Digital Code of Practice

How to apply the DCOP to your work

The DCOP is intended to apply to all public service employees and contractors involved in and accountable for digital service delivery, including those in technical, policy and decision-making roles.  

It provides direction to public service employees and contractors on how to design, build, buy and run technology and digital services. We intend for teams to use the DCOP in many ways, such as:  

• Guiding strategic planning, solution analysis and problem solving within business areas and product teams
• Assessing the alignment of a digital product or service with the direction of a digital, modern government
• Highlighting and connecting public service employees with guidance, learning opportunities and case studies that can support them in implementing practices
• Increasing accountability and clarifying the expectations for digital services
• A reference when preparing business cases and a funding request
• Supporting decision making and prioritization in ministries and for the Deputy Ministers’ Committee on Digital and Data 

Learn the 10 practices

These 10 practices are aimed at helping you create effective and impactful digital services. While each practice holds significance, they work together to create a powerful framework that helps to contribute to a more ethical, inclusive and sustainable digital future.

Design with people

The most important goal of a digital service is to meet the needs of people who use it. To deliver products and services that meet people’s needs, you need to:

• Understand the people who will use your product or service and what their needs are
• Apply human-centred design practices to make sure your product or service responds to those needs

Understanding people’s needs

Delivering great digital products and services requires a deep understanding of the people you serve and the problem you’re trying to solve for them.

Having a clear idea of these two things will make your product better for users, use resources more effectively and be easier to change and improve based on users needs. To understand the people who will use your product:

• Conduct user research throughout the entire process of design, development and delivery of your product or service
• Create user stories to have a clear idea of what the people using your product are trying to do and how you can help them
• Test with people early and often to refine your design and challenge your assumptions about people’s needs
• Seek input from a variety of users (not just “typical” ones) to understand how people with different needs or abilities might experience your service
• Regularly research and test your product during and after development to adapt to changing user needs.

Human-centred design

Once you understand the needs of people who will be using your product, that knowledge should inform every aspect of its design. Human-centred design means placing the people who will use the product at the heart of the design process, to create a product that is responsive to their needs, and:

• Helps people succeed the first time they use your product by making it as simple and easy-to-use as possible
• Ensures that your product or service solves a whole problem for people, including working with other teams and organizations to ensure that your product or service is connected to other related services
• Makes the product or service safe, modern and consistent with other government websites and services
• Creates a seamless experience by making sure people can easily move between your product to other service channels and related products, including non-digital ones
• move easily from your product to other service channels and related products, including non-digital ones
• Makes the product smooth and cohesive by mapping people’s service journey (their end-to-end experience using the product)

Embed inclusion

An inclusive service is easy to use for everyone who needs it, no matter their abilities, background, device or level of connectivity.

Inclusive digital services:

• Are designed in a user-centric way that accommodates the needs of a wide range of different people (based on user research and testing with diverse participants)
• Are accessible to everyone, including people with disabilities and people living in remote communities, Indigenous communities or areas with poor internet connectivity
• Are designed by diverse teams that value accessibility in their hiring processes and work environments
• Provide alternative ways for people to get access, including providing non-digital methods and ensuring they link seamlessly to digital ones
• Communicate in plain language so people can easily understand how they work

Inclusion

Inclusion is about making sure everyone can access online information and services. Including a wide variety of people in the service design process will help you understand how people with different needs or abilities might use your service, what barriers they might face and how you can improve their experience. This will help you refine your service and provide the best possible experience for everyone who uses it. In practice, this means:

• Recognizing the diversity of your audience and co-designing products with people who have diverse backgrounds, perspectives and accessibility needs
• Testing your product with people who will use it and taking special care to include people who are normally underrepresented in user testing
• Making your product equitable, meaning it acknowledges that everyone is different and meets the needs of people with diverse access and use requirements

Accessibility

Designing for accessibility is about eliminating barriers that prevent people from fully participating in our products, services and workplaces. Put simply, making your product accessible will mean it works for all who need it and provides the best possible experience. To make your product accessible:

