The foundation of a high-quality government technology implementation is a high-quality technology product. In order to ensure that government agencies are procuring technology products that will have a high likelihood of being successful, there should be a minimum set of criteria that define what those products should be able to do. Stated differently, this set of criteria is what a procuring agency is entitled to – it’s the agency’s right that some minimum set of requirements exist in the technology they procure, especially software.
A user “bill of rights” is nothing new. From data to aviation, different groups have worked to protect the interest of users that could otherwise fall victim to an unscrupulous service provider. As an avid technology user and somebody that cares deeply about public servants getting the quality tools they deserve, I’d like to propose a “government technology bill of rights” – qualities in technology products (mainly software) that form the minimum bar a vendor must clear to even be considered by a procuring agency:
- Modern Technology
Applications shall use technology that is regarded by the technology community as “modern.” This means various libraries, frameworks and languages used to build applications are stable, updated regularly, patched quickly and have no plans to wind down or “sunset.”
- Well-Defined Interoperability
Vendors shall provide a well-documented mechanism by which the procuring agency can access data in the application or share data with trusted third parties in real time. This mechanism (such as an API) should use a widely-accepted standard like REST or XML.
- User-Centered Design
Applications shall be designed in a manner such that the layout, color scheme, organization and other design elements contribute to and improve the overall user experience. The design choices should improve the following, but are not limited to: readability, information hierarchy, ease of use, speed and data input accuracy.
- Performant Functionality
Application performance shall be optimized to take advantage of the computing power and sophistication of the day. This means that any interaction in the application should occur at a user’s perception of “instantaneous.” Developers should work to make all interactions within the application take less than one second, while aiming for a best-case scenario of all interactions happening in less than 100 milliseconds.
- Industry-Standard Security
Vendors shall take all necessary measures to maintain secure applications. While levels of security can vary by agency mission and need, some basic requirements should include 256-bit AES encryption (or its equivalent), 2-factor authentication and encryption both in transit and at rest.
- Regular Upgrades
The application shall be updated frequently and in a timely manner. This ensures the application is free of security holes, remains performant and enjoys regular improvements to its functionality.
- No Planned Downtime
The application shall not require any downtime (offline time) to update, patch, modify or otherwise change the application. Modern technology today is such that blue-green deployments should be the norm versus the exception. As such, an agency should never have to schedule a block of multiple hours to take an application down to update it.
- Responsive Service and Support
Applications shall offer an option for reasonably-priced operational support. New needs will appear and use cases will change after launching an application, and the vendor needs to be standing by to provide the requisite support. Additionally, the majority of application changes needed in the face of some new requirement should be configurable by a department administrator with minimal interaction required with the vendor.
- Freedom Among Devices
Applications shall generally be device-agnostic. By ensuring applications aren’t bound to one type of device, departments won’t have to replace hardware every time they choose to upgrade or change applications. Additionally, this ensures the apps are readable and usable across the many devices in use at a government agency.
- Fair Data Access
Users shall have unfettered access to the data they submit to said applications. At any point, there shall be some well-defined mechanism by which users shall be able to retrieve their data. And by extension, if a user chooses to terminate their relationship with their vendor, the vendor shall provide all of the user’s data in a form that is easily accessible, free of charge.
The above principles aren’t revolutionary. And despite them forming a standard that isn’t wildly difficult to achieve, so few products in the government technology space achieve even a few of the principles. It would be encouraging to see vendors automatically bake this list into their product offering, but ultimately it’s up to the agencies themselves to include these principles in every request for proposal or product demo Q&A.
If government agencies collectively and consistently demand these very reasonable “rights,” vendors will have no other option than to provide the products that these agencies deserve.
Matthew Polega is part of the GovLoop Featured Blogger program, where we feature blog posts by government voices from all across the country (and world!). To see more Featured Blogger posts, click here.