This standard assists Commonwealth entities to ensure digital portals are accessible to all, discoverable by search engines, functional across different technologies (browsers, devices, operating systems) and able to provide a consistent user experience.
Apply this standard
These statements detail what entities need to do to comply with the Digital portal policy.
Consolidate services into a single access point
Entities must:
- make informed decisions and commit to reducing the duplication of digital front doors, in line with the Digital access standard
- follow the myGov decision-making framework to determine whether they should connect their service to myGov.
Entities should:
- integrate any new public-facing digital service for individuals with myGov, rather than creating a new digital portal, wherever possible
- integrate any new public-facing digital service for businesses with existing access points such as informational websites, digital portals and web applications accessed from web browsers, wherever this can reasonably be achieved
- develop a strategy for integrating their service with an existing access point
- evaluate whether there are any technical or legal challenges in making a new service available through an existing access point
- engage with delivery partners to assess how these challenges could be overcome
- monitor and manage the performance of their digital access points
- demonstrate and report on compliance with the Digital access standard through existing DTA data collection mechanisms, such as the Digital and ICT Approved Programs Collection.
The DTA will monitor compliance with the Digital access standard through existing data collection mechanisms. See Measuring success of the Digital access standard.
Apply human-centred design practices to digital portals
Entities should:
- ensure human-centred design practices are applied when planning, designing, developing and operating digital portals
- use user journey maps to visualise the user experience, highlighting pain points, obstacles and areas of confusion
- gather insights into navigational challenges by engaging with a diverse range of stakeholders
- periodically review and analyse trends in user behaviour and performance to identify recurring problems and new challenges
- use analytics to identify usage patterns, such as peak usage times, common user paths and drop-off points
- ensure digital portals are accessible and inclusive, enabling everyone to use them, regardless of the type of device, browser or specific needs
- leverage technology and anticipate how emerging technologies, such as artificial intelligence, may impact accessibility
- ensure compatibility with assistive technologies such as keyboard inputs, voice commands and screen readers
- use automated accessibility testing where appropriate, in addition to testing portals with people
- comprehensively test the presentation of the portal across devices and platforms people may access it through prior to launch
- test how content will appear on different devices in designs and assess whether platform-specific interfaces support or fail to meet accessibility standards.
Digital portal features can include:
- analytics and optimisation: the ability to assess and continually improve the performance, effectiveness and utility of the experiences enabled by the portal
- experience presentation orchestration: portals can be used to orchestrate multiple user-facing applications via a single interaction or presentation layer. This feature can provide programmatic support for methodologies such as user-centric design, persona-based modelling and journey mapping throughout the entire interaction lifecycle
- personalisation and context awareness: providing a relevant and individualised experience for people based on past behaviour, segmentation, emerging technologies for personalisation and external data sources
- search, navigation and discovery: ensuring that people can locate and discover information, applications and services. Search typically relates a person’s query to an index of information. Navigation guides people through information resources by exposing and guiding them through information taxonomies
- account services: the provision of services in the form of profile management, registration, login and password management capabilities
- applied AI: utilising artificial intelligence (AI) to enhance digital portals by anticipating audiences’ needs; classifying, collecting and generating information; providing automated assistance through conversational interfaces; and providing assistance in the intelligent presentation and delivery of experiences
- cloud: allowing deployment versatility, scalability and elasticity, as well as cost-efficiency, improved time to market, and the rapid innovation associated with cloud computing
- integration, interoperability and extensibility:
- integration is the ability to employ data and use applications from third parties for digital experience effectiveness
- interoperability is the ability to integrate with other systems
- extensibility refers to a framework for extensions, plugins, modules and application integrations. Integrations often need to happen within a platform and with adjacent technologies
- multi-channel support: the ability of a portal to support continuity when people cross between channels.
Strategically deliver digital services on digital channels
Entities should:
- maintain an entity-wide channel strategy that considers people’s needs and their own strategic direction, clearly directing services to the correct channels
- avoid the proliferation of digital channels by consolidating like-type services onto single platforms
- improve government services by adopting a digital-first approach, such as publishing information on services through entities’ websites and access points
- provide human-validated multilingual support for important information
- where multiple channels exist across multiple devices, support people to move between them at boundary points and maintain cross-channel continuity across the entire journey
- if bringing together multiple layers of government services through a portal, provide signposts to let people know where they are and when they are leaving the portal.
Maintain the security of government and user data to uphold privacy and protect sensitive information
Digital portals may facilitate the exchange of sensitive data, and the risk of inadvertent access or damage must be proactively managed.
Entities must:
- authenticate users prior to any information access, alteration or exchange
- gather only the data required for specific, defined purposes.
Entities should:
- align to Australian Government Architecture guidance in the Cyber security domain and Identity management capability
- acquire explicit and informed permission before collecting or using data
- transparently offer clear, accessible privacy notices in simple language, helping users make informed choices about their data in line with the Privacy Act 1988
- utilise the Office of the Australian Information Commissioner (OAIC) APP guidelines to assist in applying the Australian Privacy Principles (APPs) when designing digital portals
- provide clear terms of use for digital portals
- endeavour to integrate with the Australia Government digital ID system (AGDIS) to allow people to access the portal with a single set of credentials
- implement strong security processes and protections such as two-factor authentication, a Digital ID sign-in option, a passkeys sign-in option, fingerprint or facial recognition, encryption, compromised account closure, security notifications and time-outs.
Align to guidelines and standards
Entities must:
- meet the requirements of the Digital experience policy and its standards, including the Digital access standard
- adhere to the Australian Government style manual, which sets the criteria for Australian Government writing and editing
- apply the principles and requirements of the Protective security policy framework (PSPF) throughout their organisation, including to their digital portals
- meet the requirements of the Hosting certification framework (HCF) to ensure the secure hosting of government information
- align to the Australian Government branding guidelines
- meet Web content accessibility guidelines (WCAG) 2.2 Level AA.
