Guidelines
Standards and best practices organised by project lifecycle. Follow these guidelines to build services that meet Ministry of Justice and cross-government expectations.
1. Project Inception
Starting your project — understanding the problem, assessing feasibility, and planning your approach.
- Choosing a hosting platform— How to decide between Cloud Platform, Modernisation Platform, and other hosting options for your service.
- Preparing for service assessments— What to expect from GDS service assessments and how to prepare your team.
- GOV.UK Service Manual (opens in a new tab)— GDS guidance on researching, designing, building, and running government services.
- Service Standard (opens in a new tab)— The 14-point Service Standard that government services must meet.
2. Development & Iteration
Building your service — coding standards, security practices, and agile delivery.
- API design standards— RESTful API design principles, versioning strategy, error handling, and pagination patterns.
- Source control and branching— Git workflow standards, branch naming conventions, commit message formats, and code review expectations.
- Security in development— Secure coding practices, dependency scanning, secret management, and threat modelling for development teams.
- GDS API Technical & Data Standards (opens in a new tab)— Cross-government standards for building and naming APIs, data formats, and integration patterns.
- NCSC Secure Development & Deployment (opens in a new tab)— National Cyber Security Centre collection on secure development lifecycle, deployment, and supply chain security.
3. Technology Choice
Choosing the right tools — languages, frameworks, platforms, and open source.
- Making technology choices— Framework for evaluating and choosing programming languages, frameworks, and tools for your service.
- Coding in the open— When and how to make your code open source. Licensing, sensitive data, and the benefits of working in the open.
- Technology Code of Practice (opens in a new tab)— Cross-government guidance on how to design, build, and buy technology.
- GOV.UK Design System (opens in a new tab)— Styles, components, and patterns for designing government services.
4. Standards & Best Practices
Cross-cutting standards — accessibility, security, incident management, and operational excellence.
- Accessibility requirements— WCAG 2.2 AA compliance requirements, testing approach, and accessibility statements for government services.
- AI Governance Framework (opens in a new tab)— MoJ guidance on responsible AI use — risk assessment, transparency, accountability, and ethical considerations.
- Incident management— How to handle production incidents — severity levels, communication, runbooks, and post-incident reviews.
- NCSC Cloud Security Guidance (opens in a new tab)— National Cyber Security Centre principles for securing cloud-hosted services.
5. Measuring Success
Understanding impact — metrics, monitoring, service health, and user satisfaction.
- Measuring service health— Key metrics, SLIs/SLOs, monitoring dashboards, and how to report on service performance.
- Measuring service performance (opens in a new tab)— GDS guidance on KPIs, cost per transaction, user satisfaction, and digital take-up.