Digital Services Playbook

The American people expect to interact with government through digital channels such as websites, email, and mobile applications. By building digital services that meet their needs, we can make the delivery of our policy and programs more effective.

Today, too many of our digital services projects do not work well, are delivered late, or are over budget. To increase the success rate of these projects, the U.S. Government needs a new approach. We created a playbook of 13 key “plays” drawn from successful practices from the private sector and government that, if followed together, will help government build effective digital services.

PLAY 1

Understand what people need

We must begin digital projects by exploring and pinpointing the needs of the people who will use the service, and the ways the service will fit into their lives. Whether the users are members of the public or government employees, policy makers must include real people in their design process from the beginning. The needs of people — not constraints of government structures or silos — should inform technical and design decisions. We need to continually test the products we build with real people to keep us honest about what is important.

Checklist

  1. Early in the project, spend time with current and prospective users of the service
  2. Use a range of qualitative and quantitative research methods to determine people’s goals, needs, and behaviors; be thoughtful about the time spent
  3. Test prototypes of solutions with real people, in the field if possible
  4. Document the findings about user goals, needs, behaviors, and preferences
  5. Share findings with the team and agency leadership
  6. Create a prioritized list of tasks the user is trying to accomplish, also known as “user stories”
  7. As the digital service is being built, regularly test it with potential users to ensure it meets people’s needs

Key Questions

PLAY 2

Address the whole experience, from start to finish

We need to understand the different ways people will interact with our services, including the actions they take online, through a mobile application, on a phone, or in person. Every encounter — whether it’s online or offline — should move the user closer towards their goal.

Checklist

  1. Understand the different points at which people will interact with the service – both online and in person
  2. Identify pain points in the current way users interact with the service, and prioritize these according to user needs
  3. Design the digital parts of the service so that they are integrated with the offline touch points people use to interact with the service
  4. Develop metrics that will measure how well the service is meeting user needs at each step of the service

Key Questions

PLAY 3

Make it simple and intuitive

Using a government service shouldn’t be stressful, confusing, or daunting. It’s our job to build services that are simple and intuitive enough that users succeed the first time, unaided.

Checklist

  1. Use a simple and flexible design style guide for the service. Use the U.S. Web Design System as a default
  2. Use the design style guide consistently for related digital services
  3. Give users clear information about where they are in each step of the process
  4. Follow accessibility best practices to ensure all people can use the service
  5. Provide users with a way to exit and return later to complete the process
  6. Use language that is familiar to the user and easy to understand
  7. Use language and design consistently throughout the service, including online and offline touch points

Key Questions

PLAY 4

Build the service using agile and iterative practices

We should use an incremental, fast-paced style of software development to reduce the risk of failure. We want to get working software into users’ hands as early as possible to give the design and development team opportunities to adjust based on user feedback about the service. A critical capability is being able to automatically test and deploy the service so that new features can be added often and be put into production easily.

Checklist

  1. Ship a functioning “minimum viable product” (MVP) that solves a core user need as soon as possible, no longer than three months from the beginning of the project, using a “beta” or “test” period if needed
  2. Run usability tests frequently to see how well the service works and identify improvements that should be made
  3. Ensure the individuals building the service communicate closely using techniques such as launch meetings, strategy rooms, daily standups, and team chat tools
  4. Keep delivery teams small and focused; limit organizational layers that separate these teams from the business owners
  5. Release features and improvements multiple times each month
  6. Create a prioritized list of features and bugs, also known as the “feature backlog” and “bug backlog”
  7. Use a source code version control system
  8. Give the entire project team access to the issue tracker and version control system
  9. Use code reviews to ensure quality

Key Questions

PLAY 5

Structure budgets and contracts to support delivery

To improve our chances of success when contracting out development work, we need to work with experienced budgeting and contracting officers. In cases where we use third parties to help build a service, a well-defined contract can facilitate good development practices like conducting a research and prototyping phase, refining product requirements as the service is built, evaluating open source alternatives, ensuring frequent delivery milestones, and allowing the flexibility to purchase cloud computing resources.

The TechFAR Handbook provides a detailed explanation of the flexibilities in the Federal Acquisition Regulation (FAR) that can help agencies implement this play.

