• Criterion 9 – Monitor your service

  • Policy overview

    Include the following details:

    • Policy title
    • Policy owner
    • Policy lead
    • Policy sponsor (if applicable)
    • Policy contact details
    • Date approved
    • Policy effective date
    • Version number

    Brief description

    Provide a concise summary of the policy, including its objectives and scope.

    Purpose of risk assessment

    Objective

    To identify, assess, and mitigate risks associated with the development, implementation, and maintenance of the policy.

    Scope

    Outline the scope of the risk assessment, such as whether it applies to internal agency processes, external stakeholder impacts, or cross-governmental collaboration.

    Risk assessment methodology


    Risk assessment approach

    Briefly describe the methodology or framework used to assess risks, e.g., likelihood and impact matrix, qualitative or quantitative analysis.

    Risk categories

    List the categories of risks to be assessed, such as operational, financial, legal, reputational, or technological.

    Risk identification

    Risk register

    Identify all potential risks related to the policy. Include risks that may arise during policy development, implementation, and post-implementation phases.

    Risk Description

    Provide a brief description of each identified risk, including its cause and potential impact.
     

    Risk IDRisk DescriptionCategoryLikelihood
    (low/med/high)    		Impact 
    (low/med/high)    		Overall risk
    (low/med/high]
    1[Risk description][Category][low/med/high][low/med/high][low/med/high]
    2[Risk description][Category][low/med/high][low/med/high][low/med/high]


     

    Risk analysis

    Likelihood assessment

    Assess the probability of each risk occurring—low, medium, or high.

    Impact assessment

    Evaluate the potential consequences or impact of each risk, should it occur—low, medium, or high.

    Risk level

    Determine the overall risk level by combining the likelihood and impact assessments—low, medium, or high.
     

    Risk mitigation strategies

    Mitigation actions

    List mitigation strategies for each identified risk. Outline the actions needed to reduce the likelihood or impact of the risk.

    Assigned responsibility

    Specify the team or individual responsible for implementing the mitigation strategies.

    Timeframe for implementation

    Indicate when the mitigation actions will be put into effect.

    Risk IDMitigation StrategyResponsible partyTimeframe
    1[Mitigation strategy][Responsible party][Date]
    2[Mitigation strategy][Responsible party][Date]

     

    Risk monitoring and reporting

    Monitoring process

    Describe how each risk will be monitored throughout the policy’s lifecycle. Include the frequency of reviews and updates to the risk register.

    Reporting requirements

    Identify who will receive updates on risk management, such as senior leadership, oversight committees, or external agencies. Include the frequency and format of reporting.

    Triggers for action

    Identify any triggers that would require immediate action or re-evaluation of risks, such as policy changes, new data, or incidents.

    Contingency planning

    Contingency plans for high risks

    For high-risk items, develop contingency plans in case mitigation strategies fail. Detail the steps to take if the risk materialises.

    Escalation process

    Specify the process for escalating risks to higher levels of management or to other stakeholders.

    Legal and compliance risks

    Legislative and regulatory risks

    Identify any legal or compliance risks associated with the policy. Include risks related to breaches of existing laws or failure to meet new legislative requirements.

    Mitigation for legal risks

    Provide strategies for mitigating legal risks, including seeking legal advice, compliance checks, or legislative amendments.
     

    Communication of risk management plan

    Internal communication

    Outline how risk management activities will be communicated internally to staff and stakeholders within the agency.

    External communication

    Specify how external stakeholders will be informed of key risks and how the agency is addressing them. This may include public announcements or targeted stakeholder briefings.

    Continuous risk improvement

    Review and update cycle

    Detail how often the risk assessment and mitigation plan will be reviewed and updated to reflect new information, changes in the policy environment, or emerging risks.

    Feedback loop

    Establish mechanisms for continuous feedback and improvement, ensuring that lessons learned from previous risk management activities are incorporated into future plans.


    Contact information

    Risk management lead

    Provide the contact details of the individual or team responsible for managing and coordinating the risk assessment and mitigation plan.

    Support team

    List additional contacts for queries or support.
     

  • Downloadable .docx version

    Use this template to assess and mitigate against risks associated with policy development and implementation. It will help ensure that risks are identified, managed, and communicated effectively across stakeholders. Remember to save your own version of this document before making any changes.

  • Downloadable .docx version

    Use this template to draft your project plan. Feel free to adjust the sections to align with your project goals and requirements. Remember to save your own version of this document before making any changes.

