Skip to main content

This is how Cabinet Office do Digital. Feedback form.

Technical Design Authority (TDA)

The mission of the Cabinet Office Technical Design Authority (CO TDA) oversee the architecture and ensure that all technology decisions align with the overall Cabinet Office Digital strategic goals..

You can get in touch with the Technical Design Authority with co-tda@cabinetoffice.gov.uk.

Terms of Reference (v1.4)

The Cabinet Office Technical Design Authority (CO-TDA) is the overall technical authority for Cabinet Office, led by CO Digital. The purpose of the CO-TDA is to advise and assure technical design and decision making in the Cabinet Office. It will provide direction in the following key areas

  • Ensuring architectural cohesion and adherence to strategies
  • Reducing shadow IT and technical risk
  • Increase cost efficiency through convergence and consolidation
  • Identification of technical debt and solutions to roadmap reduction
  • Technology choices
  • Investment in strategic technology through the Technology Register

The CO-TDA is led and operated by the Cabinet Office Chief Technology Officer on behalf of the Cabinet Office Executive Committee and the Cabinet Office Chief Digital and Information Officer.

Engagement with the CO-TDA will be at various stages and key elements of a programme on a formal basis and informally through delegated authority from within the Cabinet Office Digital Architecture, Technology and Engineering community who will provide advisory, consulting and assurance services to Programmes, Business Units and ALBs. The CO-TDA are independent of any Programme or Project and will provide impartial direction based upon submitted evidence in line with the expected inputs for the board.

The CO-TDA will provide direction and support in the following areas:

  • Solution Design - Provision of thought leadership and direction to support development of the solution and to ensure alignment to the strategic vision;
  • Change Management - Will maintain the integrity of the design and programme as it accommodates change. Holds authority to accept or reject change based upon alignment to the strategic vision and will make informed decisions based on quantifiable benefits of a proposed change;
  • *Governance *- Assurance of design, build, test and implementation to ensure it aligns to the target operating model and realises expected benefits and vision;
  • Readiness Assessment - Ensures that solutions and the business are ready for production usage – outputs from service assessments would form part of a submission;
  • *Standards *- Provides the framework for development and delivering the design through a programme.

Approval from the CO-TDA and Spend Controls is a prerequisite for entry into the Cabinet Office Approval Board (COAB) and the Authority owns the technical decision making for the department in line with the to be created ‘Technology Strategy’ and Decision Right Framework. The CO-TDA is also responsible for technical debt remediation activities and technical risk identification and management across the Cabinet Office where overall accountability lies with the Accounting Officer for the Department. The CO-TDA is a mandated input into all technology programmes across Cabinet Office, Arms Length Bodies and associated entities, and Programmes are required to have appropriate Programme Board representation from the CO-TDA.

The CO-TDA will meet weekly for 2 hours on Monday in a virtual meeting. The meeting will be scheduled from 1300-1500. A forward look will be published to ensure that appropriately interested stakeholders can attend the meeting. Decisions will be communicated in a written form to the submitting parties, and appropriate stakeholders, alongside any risks or constraints placed upon the submission in line with the defined outputs of the CO-TDA.

Authority

The CO-TDA is authorised as the overall technical decision maker for Cabinet Office under delegation from the Cabinet Office Executive Committee (ExCO).

The CO-TDA is a mandatory step before the cases can be submitted to the Cabinet Office Approvals Board for consideration, providing technical advice or direction on deliverability, risk, strategic alignment and sustainability of the proposed technology service. CO-TDA approval will be assessed within the scope of COAB to ensure technical solutions are fit for purpose and funded across the full lifecycle.

The CO-TDA will hold the following roles in the discharge of this authority.

Enterprise Technical Design Assurance

The CO-TDA will provide assurance and advisory to all technology programmes, up to and including SECRET data classification (from TDA Phase 2), under the following standards

  • Cabinet Office policy and legal obligations (e.g. the Secretary of State’s Code of Practice issued under section 46 of the Freedom of Information Act 2000);
  • UK Government Technology Code of Practice;
  • UK Government Service Standard;
  • Uk Government Digital and Data Strategy;
  • The to be defined Cabinet Office Technology Strategies aligned to wider UK Government policy, Cross Govt DDaT Strategy and the standards referenced above.

