TDA Submission Template - Data Alignment
Introduction
This guidance has been designed to help project teams submitting proposals to the Technical Design Authority (TDA) using the TDA Submission Template.
Teams are asked to supply details of how their proposal meets specified criteria in three areas - architecture, security and data.
This section contains information on each item listed in the “Data Alignment” section of the presentation, and provides guidance by attempting to answer three questions.
- What does the item mean in this context?
- Why does the item need to be addressed?
- How would a team go about meeting the item requirements?
Is data created or maintained by the product treated as an asset (product)?
What? – An assessment on handling the data produced by your service/product. Data should be treated as a “product/asset”
- if there are data requirements outside of the system
- if generated data is used or required by anyone working outside the system
Why? – To meet the conditions required for point 10 of the Technology Code of Practice (TCoP) your presentation should outline how the product will handle product data.
If you’re going through the spend control process you need to explain how you’re meeting TCoP point 10.
How? – Review the section “Plan how you will manage your data throughout its lifecycle” in TCoP point 10. Include information related to handling product data and instances where it is used outside of the proposed service/product.
Is data accessible and shareable?
What? – Decide who your solution data is shared with and accessible to (platforms? APIs?). Data integration may require an agreement at agency or organisation level (for example, data on prisons being embedded/aligned with the HMPPS data hub). Operational use can also dictate how the proposal is embedded. You may need to plan for any potential changes in data capture which could affect the setup for the current integration.
Why? – To meet the conditions required for TCoP point 10 your proposal should demonstrate your service can integrate with current systems without impacting any data requirements.
If you’re going through the spend control process you need to explain how you’re meeting TCoP point 10.
How? – Review the section “Publishing and sharing your data” in TCoP point 10 to check your proposal meets the necessary requirements for data access and sharing. Include any relevant information in your presentation.
Is access to data authenticated and authorised appropriately?
What? – Data access requirements for your service need to be defined. These can include using authentication and/or authorisation, establishing a level of security clearance, using anonymisation, applying an approval flow for information assets or listing data in Catalogue (Find MOJ Data).
Why? – To meet the conditions required for TCoP point 10 and TCoP point 6 you will need to explain how your proposal will guarantee data security.
If you’re going through the spend control process you need to explain how you’re meeting TCoP point 10.
How? – Review the section “Use proportionate security for your technology” in TCoP point 6 to check your proposal applies all required data regulations. Section 9 of the GOV.UK service standard includes information on securing a service.
Are you meeting relevant data regulations?
What? – Products and services which work with data are required to comply with current data regulations. If data movement is required, a Data Protection Impact Assessment (DPIA) needs to be completed to meet General Data Protection Regulation (GDPR) requirements. Data sharing agreements/memoranda of understanding with external departments may also be required.
Why? – In order to meet the requirements for TCoP point 10 you will need to demonstrate how your proposal complies with any relevant data regulations.
If you’re going through the spend control process you need to explain how you’re meeting TCoP point 10.
How? – Review the section “Follow the required data regulations” in TCoP point 10 to check your proposal complies with to all relevant data regulations. There are links to various sources including the Data Protection Act and GDPR. Include any necessary information in your presentation.