• Take a proactive approach to identifying, removing and preventing barriers to accessibility
• Consider accessibility at every point in the development of the service and make accessibility testing a continuous effort
• Familiarize yourself with web content standards and guides, accessibility tools and accessibility policies and guidelines that can help you design for accessibility
• Communicate in plain language so your audience can understand your content the first time they read or hear it

Integrate ethics

Being ethical means making sure people are treated fairly and living up to Public Service ethical standards and corporate values. Integrating ethics into our products and services means:

• Building products that are fair by design, meaning they are transparent, accountable and free from bias or discrimination
• Designing in an iterative way that includes regular checks against ethical guidelines and desired outcomes and ensures these checks themselves do not reinforce biases
• Ensuring adequate safeguards, controls and documentation are in place when using automated decision-making processes, such as artificial intelligence
• Protecting people’s data in a way that respects their privacy and empowers them to have knowledge and control over how their personal data is used
• Considering the environmental impact of government digital products and minimizing their pollution and use of non-renewable resources
• Empowering all public service employees, regardless of their role to point something out when it isn’t right
• Engaging with the public to understand their expectations and the social and cultural consequences of our digital products

Ethics

Automated decision making

Some products use automated processes to make certain decisions instead of people or in support of people. Automated decision-making processes can make your product faster, more cost-effective and easier to run, but they require careful oversight and documentation. Products or services that use automated decision-making should:

• Always be supervised by people and that the team responsible for overseeing its use is clearly identified
• Be carefully trained and regularly tested to ensure they are free from errors that may cause inaccuracy, inconsistency, bias or discrimination
• Limit data repurposing, including the use of personal information to build or improve models
• Be open and transparent about how they operate, including by documenting their development and their decision-making processes
• Provide a clear process of how people can challenge their decisions if they disagree

Environmental, social and cultural implications

Considering the scale of government, our digital products can create social and cultural impacts that are not immediately clear. They can also affect the environment by contributing to pollution and unnecessary consumption. To reduce these impacts, government digital products should:

• Meet people’s expectations of fairness and be inclusive, accessible and culturally safe in order to minimize unintentional social and cultural harm
• Be designed with a clear understanding of people’s expectations by engaging with the public both during development and after they are live
• Carefully monitor and reduce their environmental footprint and help the government reach its emissions targets, including by minimizing their energy consumption, pollution, waste and use of non-renewable resources

Continuously learn and improve

The practice of continuously learning and improving is important.

This practice is about delivering products and services using agile, iterative and user-centred methods, including:

• Working in a flexible and iterative way by delivering a minimum viable product as soon as possible and making small, frequent iterative changes to it over time
• Continually re-evaluating your product to ensure it aligns with user needs and organizational goals
• Gathering insights from user testing and quantitative metrics and using them to improve your product and measure its performance
• Educating yourselves on the latest development practices, tools and technologies and incorporate them into your workflows and your product

Agile methods

Based on the Agile Manifesto, agile development methods focus on user-centricity, efficient delivery, flexibility and collaboration. Scrum, Kanban and Lean are three common agile methods useful for different reasons. For more information on how these differ, refer to this resource from the UK Government. Agile projects:

• Are based on small, multi-disciplinary teams ideal for quick decision making
• Start small and scale up by delivering a functioning prototype as quickly as possible and then rapidly re-evaluating and improving their product in short iterations called sprints
• Conduct user testing and engagement and use the information gathered to improve their product
• Take regular opportunities to evaluate how the team is performing and check they are aligned to their overall goals
• Engage with agile experts such as the Exchange Lab agile consulting team and the Agile Community of Practice

Being flexible and responsive

Agile methods allow teams to make small, rapid changes to their products rather than trying to perfect and release the product in a single push. This helps teams keep their overall objectives at the centre of the design process and makes it easier to incorporate the best technologies and practices available. To be flexible and responsive in your work:

• Use agile methods in operating and maintaining your product or service, which can extend its useful life
• Constantly re-evaluate your product and use an iterative approach to adapt it as technology, user needs and government priorities change during the development process
  • This reduces the risk of project failure, as it prevents spending time developing a product only to find it no longer meets user needs or doesn’t solve the problem it was intended to
  • It also helps reveal small issues with your product so they can be addressed as early as possible

Measuring performance

Agile methods make evaluating digital products easier and more effective. Performance measurement can help you understand the strengths and weaknesses of your product, how it impacts users and how it might be improved. To evaluate performance effectively:

• Decide which performance indicators are most important for your product, including appropriate inputs (such as cost, time and human resources) and outcomes (the impact your product has on users)
• Gather insights from people who use your service (through user research and testing) to understand and improve their experience
• Collect quantitative metrics for your product such as transaction volume, user satisfaction rates, uptime and error rates
• Use the data you gather to drive decision making about improving your product
• Share the results of your performance evaluation with the public and internal stakeholders to build trust and encourage more participation with your product

Work in the open

Open ways of working build public trust in government, encourage innovation, improve our digital products and make it easier for people to access government services and information.

Open ways of working build public trust in government, encourage innovation, improve our digital products and make it easier for people to access government services and information. Working in the open means:

• Collaborating widely and using transparent development practices to share progress and knowledge
• Relying on open-source software, interoperable open standards and existing government technology
• Publishing source code and sharing non-sensitive data when it is safe to do so

Open development practices

Transparent and collaborative practices are central to developing successful government products and services. They promote trust and transparency between government and the public and encourage others to collaborate with us. Open development practices include:

• Collaborating widely both inside and outside of government to find new ideas, help improve our products and manage issues and give back to the broader digital community
• Using transparent development practices to share your development process with colleagues and the public. For example, by using an open backlog, or by publishing design histories to track changes to your product and explain why they were made

Using open standards and solutions

Using pre-existing software help reduce development time and cost, prevent duplication, and avoid getting locked into particular vendors or contracts. It also creates transparency and consistency, making it easier for the public to understand how our products work. Using open standards and solutions looks like:

• Preferring open-source software, which is often supported by a strong community of contributors, and encouraging your team to be active in those communities
• Using open standards (freely-available file formats, protocols, and application interfaces) to support interoperability and streamline development
• Considering existing government technology such as common components, shared services and cloud services before building something new

Sharing code and data

Publishing your source code and non-sensitive data is an important part of working in the open (when it’s safe to do so). It allows others to reuse your work if they have similar needs and it encourages other developers to contribute to your product. To do this:

• Continually publish your source code during development using an accepted platform such as GitHub, which will create clearer documentation, cleaner code, and more chances to identify bugs
• Share non-sensitive data openly (including by publishing it to the BC Data Catalogue) so others can learn from your work and avoid creating duplicate data sets (see the BC Open Information and Open Data Policy)
• Understand when code and data should not be published openly. For example, when it includes personal or protected information

Take an ecosystem approach

Teams that take an ecosystem approach consider the entire government digital ecosystem in their work.

Teams that take an ecosystem approach consider the entire government digital ecosystem in their work, including:

• The role their product plays in the ecosystem and how it will impact users, their colleagues and other stakeholders
• How they can design their product to integrate and communicate easily with other systems
• How they can apply reusable technology to simplify their work and improve their product

Ecosystem thinking

Ecosystem thinking means taking a broad perspective when making decisions about your product. This includes:

• Understanding your product end-to-end so it meets user needs in a predictable and cost-effective way
• Knowing your product’s role in the ecosystem, including how it supports government priorities, provides a consistent user experience and impacts stakeholder groups
• Collaborating widely using platforms such as Communities of Practice, the DevHub, GitHub, Rocketchat or Stack Overflow
• Using smart data management practices
• Being aware of IM/IT Standards and core policies that set compliance expectations

Interoperability

Interoperable systems use shared formats and vocabularies so they can communicate with each other automatically and efficiently. These systems:

• Make user experiences easy and consistent
• Make development cheaper and faster
• Simplify back-end processes and provide better data quality and security
• Make it easier to adopt new technologies and prevent reliance on systems or products that no longer fit our needs

Open standards, open-source code, application programming interfaces (APIs) can help make your product more interoperable.