The CO-TDA will pay particular attention to the following areas in support of the Cabinet Office Approvals Board

  • Technical deliverability of programmes, MVPs, products and services;
  • Temporary increase in tech debt and roadmap to elimination;
  • Assessment of delivery risk and assurance of appropriate resourcing within the business case (an input from Spend Controls)
  • Whole-life funding with a focus on run, sustain and decommissioning (an input from Spend Controls).

The CO-TDA will also undertake a core accountability in relation to Digital and Technology Spend Control by providing mandatory input into spend approval throughout the technology and data investment lifecycle. This accountability will focus on spend approval ensuring sustainment funding and resourcing is available through the investment lifecycle.

Cabinet Office Technology Strategy

The CO-TDA will have a mandatory role in the agreement of the Cabinet Office Technology Strategy and any changes made to the Strategy as may be required.

Assurance of technical designs will take into account the Strategy which is likely to contain principles covering the following areas;

  • Technology Convergence;
  • Shared Technology Products and Services;
  • Reduction of Technical Debt;
  • Enabling Data Driven Decision Making;
  • Other areas to be defined according to the specific needs of the Department.

The Technology Strategy will be underpinned by the definition of policies and standards, which will be owned by the Cabinet Office Chief Technology Officer (CTO) and maintained by the CO-TDA, covering the following.

  • Architecture Principles;
  • Engineering Standards;
  • Approved Technology Patterns;
  • Appropriate Policies related to engineering, architecture, technology tooling, platform management and cost control.

Architecture & Engineering Principles, Policies and Standards

The CO-TDA will have a mandatory role in the agreement of Architecture and Engineering Principles, Policies and Standards for the Department. This will also include technology and architecture patterns.

  • During Phase 2 of TDA formation the underpinning strategies, blueprints and patterns will be created and made available to all.

Each area will be reviewed at least annually to ensure that they remain relevant and at any time when change is required due to external factors.

  • A review process will need to be designed and documented in a later version of this ToR

Roadmaps

The CO-TDA will have a mandatory role in the approval of the technology roadmaps for programmes, systems, products and services in the Cabinet Office. This is to ensure that roadmaps are defined in accordance with the Cabinet Office Technology Strategy, to provide visibility of technology risk, to ensure that exemptions and dispensations are being managed out of the solution as part of the overall plan and to identify technical debt remediation as part of the lifecycle.

Cabinet Office System Register

The CO-TDA will hold a responsibility for ensuring the Cabinet Office System Register is up to date where accountability lies with the Enterprise Architecture teams. CO-TDA will ensure that the register is up to date for submissions to the authority and ensure population where there is no information, or missing information. The System Register will contain the following information as a minimum:

  • System Name
  • Purpose
  • Business System Owner
  • Technology System Owner
  • Data Owner
  • Business Data Domains
  • Technology Stacks
  • Exemptions and Dispensations Issued
  • Other pertinent information necessary for the operation of the System and the CO–TDA

Submissions with no System Register entry will be required to update this information prior to any approval from CO-TDA, or in the case of a new system this will be validated during the approval to operate processes.

For the purposes of consistency products and services will be defined as Systems in order to ensure that a complete catalogue of this information is maintained. It will operate in alignment and coordination with the Product Function in Cabinet Office Digital.

The System Register will be available for all to view and access will not be restricted.

Cabinet Office Technology Register

The CO-TDA will own the Technology Register for the Cabinet Office including the approval to move phases for a technology based on a model of Invest, Tolerate, Eliminate, Migrate at a macro level. At the tooling level a model of Adopt, Evaluate, Trial and Remove will be used to manage technology investment strategically across Cabinet Office.

In order to manage the Technology Register effectively the following information will be captured

  • Technology;
  • Category/Purpose (Development, RDBMS, Logging, etc);
  • Phase;
  • Usage (all systems, products and services using the technology should be known);
  • Vendor;
  • Licence model;
  • Versions in use (documented by system, product and service);
  • Security Concerns;
  • Data classification (Official, Official-Sensitive, Secret etc);
  • Handling caveat (Sensitive, Commercial etc)
  • Approved Use Cases;
  • Other information as may be required to operate the technology landscape effectively.

All technology to be introduced to the estate will be subject to logging by the CO-TDA in the Technology Register and the Use Case should be logged by the appropriate department to support more cost effective technology use across Cabinet Office. Variation of the Use Cases for a technology product will require examination of the need and the phase of the tool.

The Technology Register will be reviewed regularly to identify opportunities to converge duplicate technologies into strategic tools and to ensure that Cabinet Office is strategically managing technology costs and risks. This will take into account the total cost of ownership including service, evolution of products which make use of a particular technology and the resource skills market to inform decision making for removal of any tools in the future.