Checklist

  1. Budget includes research, discovery, and prototyping activities
  2. Contract is structured to request frequent deliverables, not multi-month milestones
  3. Contract is structured to hold vendors accountable to deliverables
  4. Contract gives the government delivery team enough flexibility to adjust feature prioritization and delivery schedule as the project evolves
  5. Contract ensures open source solutions are evaluated when technology choices are made
  6. Contract specifies that software and data generated by third parties remains under our control, and can be reused and released to the public as appropriate and in accordance with the law
  7. Contract allows us to use tools, services, and hosting from vendors with a variety of pricing models, including fixed fees and variable models like “pay-for-what-you-use” services
  8. Contract specifies a warranty period where defects uncovered by the public are addressed by the vendor at no additional cost to the government
  9. Contract includes a transition of services period and transition-out plan

Key Questions

PLAY 6

Assign one leader and hold that person accountable

There must be a single product owner who has the authority and responsibility to assign tasks and work elements; make business, product, and technical decisions; and be accountable for the success or failure of the overall service. This product owner is ultimately responsible for how well the service meets the needs of its users, which is how a service should be evaluated. The product owner is responsible for ensuring that features are built and managing the feature and bug backlogs.

Checklist

  1. A product owner has been identified
  2. All stakeholders agree that the product owner has the authority to assign tasks and make decisions about features and technical implementation details
  3. The product owner has a product management background with technical experience to assess alternatives and weigh tradeoffs
  4. The product owner has a work plan that includes budget estimates and identifies funding sources
  5. The product owner has a strong relationship with the contracting officer

Key Questions

PLAY 7

Bring in experienced teams

We need talented people working in government who have experience creating modern digital services. This includes bringing in seasoned product managers, engineers, and designers. When outside help is needed, our teams should work with contracting officers who understand how to evaluate third-party technical competency so our teams can be paired with contractors who are good at both building and delivering effective digital services. The makeup and experience requirements of the team will vary depending on the scope of the project.

Checklist

  1. Member(s) of the team have experience building popular, high-traffic digital services
  2. Member(s) of the team have experience designing mobile and web applications
  3. Member(s) of the team have experience using automated testing frameworks
  4. Member(s) of the team have experience with modern development and operations (DevOps) techniques like continuous integration and continuous deployment
  5. Member(s) of the team have experience securing digital services
  6. A Federal contracting officer is on the internal team if a third party will be used for development work
  7. A Federal budget officer is on the internal team or is a partner
  8. The appropriate privacy, civil liberties, and/or legal advisor for the department or agency is a partner
PLAY 8

Choose a modern technology stack

The technology decisions we make need to enable development teams to work efficiently and enable services to scale easily and cost-effectively. Our choices for hosting infrastructure, databases, software frameworks, programming languages and the rest of the technology stack should seek to avoid vendor lock-in and match what successful modern consumer and enterprise software companies would choose today. In particular, digital services teams should consider using open source, cloud-based, and commodity solutions across the technology stack, because of their widespread adoption and support by successful consumer and enterprise technology companies in the private sector.

Checklist

  1. Choose software frameworks that are commonly used by private-sector companies creating similar services
  2. Whenever possible, ensure that software can be deployed on a variety of commodity hardware types
  3. Ensure that each project has clear, understandable instructions for setting up a local development environment, and that team members can be quickly added or removed from projects
  4. Consider open source software solutions at every layer of the stack

Key Questions

PLAY 9

Deploy in a flexible hosting environment

Our services should be deployed on flexible infrastructure, where resources can be provisioned in real-time to meet spikes in traffic and user demand. Our digital services are crippled when we host them in data centers that market themselves as “cloud hosting” but require us to manage and maintain hardware directly. This outdated practice wastes time, weakens our disaster recovery plans, and results in significantly higher costs.