Reusable technology

Reusable technologies make development cheaper and faster by providing teams with pre-built solutions to common problems, so they don’t need to build a solution themselves. For example:

• Common components, reusable software building blocks that offer a pre-built solution to a common problem, such as taking a payment
• Shared services like government email
• Shared infrastructure such as government networks, servers and facilities

Cloud technologies

Cloud technologies provide services over the internet. They can make it easier for products to adapt and scale and can sometimes enable faster and cheaper development. The main types of cloud technologies are:

• Software-as-a-service (SaaS) resources such as those found in the SaaS Wayfinding Guide, which allow the use of applications over the internet
• Platform-as-a-service (PaaS) resources such as our private cloud development platform and public cloud hosting services provided in partnership with commercial vendors. These provides online environments to develop, test, and deploy applications
• Infrastructure-as-a-service (IaaS) resources, which allow for virtual hosting of products and services

Cloud technologies should be implemented in a way that prevents vendor lock-in by ensuring we have sufficient architecture flexibility and internal technical skills to pivot to other options if required.

Take care of information and data

Public service employees have a responsibility to manage data in a way that instills public trust and maximizes value to the public.

Public service employees have a responsibility to manage data in a way that instills public trust and maximizes value to the public. The use and impact of data and information extends beyond the business area generating data. Ministries have the responsibility to create, manage, and use data in a way that instills public trust and enables a modern, digital government. Compliance with legislation and policy is the minimum standard, and the expectation is that fantastic products and services will exceed this standard.

Taking care of information and data is much more than completing a Privacy Impact Assessment (PIA) or Security Threat Risk Assessment (STRA), and includes:

• Considering privacy at the beginning of the development process and establishing privacy protections that are proactive and preventative
• Planning for security maintenance throughout the product lifecycle, this includes vulnerability management, dependencies and maintenance
• Ensuring data is classified accurately so that it can be governed, shared and managed appropriately
• Encouraging the sharing and reuse of data to promote transparency and encourage innovation
• Ensuring government data is used effectively to enhance decision making and prevent duplication

Privacy

Privacy protections are crucial to maintaining trust in government products and services. Privacy protections should be proactive and preventative, with the goal of increasing user trust and preventing harm to individuals. You should:

• Know what good privacy practices look like and consider privacy needs as early in the design and planning phase as possible
• Consider the Privacy by Design principles, which are an established framework to develop privacy-enhanced technology
• Understand what personal information is and what legislation and policies protect it (the Freedom of Information and Protection of Privacy Act and the Privacy Management and Accountability Policy)
• Complete a Privacy Impact Assessment, which documents how a proposed program or activity meets the Province’s legislative obligations. A PIA must be completed for all products and services
• Have a process in place to audit your privacy protections and train staff on privacy issues

Security

Strong security practices are an essential part of managing information and data. The technical security elements of your digital product or service will vary, but information security principles can be applied regardless of specific technical details. You should:

• Consult with ministry security experts as early as possible to understand information security implications
• Actively seek out security threats throughout the life of the product (using automated processes where appropriate) and have a plan to mitigate them
• When planning for security implications through the product lifecycle it is important to consider how updates, including vulnerability management will be managed and budgeted for
• Complete a Security Threat and Risk Assessment for your product
• Document security decisions so the information is available to new team members and auditors

Data management

The foundation of a modern, digital government is ethical, accurate, accessible data. A key part of responsible data stewardship is making sure we can unlock data’s value to improve government service delivery and enable evidence-based decision making. Using data effectively means:

• Storing data in ways that are clear, well-structured, and interoperable so they can be easily managed and analyzed
• Classifying data within your control using the Information Security Classification Standard
• Working to improve the quality of government data so it is accurate, complete and reliable (for example by allowing the public to correct errors in their personal information)
• Collecting data from people only once (if possible) and reusing data that’s already been collected whenever possible (where consent is given)
• Knowing and following data management policies that apply to your work (such as the Information Security Policy, the Data Management Policy (in development), and the Managing Government Information Policy)