Entities should consider and align, where suitable, to the following security frameworks across government:
- Information security manual: a cyber security framework that an entity can apply, using their risk management framework, to protect their systems and data from cyber threats
- Strategies to mitigate cyber security incidents: prioritised mitigation strategies to help entities mitigate cyber security incidents caused by various cyber threats.
Entities should also consider the following guidance from organisations outside of the APS:
- ISO/IEC 27001: requirements for an information security management system (ISMS)
- the OWASP application security verification standard (ASVS) project: a basis for testing web application technical security controls and a list of requirements for secure development.
Enable integration and interoperability
Entities must:
- review any obligations against privacy policies and the Privacy Act 1988
- provide connected services through digital portals that offer people a simple, seamless experience, overcoming data silos and enabling government to function as one.
Entities should:
- consider the ways in which integrating with existing access points such as myGov can be costly, time consuming and involve technical challenges
- start planning early and allow additional implementation time to mitigate these risks
- support a modular architecture approach, including by designing portals based on scalable and flexible APIs
- integrate digital portals with other systems through APIs or other means to boost productivity, efficiency, accuracy and visibility of people’s data and interactions across government
- align with API guidance to support cross-agency and jurisdictional data sharing, maintaining a consistent, reusable vocabulary within an entity’s operating context
- consider interoperability that enables the exchange of data between different systems and entities using the DATA scheme, leveraging the government’s open datasets if external data can be used
- utilise existing data integration, process integration and virtual integration patterns by collaborating with other Commonwealth entities. Share newly created patterns where existing ones don’t exist to enhance and uplift collective APS skills. The Australian Bureau of Statistics’ Integrated data page has valuable resources.
Follow appropriate guidance and ethics principles when AI is involved in digital portals
Where AI is involved at any point with a digital portal, such as improving engagement or supporting decision-making, entities must:
- apply the Department of Industry, Science and Resources’ AI ethics principles
- comply with the Policy for the responsible use of AI in government.
Entities should:
- consider opportunities to utilise emerging technologies such as AI to enhance user interactions, streamline processes, improve overall efficiency and drive growth
- reflect on how reference tools and calculators within digital portals could relate to entitlement decisions, aiming to offer people transparent information about the factors affecting these decisions.
Adhere to reuse principles
Entities must:
- meet the requirements of the Digital and ICT reuse policy
- canvass whether proposed activities could be implemented and managed through shared and common services or the use of existing entity structures, business processes, technology and infrastructure, including in other portfolios.
Entities should:
- consider the specific functional and non-functional requirements of the digital portal prior to designing a new solution or choosing technology
- evaluate whether the solution meets the needs for integration with the agency’s digital ecosystem and ensures ease of implementation
- refer to the Reuse standard for more information
- source via the Digital Marketplace on BuyICT, including taking advantage of whole-of-government arrangements
- align their use cases to the archetypes defined below to support assessment of existing solutions against organisational requirements
- use archetype alignment to identify previous investments that may be reused in some manner and to assess suitable solutions
- collaborate with other government agencies with similar solutions to facilitate resource sharing, knowledge exchange and coordination of effort.
Across government, portals can be grouped based on their broader roles in operations and service delivery. Specific use cases can be broadly categorised into the following archetypes:
- government-to-individual: portals for engaging with people, representing groups and communities or non-government organisations (NGOs) and their data, generally for the purpose of individual access to government services
- government-to-business: portals for engaging with businesses and their data, generally for the purpose of business access to government services
- government-to-government: portals for engaging with Commonwealth entities and their services, generally for the purpose of reporting obligations or delivering shared services
- government-to-provider: portals to facilitate interaction with other external companies and partners, such as suppliers, vendors, industry networks and third parties that provide services on behalf of the government.
In addition to these archetypes, the Digital experience policy defines the types of services that are subject to its standards and requirements. Specific to digital portals, these service types are:
- informational services that provide information to users, such as reports, fact sheets or videos. They may include:
- government agency websites
- smart answers and virtual assistants
- e-learning
- publications
- multimedia
- transactional services that lead to a change in government-held records, typically involving an exchange of information, money, licences or goods. Examples of transactional services include:
- submitting a claim
- registering a business
- updating contact details
- lodging a tax return
- access points that serve as online entry points or front doors where people go to find and interact with government digital services. Access points for digital services typically take the form of:
- informational websites
- web applications accessed from a web browser
- online portals
- various transactional systems used for availing services or completing tasks.
Apart from these archetypes and service types, it is imperative to consider the scale of a digital portal. In determining solution suitability, entities should consider three dimensions of scale:
- data volume: the total amount of data that needs to be maintained in both accessible and archive states
- interaction volume: how often interactions are created, updated and accessed, including an annual average alongside understanding of peaks and troughs (significant spikes due to external factors, such as financial, fiscal or political cycles)
- size of the user base: the number of users of the portals and their access requirements.
Use scale to compare potential solutions and assess previous investments from across government.
Comply with relevant legislation
Entities must:
- comply with relevant legislation including:
- Archives Act 1983 (Cth): ensuring the proper management and preservation of government records
- Data Availability and Transparency (DAT) Act 2022 (Cth): facilitating secure and responsible data sharing
- Disability Discrimination Act 1992 (Cth): ensuring accessibility and non- discrimination for people with disabilities
- Freedom of Information Act 1982 (Cth): providing access to government information
- Privacy Act 1988 (Cth): protecting the privacy of people’s personal information
- comply with any other legislation applicable to specific functions and circumstances.