Checklist

  1. Resources are provisioned on demand
  2. Resources scale based on real-time user demand
  3. Resources are provisioned through an API
  4. Resources are available in multiple regions
  5. We only pay for resources we use
  6. Static assets are served through a content delivery network
  7. Application is hosted on commodity hardware

Key Questions

PLAY 10

Automate testing and deployments

Today, developers write automated scripts that can verify thousands of scenarios in minutes and then deploy updated code into production environments multiple times a day. They use automated performance tests which simulate surges in traffic to identify performance bottlenecks. While manual tests and quality assurance are still necessary, automated tests provide consistent and reliable protection against unintentional regressions, and make it possible for developers to confidently release frequent updates to the service.

Checklist

  1. Create automated tests that verify all user-facing functionality
  2. Create unit and integration tests to verify modules and components
  3. Run tests automatically as part of the build process
  4. Perform deployments automatically with deployment scripts, continuous delivery services, or similar techniques
  5. Conduct load and performance tests at regular intervals, including before public launch

Key Questions

PLAY 11

Manage security and privacy through reusable processes

Our digital services have to protect sensitive information and keep systems secure. This is typically a process of continuous review and improvement which should be built into the development and maintenance of the service. At the start of designing a new service or feature, the team lead should engage the appropriate privacy, security, and legal officer(s) to discuss the type of information collected, how it should be secured, how long it is kept, and how it may be used and shared. The sustained engagement of a privacy specialist helps ensure that personal data is properly managed. In addition, a key process to building a secure service is comprehensively testing and certifying the components in each layer of the technology stack for security vulnerabilities, and then to re-use these same pre-certified components for multiple services.

The following checklist provides a starting point, but teams should work closely with their privacy specialist and security engineer to meet the needs of the specific service.

Checklist

  1. Contact the appropriate privacy or legal officer of the department or agency to determine whether a System of Records Notice (SORN), Privacy Impact Assessment, or other review should be conducted
  2. Determine, in consultation with a records officer, what data is collected and why, how it is used or shared, how it is stored and secured, and how long it is kept
  3. Determine, in consultation with a privacy specialist, whether and how users are notified about how personal information is collected and used, including whether a privacy policy is needed and where it should appear, and how users will be notified in the event of a security breach
  4. Consider whether the user should be able to access, delete, or remove their information from the service
  5. “Pre-certify” the hosting infrastructure used for the project using FedRAMP
  6. Use deployment scripts to ensure configuration of production environment remains consistent and controllable

Key Questions

PLAY 12

Use data to drive decisions

At every stage of a project, we should measure how well our service is working for our users. This includes measuring how well a system performs and how people are interacting with it in real-time. Our teams and agency leadership should carefully watch these metrics to find issues and identify which bug fixes and improvements should be prioritized. Along with monitoring tools, a feedback mechanism should be in place for people to report issues directly.

Checklist

  1. Monitor system-level resource utilization in real time
  2. Monitor system performance in real-time (e.g. response time, latency, throughput, and error rates)
  3. Ensure monitoring can measure median, 95th percentile, and 98th percentile performance
  4. Create automated alerts based on this monitoring
  5. Track concurrent users in real-time, and monitor user behaviors in the aggregate to determine how well the service meets user needs
  6. Publish metrics internally
  7. Publish metrics externally
  8. Use an experimentation tool that supports multivariate testing in production

Key Questions

PLAY 13

Default to open

When we collaborate in the open and publish our data publicly, we can improve Government together. By building services more openly and publishing open data, we simplify the public’s access to government services and information, allow the public to contribute easily, and enable reuse by entrepreneurs, nonprofits, other agencies, and the public.

Checklist

  1. Offer users a mechanism to report bugs and issues, and be responsive to these reports
  2. Provide datasets to the public, in their entirety, through bulk downloads and APIs (application programming interfaces)
  3. Ensure that data from the service is explicitly in the public domain, and that rights are waived globally via an international public domain dedication, such as the “Creative Commons Zero” waiver
  4. Catalog data in the agency’s enterprise data inventory and add any public datasets to the agency’s public data listing
  5. Ensure that we maintain the rights to all data developed by third parties in a manner that is releasable and reusable at no cost to the public
  6. Ensure that we maintain contractual rights to all custom software developed by third parties in a manner that is publishable and reusable at no cost
  7. When appropriate, create a versioned API for third parties and internal users to interact with the service directly
  8. When appropriate, publish source code of projects or components online
  9. When appropriate, share your development process and progress publicly

Key Questions