Data sharing and reuse

Practices that support data sharing and reuse include:

• Storing data in well-organized, machine-readable formats so it can be easily accessed and reused
• Consideration for how data can be accessed and shared in the design phase of the product or service
• Using interoperable data formats that promote easy data exchange, including by following the Application Programming Interface (API) Guidelines
• Use of corporate data publication and sharing services, including the BC Data Catalogue, BC Geographic Warehouse and web-based mapping services
• Participating in innovative data sharing organizations such as data commons like the Data Innovation Program

Manage risks proportionately

Citizens expect the government to protect their legal interests, to provide safe and secure services, and to use our limited resources in the most efficient way.

Citizens have high expectations of government. They expect the government to protect their legal interests, provide safe and secure services, and use our limited resources in the most efficient way. In meeting these expectations, it is important that we acknowledge risk and consult with subject matter experts and stakeholders to identify risk and plan to mitigate it.

Risk is the likelihood that an event may occur, quantified by the anticipated impact of that event. Risk is inherent in all activities. Relevant risks in the context of digital service delivery include:

• Legal risk, like falling short of legal obligations
• Reputational risk, like undermining public trust in the government
• Project risk, like a project not providing its intended benefits, or exceeding its budget or schedule
• Privacy risk, like a loss of users’ personal information
• Security risk, like a bad actor gaining access to a system or revealing confidential information
• Operational risk, like a service interruption

Compliance and risk

Where legislation, regulation or contract language defines a standard of compliance, a team cannot ‘risk manage’ activities that do not meet this standard. Operating outside of legal boundaries is not only risky but is non-compliant. This differentiation is important to keep in mind, especially when discussing and managing privacy and legal risks.

Collaborative risk management

Risk management is not a solitary exercise and requires a collaborative effort to ensure the right perspectives are included. The assessment of likelihood and impact should involve subject matter experts and stakeholders. The expertise offered by these parties is essential in identifying and assessing risk accurately and recommending realistic mitigation strategies. The expectation is not that all public service employees are able to identify and manage all types of risk themselves, but that all public service employees are able to acknowledge where risk exists and consult with the relevant subject matter experts. This consultation and any subsequent risk assessment and implementation of mitigative strategies should be documented. This documentation could be as simple as an email and should be retained with other project documents. Where the decision not to implement any mitigative measures is made, that should also be documented with a rationale.

Planning for project risk

Project risk is the likelihood of a negative outcome happening to a project. Projects risks can be posed by things both within and outside of the control of a project team. Even where potential events are outside of the control of the project team, they need to be acknowledged and planned for where the likelihood or impact are significant. Cost overrun, scope increases and changes to political priorities are all examples of common project risks that should be considered. Anticipated project risks should be addressed by clear, flexible and well documented risk mitigation strategies.

Build diverse teams and internal capacity

Delivering great digital products and services means creating diverse, capable teams and giving them the support and flexibility they need to do their jobs right.

Delivering great products and services means creating diverse, capable teams and giving them the support and flexibility they need to do their jobs right. Digital delivery teams should:

• Include people with diverse skillsets and backgrounds to ensure capability and inclusiveness
• Have the resources they need to build digital products properly, maintain them, and attract and retain the best talent in the industry
• Have support from executive- and supervisory-level leaders who encourage innovation and collaboration

Encourage diverse skillsets and backgrounds

The best products and services are made by multi-disciplinary teams with diverse skillsets and backgrounds. Diverse teams are innovative, flexible, capable and reflect the communities they serve. These teams:

• Have a dedicated role with the authority to make most decisions about the product
• Have technical knowledge sufficient to build and maintain the product’s entire technology stack
• Have user experience, service design and content design expertise
• Have access to subject matter experts who can provide specialized security, privacy, policy, legal or technical advice as needed
• Have adequate representation from business areas that will be implementing the product or service (including non-digital service delivery staff)
• Reduce barriers to diversity by ensuring your workplace and hiring practices are accessible and inclusive
• Collaborate widely, share their work, and benefit from lessons learned by teams in other governments and the private sector
• Include an appropriate blend of public service employees and contracted resources. Leaders should ensure that key knowledge roles like product managers are resourced with internal resources to reduce dependence on vendor

