Search

Document findings and recommendations to apply criterion 2:

• Collect qualitative and quantitative data through surveys, interviews and focus groups to understand user needs and experiences.
• Regularly collect feedback and analyse pain points to identify root causes, use an iterative design process to implement and test incremental changes.
• Prioritise the pain points that have the most significant impact on user experience and allocate resources effectively.  Make sure the data is collected and documented in a centralised knowledge repository. 

• Iteration – Digital.gov
• Stages of the service design and delivery process | For government | Queensland Government
• Mastering design iterations: The power of documentation – DfE Digital, Data and Technology (blog.gov.uk)
• Guide to data analytics and the Australian Privacy Principles | OAIC
• User research methods | Digital NSW
• Plan your user research approach | Digital NSW
• User research planning | For government | Queensland Government
• User research | digital.gov.au
• Research user experience (UX) - digital guide | vic.gov.au (www.vic.gov.au)
• User research - Service Manual - GOV.UK (www.gov.uk)
• User research | Online Accessibility Toolkit

• Conduct segmented user research: Go broad and deep on the learnings from Criterion 2 (‘Know your user’) by conducting targeted and ethical user research. Make sure the service captures and responds to unique circumstances and needs.
• Use data-driven insights: Collect and analyse information about different users to understand the different barriers they might experience when using the service. Eliminate these barriers through design and validate the effectiveness of solutions with real-world users.
• Include non-digital users: Test how easily users can access the service to understand the impact of the digital divide. Make sure those users have a voice in decisions affecting them. Design omni-channel pathways that cater to non-digital access and experiences that some users rely on to access government services.
• Form partnerships: Some types of users are under-represented in research, may be difficult to reach or require different or tailored engagement approaches. If this is the case, collaborate with other agencies, community groups or the private and not-for-profit sector to reach them.

• Use existing standards as a baseline: Comply with legislation and standards to make sure the service uses best practice and meets the expectations for government services. Consider any specific legislation or policies relevant to the service as well as the Disability Discrimination Act 1992, the Disability Services and Inclusion Act 2023, the latest version of the Web Content Accessibility Guidelines (WCAG) and the Australian Government Style Manual.
• Offer content in alternate formats: Offer content in different mediums, such as text, images and audio and segment long documents or tutorials into chunks. Provide human-validated multilingual support for critical information. Evaluate the service with users who depend on assistive technology, integrate their feedback and resolve pain points through design.
• Consider different platforms: Comprehensively test the service across devices and platforms users may access it through prior to launch. Anticipate how content will appear on different devices in designs and assess whether platform-specific interfaces support or fail to meet accessibility standards.
• Design for affordability and connectivity: Design and develop the service to use as little bandwidth and data as possible. Where it suits the service, make it cache for offline access or offer downloadable, print-friendly versions of critical content.
• Use accessible language: Use plain language in both the content and user interface to make sure the service is usable by all. Replace niche terminology or jargon with widely understood terms. Always adhere to the Australian Government Style Manual and plain language guidance.

• Incorporate feedback: Give users the ability to provide feedback, report issues and suggest service improvements. Act promptly on feedback and provide timely, transparent responses describing how it’s being actioned.
• Raise awareness of the service: Plan an ongoing awareness campaign and deploy it across a variety of channels to reach users. Consider training frontline staff so they can inform, suggest or demonstrate the service to people.

To meet criteria 3 of the Digital Service Standard, refer to the Digital Inclusion Standard. The Digital Inclusion standard is an extension of criteria 3 of the Digital Service Standard.

• Share data: Always begin by reviewing any obligations against privacy policies and the Privacy Act 1988. If external data can be used, make the service interoperable and leverage governments’ open datasets. Support safe, ethical data-sharing practices by using the government’s DATA Scheme. 
• Request information once: Assess the data the agency already collects and whether it can be reused to deliver the service. Where it can be reused, eliminate unnecessary data entry requests and fulfil a ‘tell us once’ approach.
• Publish open APIs: Thoroughly document the service’s APIs. Where appropriate, open them for other services and third parties to build upon existing government offerings. Align with the API Design Standard to support cross-jurisdictional data sharing, maintain a consistent, reusable vocabulary and support wider API literacy.
• Plan for scale and flexibility: Make sure the service can cater for growth and changing preferences without impacting performance, functionality or stability. Embed adaptability into the design patterns from the outset to allow malleability that future changes may require.
• Utilise a Digital ID: Where appropriate, endeavour to integrate the Australia Government Digital ID System, accredited by the Trusted Digital Identity Framework (TDIF), to allow users to access the service with a single set of credentials.