The Technology Register will be available for all to view and access will not be restricted.

Exemptions & Dispensations

The CO-TDA will hold accountability for issuing exemptions and dispensations from strategic alignment for technology choices, decisions, architecture patterns and all other related areas.

Exemptions and dispensations will require the clear identification of technical debt which will be accrued as a result and will be time-bound within the scope of the requesting programme. A plan for remediation will be required as a fully funded activity which will be assessed regularly to ensure that risk does not increase as a result of choices made in order to facilitate pragmatic delivery of critical services.

Remediation can take many forms - Where some capabilities do not meet strategy they should be replaced. Where the entire service has been exempted a roadmap should plan for replacement with strategically aligned alternatives

All exemptions and dispensations will be held on a risk register within the programme or product and referenced within the decision log for the CO-TDA along with review and expiration dates. These will be communicated to appropriate authorities based upon the level of risk and impact associated with the decision.

The risk register will be available for all to view and access will not be restricted.

Scope of Authority

The CO-TDA will hold authority over all technology decision making within the Cabinet Office and its Business Units (including ALBs and executive agencies)

Where the programme is under the authority of an Arms Length Body or associated entity a shared authority model will be considered depending upon the desire of the entity and the ability to deliver technical assurance and strategic alignment as part of existing technology and architecture capabilities.

CO-TDA Triggers

The following triggers will apply for appearance at CO-TDA:

  • A new programme seeking funding;
  • Scope variation to an existing programme which requires a change in architecture, technology or requires additional funding;
  • Significant increase in technical risk;
  • Movement between delivery phases where it is appropriate based on scale, technical risk or other factors which requires enhanced oversight;
  • application/ system seeking approval to operate/ go into production phase;
  • Seeking the use of new technologies or to seek guidance on the variation of use cases for specific technologies;
    • A separate technology forum will be created to showcase technologies
  • Move between phases on the Technology Register;
  • To apply for an exemption or dispensation and to report upon progress in line with the time bound nature of both;
  • To approve digital and technology spend;
  • To determine the appropriate governance model for the programme;
  • At any time subject to the authority of the CO-TDA to provide continual assurance to technology delivery.

Principles

The Technology, Architecture and Engineering Principles against which Programmes, Products and Services will be assessed are to be defined within the Technology Strategy and associated artefacts. An initial draft set is defined in Appendix A to provide information on the direction of travel and initial guidance ahead of formal creation and sign off.

Governance models

At the onset of a programme, the business units should engage with CO-TDA and agree on a governance structure that is proportionate to the risk and nature of the programme, capabilities of the business unit:

Early engagement is recommended and will follow standard submission process using templated TDA slide deck which will be available from CO Digital TDA drive location (tbd).

Direct governance model

The direct governance model is the default model.

Shared governance model

CO-TDA will only consider a shared governance model if:

  • the end-to-end solutions are not solely accountable by the Cabinet Office
  • the programme has multiple, external stakeholders to the Cabinet Office
  • the business unit has a matured, internal technical governance and assurance capabilities and is accountable for their own technical designs, data and information and cyber security
  • the business unit is an arm-length-body (ALB) and is accountable for their own technical designs, data and information management and cyber security

Business units shall apply for a shared responsibility model with CO-TDA at the onset of a programme and will be bound by the decision of the CO-TDA.

Inputs and Outputs

Inputs

Submissions to the Technical Design Authority require technical and architectural artefacts to be provided at least one week prior to the board meeting.

CO Digital will make available a submission template which will be available in the CO Digital TDA drive. The template will provide guidance at each section.

Availability of the following information and artefacts will make template completion simpler:

Required information Description
Name of initiative Name of the initiative to be considered by the authority
Key contacts Include at least the Senior Responsible Owner, Lead technologist, Service owner, Data Owner
Approval stage/ design decision The stage or pre-defined checkpoint of technical design decision required to be approved
Spend Control Engagement Evidence of engagement with the Spend Control team and artefacts detailing planned and forward view (whole life) spend will be required as part of the input into the TDA process.
Architecture artefacts Architecture artefacts, depending on the maturity of your solution, are architectural vision and high-level design, integrations to other systems and the interfaces.
Principle Alignment Assessment A high level assessment of alignment to strategic architectural principles supported by justification for any divergence and a plan to remediate associated debt/risk.
Risk Assessment An assessment of the top technical risks with remediation plans articulated and supported by appropriate funding provision.
Risk Appetite A statement of risk appetite from the System Owner to inform decision making and recommendations within CO-TDA.
Service Architecture Defined service architecture with an assessment of alignment to the defined service model for Cabinet Office supported by justification for any divergence and information related to cost of divergence and the funding model.
Security design and compliance Evidence of the design complies with CO security standards, and security governance model.
Data Protection Impact Assessment Business Units should always have considered the data privacy and information management implications of their proposal and started the relevant impact assessment process before a CO-TDA assessment.
Information and record management Details of any data or information management systems proposed, as appropriate. E.g. Google workspace, Office365
Product Backlog Sight of the product backlog, user needs and epics which will be driving the development of the product with specific focus on any architecturally significant requirements.
Non-Functional Requirements Defined NFRs which are impacting the architecture.

Outputs

The CO-TDA will provide the following outputs which will be stored in an accessible drive location (tbd).

Output Description
Minutes Minutes of the meeting including decisions, caveats and constraints.
Decision Log A record of all decisions taken by the CO-TDA with justifications and scope where appropriate
Risks & Issues All risks and issues identified by the CO-TDA will be documented and provided to the Programme authority.
Exemptions & Dispensations Log A record of all exemptions and dispensations issued by the CO-TDA will be documented and published. This log will contain details of the scope of the dispensation and the date of expiry. Exemptions and Dispensations will also be sent to the Programme authority and should be tracked in the Issues Log for the Programme to ensure mitigation and funding is made available within the available time frame.
COAB engagement paper Where necessary for COAB involvement in the submission or TDA process a paper will be prepared with appropriate inputs from TDA and other key governance areas (such as spend control)
Submission Guidance paper Where a submission is rejected an output to the submitting project/programme will be provided detailing guidance and recommendations for subsequent submission.
Forward Schedule A schedule of attendance at CO-TDA will be provided with details of the decision being sought by the submitting authority to allow attendance by appropriate stakeholders where appropriate.

Decisions

Each case will be provided with a formal decision described below:

Decision Description
Approved The authority has approved the submission, without further due diligence needed at this stage.
Not approved The authority has prohibited the submission from proceeding further due to the critical technical or non-technical risks identified.
Resubmit for approval The authority defers a decision and requests for more information to be submitted, or changes to be made. The Authority shall agree a date for the revision to be submitted. Some resubmissions may be able to be handled out of committee.

Membership

Role Responsibilities
Chair
  • To chair the CO-TDA Authority panel meeting.
Architecture
  • To provide perspectives around solution and data architecture in alignment to architecture principles, strategies and guidance.
Information Management
  • To provide perspectives around knowledge, information and records management.
Cyber Security
  • To provide perspectives around cyber security and technology are “secured by design”.
Data protection
  • To provide perspectives around data protection and data privacy
Spend Assurance
  • The spend team will already have produced a spend review in relation to the submission and will provide assurance and advice in that regard
Service design
  • To provide perspectives around product, service design and operationality and ongoing support
Subject Matter Expert(s)
  • To provide additional perspectives around a specific technical subject matter area, invited as required
Subject Matter Expert(s) - Secret category
  • To provide additional perspectives around technical designs of technology systems and digital platforms to process information classified at SECRET, invited as required
Programme and Product representatives and solution architect
  • To provide inputs to the proposed architecture and evidence against compliance and alignment to the governance, invited as required

The approval decision is the authority of the Cabinet Office Chief Technology Officer with input from the membership.

The membership are responsible for delegating to appropriate representatives when unable to attend.

Empowerment of Programmes

The CO-TDA may choose to further delegate accountability to Programmes where appropriate. The scope of this empowerment will be according to the risk and requirements of the programme under the following guidelines.

Factor Description
Technology Risk The risk associated with the technologies and tooling being used to deliver the programme or where the technology is of significant interest on a strategic basis will inform the level of delegation or oversight from CO-TDA.
Programme Status The RAG status of the programme will influence the level of delegation or oversight from CO-TDA.
GMPP Status The identification of a programme as being on the Government Major Projects and Programmes list will not impact the delegation of authority but will increase the frequency of CO-TDA engagement to assure technology delivery.
Delivery Phase CO-TDA will delegate authority on the basis of the programme phase with higher levels of governance intervention in early phases

A project or programme may request delegated accountability during the TDA initial engagement process. If granted, then a shared governance model (below) will be applied.

This page was last reviewed on 4 November 2024.