Digital leadership and support

Creating excellent digital products is impossible without talent, and talent requires proper support. Creating a healthy digital ecosystem means attracting the best talent in the industry and ensuring they have the resourcing and support they need to work at their best. This means:

• Ensuring teams are properly resourced (by public service employees and contractors, where necessary) and have the flexibility to adapt their team as development progresses
• Prioritizing competitive compensation and innovative projects to attract and retain the best digital minds available
• Having leaders that understand how to support digital talent by:
  • Providing talent with opportunities for learning and career development
  • Creating an organizational culture that encourages innovation, experimentation, collaboration and learning
  • Ensuring gaps in resourcing are quickly identified and filled
  • Structuring delivery teams to have minimal hierarchy so everyone is encouraged to voice their opinion and trust it will be respected
  • Establishing proper mentorship and documentation to ensure knowledge is retained and minimize the risk of brain-drain

Express cultural and historical awareness and respect

In acknowledging the historical relationships, inequity, trauma, and discrimination created by government, we must commit to do better and raise the standard of care in our work with Indigenous communities and peoples.

Cultural and historical awareness and respect is foundational in our work as public service employees, and in digital service delivery. In acknowledging the historical relationships, inequity, trauma and discrimination created by government, we must commit to do better and raise the standard of care in our work with Indigenous communities and peoples.

The implementation of this practice will look different depending on your role in digital service delivery, but the consistent element will be working in the spirit of Reconciliation and B.C. ’s Draft Principles guiding our relationship with Indigenous peoples.

Data governance and stewardship

Historically and today, Indigenous data has been designed, collected, analyzed, interpreted and disseminated without consideration for the needs and priorities of Indigenous peoples. In order to make progress towards Reconciliation, these practices need to change, and instead meaningfully incorporate Indigenous voices into the decision-making process throughout the entire data lifecycle.

Ownership and control over data is key to self-determination and self-governance. Indigenous peoples have control over data collection processes in their communities, they own their information and have control over how it can be used. In the context of digital service delivery, it is paramount to ensure that data collection, use and sharing with Indigenous communities is thoughtfully considered, documented and implemented in alignment with existing documentation of Indigenous perspectives. These perspectives include the Truth and Reconciliation Commission Calls to Action, UNDRIP, and BC Declaration Act. Once this background learning has taken place, teams may begin to establish ongoing partnerships with impacted parties.

Meaningful engagement with First Nations must include conversations about data governance. These conversations may result in the development of an information sharing or data sharing agreement. These agreements document the roles, responsibilities and expectations of each data sharing partner and support a productive, respectful government to government relationship.

Indigenous language

Language is fundamental to culture and identity. Technology can support access to services in Indigenous languages and promote awareness of Indigenous languages to the citizens of British Columbia. Where there is support from the relevant communities, services may be offered in Indigenous languages, use Indigenous place names and support Indigenous characters. The work of preservation, revitalization and strengthening of Indigenous languages is best led by Indigenous people and communities. All work towards this practice must be done in close consultation and with the authorization of Indigenous partners.

Where possible, digital services must respect Indigenous peoples right to identify themselves in a way that respects their language and culture. The ability to accept the special characters and accents of Indigenous languages should be prioritized when designing, building and buying digital services.

Pair the DCOP with other resources

The DCOP is one of many resources supporting digital service delivery in the BC Public Service. The DCOP should be applied in conjunction with:

• The Digital Principles
• Applicable legislation, including the Freedom of Information and Protection of Privacy Act and Information Management Act
• The Public Service Standards of Conduct, Corporate Values and Oath of Employment
• Core policy, including Core Policy and Procedures Manual Chapter 12
• Supporting corporate policies and standards, including the Managing Government Information Policy, Data Management Policy (in development), Information Security Policy and Privacy Management and Accountability Policy