  • Downloadable .docx version

    This template helps ensure the structured and comprehensive implementation of whole-of-government policies, promoting transparency, accountability, and consistency across various stakeholders and agencies involved in the process. Remember to save your own version of this document before making any changes.

  • Downloadable .docx version

    This template provides a clear and structured format for a government policy, ensuring all necessary components are included for clarity and effective implementation across agencies. Remember to save your own version of this document before making any changes.

  • Downloadable .docx version

    This template is designed to assist policy developers conduct effective desktop research during the pre-discovery phase of the policy development process. The aim is to provide a structured approach to gathering and synthesising relevant information to inform the early stages of policy ideation and development. Remember to save your own version of this document before making any changes.

  • Criterion 10 – Keep it relevant

  • Transition approach

    The implementation of the Digital Inclusion Standard will be phased to give agencies time to plan and update their services.  

    • Phase 1: 1 January 2025 – New services  
    • Phase 2: 1 January 2026 – Existing public-facing services  

    The DTA will regularly review the Digital Inclusion Standard and make improvements as government service delivery and digital services mature. Improvements will be made in line with agency application and feedback.

    Phase 1 – New services 

    From 1 January 2025, services that meet the following criteria will be required to meet the Digital Inclusion Standard:  

    • public or staff-facing
    • owned by non-corporate Commonwealth entities
    • new (including redesigned) informational and transactional services. 

    Phase 2 – Existing public-facing services

    From 1 January 2026, services that meet the following criteria will be required to meet the Digital Inclusion Standard: 

    • public-facing
    • owned by non-corporate Commonwealth entities
    • all existing informational and transactional services. 

    Note: existing staff-facing services are excluded. 

  • Phase 1 – New services

    From 1 January 2025, services that meet the following criteria will be required to meet the Digital Inclusion Standard:  

    • public or staff-facing
    • owned by non-corporate Commonwealth entities
    • new (including redesigned) informational and transactional services. 
    Off
  • When and how to apply this criterion

     

    When to apply

    Apply Criterion 1 during the Discovery phase to gain a deep understanding of your problem, the service’s business case and the policy and strategic landscape. 

    As government is always evolving, revisit this criterion across the Service Design and Delivery Process to ensure your service remains fit for purpose.

    How to apply

    Questions for consideration 

    • What problem exists?
    • What is happening in the policy and service landscape?
    • What government priorities and initiatives align to the problem space?
    • What might success look like?
    Off
  • Develop a business case for change

     

    Be outcomes focused: Consider what problems your service needs to solve and why they are important. Share your early-stage assumptions, gather diverse perspectives from stakeholders and take advantage of pre-existing data and resources. Clearly state the risks of action and inaction, who might be impacted, potential barriers to success and your knowledge gaps.

    Frame the problem: Form a simple, clear problem statement from the evidence that’s already available. Use it as the basis of further research and validation, and to identify the users you need to engage with.

    Don’t jump to solutions: Don’t anticipate a technical or design solution before validating the problems you’ve identified. Evaluate the rest of the Standard’s criteria to understand what else could drive the problem. Consider whether a new solution is required or if an existing platform or service might achieve the best outcome.

    Align stakeholders to a vision: Engage key stakeholders to establish a shared vision for success. Ensure clear expectations are set for the project and everyone knows why change is necessary.

    Off

  • Strategy

  • Survey the policy and service landscape

     

    See the bigger picture: Assess how the problems you identified play out in the broader policy and government service ecosystems. Use resources (such as the Australian Government Architecture and Delivering Great Policy Toolkit) to understand the landscape and the intentions of different policies.

    Align to government priorities: Have a clear understanding of how your service will contribute to government priorities including the achievement of the Data and Digital Government Strategy 2030 vision.

    Off
  • Understand your service's life cycle

     

    Invest for the future: Consider whole-of-life investment costs, including maintenance and upgrades, to ensure proper investment across short-, medium- and long-term horizons. Familiarise with the Investment Oversight Framework and its thresholds. Get in touch with the Digital Transformation Agency for questions about the ICT Investment Approval Process and work with the relevant area of the Department of Finance to understand ongoing costs.

    Off
  • Adopt an agile methodology

     

    Use a multi-disciplinary team: Consider tools and techniques based on agile values and principles. Engage a multidisciplinary team to understand the whole problem and create an effective solution. Monitor time and effort expended to understand and refine whole-of-life investment costs from the outset. 

    Off

Connect with the digital community

Share, build or learn digital experience and skills with training and events, and collaborate with peers across government.

Join the Digital Profession