety of channels to reach your users. Consider training your frontline staff so they can inform, suggest or demonstrate the service to people.

Test

When to apply

Apply Criterion 4 throughout Beta(Opens in a new tab/window) to ensure smooth integration with other government services and systems. 

Adhere to this criterion across the Service Design and Delivery Process(Opens in a new tab/window) whenever new functionality, integrations or upgrades are introduced.

How to apply 

Questions for consideration

• how will this service integrate with existing systems and data?
• what standardised protocols will be used to exchange data?
• how will we test for smooth interoperability with other platforms?
• how will the service accommodate future growth and change?
• what information does government already hold that the service could reuse?
• which mechanisms will allow users to opt in or out of data sharing?

Share data: Always begin by reviewing your obligations against privacy policies and the Privacy Act (1988). If external data can be used, make your service interoperable and leverage governments’ open datasets. Support safe, ethical data sharing practices by using the government’s DATA Scheme(Opens in a new tab/window). 

Request information once: Assess the data your agency already collects and whether it can be reused to deliver your service. Where it can be reused, eliminate unnecessary data entry requests and fulfil a ‘tell us once’ approach.

Publish open APIs: Thoroughly document your service’s APIs. Where appropriate, open them for other services and third-parties to build upon existing government offerings. Align with the API Design Standard(Opens in a new tab/window) to support cross-jurisdictional data sharing, maintain a consistent, reusable vocabulary and support wider API literacy.

Plan for scale and flexibility: Ensure your service can cater for growth and changing preferences without impacting performance, functionality or stability. Embed adaptability into your design patterns from the outset to allow malleability as future changes may require.

Utilise a Digital ID: Where appropriate, endeavour to integrate the Australia Government Digital ID System, accredited by the Trusted Digital Identity Framework (TDIF)(Opens in a new tab/window), to allow users to access your service with a single set of credentials.

To successfully meet this criterion, agencies will need to:

• design for interoperability
• join up services.

When to apply 

Apply Criterion 5 throughout Beta to protect users’ digital rights and ensure robust security measures are in place.

As cyber threats become more prevalent and sophisticated, adhere to this criterion across the Service Design and Delivery Process

How to apply 

Questions for consideration

• how are users informed about the collection, use and storage of data?
• how will you obtain informed consent from your users?
• which encryption and authentication mechanisms will provide the most robust security?
• how does the service comply with data protection legislation and policies?
• what processes are in place to prevent misinformation?
• how is the service built to be resilient against cyber threats?
• what assurances are in place to promote ethical use of data?

Consider privacy, consent, and control: Safeguard user data by adhering to the Australian Privacy Principles and the Privacy Act (1988). Always obtain explicit, informed consent before collecting a user’s data and provide a means to update or delete it. Allow users to report inaccurate data and respond with how it has been rectified. Notify users of their own responsibilities to protect their data, such as not to share their password with others.

Eliminate ambiguity in your user interface: Provide validating feedback and progress tracking as users interact with your service. Design to eliminate the need for error messages in the first place; make them understandable and actionable where they remain. Tell users what information they need before they start a task and, where appropriate, allow them to pause and resume at their own pace.

Secure by design: Use the Information Security Manual, the Essential Eight and other resources from the Australian Cyber Security Centre to thoroughly assess your service’s threats, posture and protections. Plan for which requirements and system hardening will support your service throughout design, build, operation and decommissioning.

Available and consistent: Make your service available, stable and consistent for users in different places and time-zones, at different times, on different days. Schedule maintenance for a predictable period of downtime and give notice to users well ahead of time.

Embrace contestability: Offer clear avenues for users to submit complaints, including security data and cyber concerns, contest decisions or report issues. 

Wherever possible, make avenues anonymous by default and identifying by choice to grow the likelihood of useful feedback. Provide users with timely and transparent responses, tailored to their feedback, to demonstrate it has been addressed or will inform future action.

Undertake periodic audits: Audit your service, data-handling practices, security incidents and compliance with whole-of-government policies. Use an independent review to test assumptions and identify issues that may be taken for granted. Use these results to improve and keep your service fit for purpose (Criterion 10 ‘Keep it relevant’).