Academic Technology Approval Scheme - Self Certification
Academic Technology Approval Scheme (ATAS) is a vetting service for foreign students who come to the UK to study proliferation-sensitive topics.
Department / Agency:
Foreign & Commonwealth Office
Date of Assessment:
ATAS is a vetting service for foreign students who come to UK to study proliferation-sensitive topics. About 20,000 applications are made a year. The assessment panel were given a walkthrough of the service. The transaction consists of an online form which applicants complete combined with a backend which the FCO uses as it processes applications. A login is required to the system. It replaces a previous system which is now well out of date.
There is a dedicated service manager who is also the policy lead official.
The service was developed by an external supplier experienced in agile development, alongside GDS who took on a role helping FCO manage the contract (at that point, FCO had limited internal expertise in service transformation). An additional supplier took on work to finalise development and will also maintain the service.
The team drew on customer feedback on the previous system and also tested the new transaction with around 20 students who had also used that system. Feedback fed into user stories that went back to the developers and led to changes to the service, e.g. clarifying some of the requirements; making improvements to the back end of the service. Several important user stories remain outstanding.
Post launch the team will continue monitoring feedback to their service mailbox. There will also be a schedule of user testing as part of the broader user testing arrangements being putting in place by the Digital Transformation Unit.
Security, data, testing and standards
Data protection arrangements have been defined and approved by the Senior Information Risk Owner and internal IT security advisers. There is a high data protection requirement given that some data is kept indefinitely to compare with previous applications.
Security tests have been carried out and outstanding issues are being rectified. The requirement for future tests is built into maintenance arrangements.
Hosting arrangements reflect the high data protection requirement.
The source code was peer reviewed by GDS before being finalised by the supplier. At present security requirements are too entangled with the general code to allow general open source release. This is something that could be reviewed in the future.
A login is required for the service. The service is targeted exclusively at foreign nationals, and therefore out of scope of the Verify service.
A development site will be in place post live.
In terms of major problems, the team can, in extremis, tolerate some outages or fall back to a non-digital service. The maintenance contract with the supplier provides SLAs on dealing with different levels of service problem.
Assisted digital and digital take-up
The service is fully digital. The Digital Transformation Unit will be looking at assisted digital needs more broadly over the coming year.
The system has been designed in line with the GOV.UK style guide (though see below) and is fully responsive.
Analysis and benchmarking
The service will provide data on the number of applications, while the supplier is standing by to install the PIWIK web analytics used by the Digital Transformation Unit.
The team have had some contact with GDS on integration of this data into the performance platform.
A done page will be worked on with GDS, providing satisfaction rates.
Testing the service with the minister
The team intend for the minister to test the service shortly before it goes live.
The assessors concluded the new transaction was a very significant improvement on the previous service – better designed, responsive, underpinned by a service level agreement in place and analytics. The service has also been developed in line with the Digital by Default Service Standard.
The assessors noted, however, a number of actions that needed to be taken before the service could go live. Subject to those actions being completed they approved the service for launch in live beta (with the previous service being decommissioned). This reflects the scope for more user testing to further refine the transaction before full live.
The Assessors would like to be updated on progress against these actions before live beta and again before full live.
Actions required before live beta
- The transaction, including guidance around the service, should be double checked by a content designer to ensure text is as streamlined as possible and the entire transaction is in line with the GOV.UK style guide (e.g. in terms of footers; positioning of key actions; headers; buttons etc).
- The team should develop a clearer user testing schedule, taking advantage of the live beta period as well as the May-September peak period for service use. The team should make sure they have arrangements in place to iterate the service based on user testing.
- The team should fix, or ensure acceptable mitigation, for the few outstanding medium/high security issues.
Actions required before full live
- The team should ensure that the incoming service manager has completed GDS service manager training.
- The team should collect metrics on how their ongoing suppliers are performing so they can make future decisions e.g. on hosting.
- The team should resolve some minor styling issues around making the service fully responsive.
- The team should consider offline statistics they could add to the performance platform, e.g. how long it is taking an application to be processed and approval/rejection rate.
- The team should work up cost per transaction figures that are comparable with the old system.
- The team should engage with GDS on how to surface ATAS in internal GOV.UK search.
- The team should formalise their plan for what they will do in the event the service is temporarily offline; the service should have been tested with minister.
Results Against the Digital by Default Criteria: