The Challenge

The Government Security site is the home of security strategies, standards, policies, and guidance for UK Government departments and their arm’s-length bodies. The site is the go-to resource for promoting consistent and coherent ways of working in security across government.

So, what was the challenge? We needed to take the Alpha version of the site to the Beta stage of development with a whole new set of goals, including:

• Improve the overall look, feel and usability - make sure it is user friendly and visually appealing
• Responsive design - ensure it works on all devices
• Secure by design - implement two-factor authentication
• Accessibility - meet all accessibility requirements and legislation compliant 
• GDPR compliance - ensure all practices are in line with regulations
• Resilient platform - build a platform with robust disaster recovery
• User, content and location management - streamline the way users and content are managed, including a bespoke review process
• Search functionality - use enhanced functionality to help users find what they need and find it quickly
• Reporting analytics - providing detailed event logs

The Solution

The initial fixed-price contract to take the Government Security site to the Beta stage of development was won by Affinity via Direct Award through G-Cloud 13. We didn’t just meet expectations, we exceeded them. Here’s how we did it: 

• Our tried and tested Hybrid Agile delivery methodology

• Expertise and relevant experience in AWS, WordPress, and Matomo analytics

• Utilising/building AWS UK-based data hosting and Infrastructure-as-Code

• Offering a flexible, client-focused approach

• Mobilising and delivering value within three weeks

The success of the project was shaped by several key elements:

Flexible onboarding

We got to work straight away. Affinity focused on meeting stakeholder needs, building relationships, and collaborating on brand design. By taking the time to truly understand the Cabinet Office’s ecosystem and requirements, we shaped our project delivery to align with their needs. 

Tailored hybrid agile setup

Waterfall requires a fixed plan; Agile adapts each sprint. 

The Cabinet Office had a list of must-have requirements and  they also wanted to work collaboratively, adjusting to changes and feedback from stakeholders and user feedback throughout delivery. We adopted a Hybrid Agile approach which allowed for flexibility. What did this look like? It looked like this:

• Well defined scope and KPIs

• Daily stand-ups to track progress towards goals

• Design, build, test, deploy done iteratively in Sprints (two weeks)

• Sprint Reviews and progress reports every Sprint (two weeks) 

• Regular adjustments to deliverables and KPIs

Success was ensured with client reports every Sprint (two weeks) to meet SLAs, update stakeholders, gather feedback and resolve issues.

High-level solution design

After onboarding, Affinity created a design document for the Cabinet Office’s architecture, applications, test plan, and delivery roadmap Our blueprint for success, if you will.

Open Source apps and scalable hosting setup

We combined diverse content management, secure data, and a seamless experience. How? By integrating:

• CMS: WordPress for scalability, security, and performance

• Hosting: AWS cloud infrastructure setup

• Analytics: Matomo for data control and segmentation

Quality Assurance

The AWS infrastructure used for GSG is based on an approach originally chosen by CO Digital technical architects, but evolved by Affinity in areas such as security, resilience and ease of maintenance. The approach demonstrates the consideration of the Technology Code of Practice in areas such as ‘use cloud first’, ‘make things secure’ and ‘share, reuse and collaborate’. To streamline Infrastructure deployments we used AWS CodePipeline, which was developed by Affinity to make deployments easier, more predictable and auditable. Our testing included both automated and manual tests and covered:

• Unit Testing

• Load Testing

• Usability Testing

• Integration Testing

• Data security Testing

• Penetration Testing

• Accessibility Testing

• User acceptance Testing

Our tests also covered WordPress and Matomo, with load testing ensuring the platform’s real-world performance.

Tailored support, seamless maintenance

Post (successful!) soft launch we provided smooth operation and support for daily maintenance and high-risk alerts. Due to security requirements, we implemented a tailored support system with varied SLAs and automated alerts via Jira.

The Results

Soft launched on 31st July 2024, the Government Security site received hugely positive feedback from both Civil Servants and the industry professionals. 

Although the website specifications evolved over the course of the project, as they often do, Affinity delivered on all initial and emerging technical requirements. Here is what we achieved: 

• Sophisticated content and publishing workflows that support all content formats, including videos, text, audio, images and custom content types 

• Integration of high-security, GDPR-compliant, open-source applications with data hosting predominantly in the UK

• Nine-to-five first-, second-, and third-line support with vigilance and automated workflows

• Robust backup and disaster recovery plans that align with the client’s specified RTO and RPO measures

• Infrastructure designed for resource-efficient scalability in AWS 

• Delivery of the Beta site at speed, with all of the core functionality in place within six months of the start of the project. An additional six months will be spent on Support & Maintenance, iteration and refinements.