• Orient to life events: Design services around users’ life circumstances, such as birth registrations or changes to their name, rather than forcing users to adapt to how government is organised. Clearly describe expected or potential next steps to contribute to a seamless experience and explore interlinking with other federal, state and territory services to reduce data-entry burden on users.

To meet criteria 4 of the Digital Service Standard, refer to the Digital Access Standard. The Digital Access standard is an extension of criteria 4 of the Digital Service Standard. 

• Consider privacy, consent and control: Safeguard user data by adhering to the Australian Privacy Principles and the Privacy Act 1988. Always get explicit, informed consent before collecting a user’s data and provide a means to update or delete it. Allow users to report inaccurate data and respond with how it has been rectified. Notify users about their responsibilities to protect their data, such as not sharing their password with others.
• Eliminate ambiguity in the user interface: Provide validating feedback and progress tracking as users interact with the service. Design to eliminate the need for error messages in the first place. When creating error messages, make them understandable and actionable. Tell users what information they need before they start a task and, where appropriate, allow them to pause and resume at their own pace.

• Secure by design: Use the Information Security Manual, the Essential Eight and other resources from the Australian Cyber Security Centre to thoroughly assess the service’s threats, posture and protections. Plan for the requirements and system hardening that will support the service throughout design, build, operation and decommissioning.

• Available and consistent: Make the service available, stable and consistent for users in different places and time zones, at different times, on different days. Schedule maintenance for a predictable period of downtime, and give notice to users well ahead of time.

• Embrace contestability: Offer clear avenues for users to submit complaints, contest decisions or report issues, including security data and cyber concerns. To increase the likelihood of useful feedback, make avenues anonymous by default and identifying by choice wherever possible. To demonstrate that feedback has been addressed or will inform future action, provide users with timely and transparent responses. Responses should be tailored to the feedback.
• Undertake periodic audits: Audit the service, data-handling practices, security incidents and compliance with whole-of-government policies. Use an independent review to test assumptions and identify issues that may be taken for granted. Use these results to improve and keep the service fit for purpose (Criterion 10 ‘Keep it relevant’). 

Prioritise service security measures and have processes in place to ensure that they are efficient and current. Use methods or tools such as:

• Conduct regular and comprehensive security audits to identify vulnerabilities in the digital service. This includes penetration testing and assessments to keep security measures robust and up to date.
• Regularly update software, hardware and security protocols to protect against new and emerging threats. This includes prompt application of patches, updates and security fixes. 
• Implement ongoing security training for staff on best practices, include phishing recognition attempts and secure handling of sensitive data.
• Establish and regularly update an incident response plan to prepare for potential security breaches. Outline steps for detecting security incidents, responding to them and recovering.

Prioritise the accuracy of information provided. Put processes in place for regular checks and updates. Use methods or tools such as:

• Establishing clear guidelines for content moderation to prevent misinformation. This includes procedures for reviewing and verifying information before it is published.
• Implement reporting mechanisms so users can flag misinformation or content they believe is inaccurate. This encourages user engagement and helps maintain the integrity of information provided.
• Maintain processes for regular content updates and corrections when information inaccuracies are identified. Transparent correction processes build trust.

Have processes in place to make sure the service is resilient and updated against current and imminent cyber threats. Use methods or tools such as:

• Implement a layered security strategy that includes firewalls, intrusion detection systems and encryption to create multiple anti cyber barriers.
• Develop and test disaster recovery and business continuity plans to ensure the service runs quickly to recover from cyber incidents, including data breaches or denial-of-service attacks.
• Continuously monitor and assess emerging cyber threats. This involves subscribing to threat intelligence services and keeping abreast of industry developments.
• Educate users about cybersecurity best practices, such as using strong passwords and recognising phishing attempts. An informed user base enhances overall security.