Information Comissioner's Office
A new confidence in service provision.
GDPR arrived just as the ICO had migrated its website to public cloud infrastructure. Timing also coincided with the ICO’s website development and support coming up for renewal, so they set out to find a supplier with combined communications and technology expertise, and a strong cultural fit, to help them on the journey. The supplier needed to demonstrate its capability to maintain reliable, long term platform stability, alongside developing new functionality to meet the ever evolving needs of the ICO’s customers. Our experience and familiarity with the Umbraco platform, and intuitive understanding of the challenges faced by ICO, resulted in our selection.
As GDPR started to be applied to the way organisations use, process and store personal data, visitor numbers rose; the website struggled to cope and was performing below expectations. For example:
- The sheer weight of visits to in-demand areas of the site meant that people were unable to find answers to their questions.
- It was taking significant infrastructure resources to keep the site available:
- The site had to be scaled out to 9 or 10 instances each day.
- The ICO was forced to apply the top service plan – resulting in high running costs.
- Central processing units (cpu) and memory were at maximum deployment.
- The team had to take decisions hour by hour on which website areas to suspend to allow in-demand pages to function.
In addition, more ICO staff were needed to provide in‑person advice and guidance to customers, risking the organisation’s high reputation for responsiveness.
The ICO-Shout team had our work cut out.
Technical Audit & Platform Stabilisation
Led by Technical Director Ian Grieve, we immediately performed a root and branch review of ICO’s entire IT estate and infrastructure code. Working backwards to identify root causes, we generated a list of priority actions to complete quickly and incrementally.
Multiple configuration settings and coding required wholesale modification. We soon delivered successive improvements to website performance giving the ICO staff more time to spend with users. Our collaborative and strategic effort was beginning to achieve traction.
User Experience Research
After six weeks and with the base stabilised, the combined ICO and Shout multidisciplinary team was able to start introducing further improvements to benefit users. Targeted surveys had researched website visitors’ experiences. Inviting respondents into the lab to conduct tasks, observed by both ICO and Shout proved an extremely constructive exercise. Engineers gained access to real users – seeing both their frustrations and approval – and their observations gave powerful insights into ways in which we could improve the site experience. The feedback was applied together with data from sophisticated performance analytics that had been implemented as part of our transition plan.
Developing Working Cadence
The members of the ICO-Shout team worked in complete collaboration, with user needs at the heart of their plans and modifications. We developed a good work rhythm and detailed familiarity with the estate, speaking every day to get under the skin of the requirements to avoid wasting time as launch or implementation became imminent.
Delivering New Functionality
Business and user feedback had indicated that a paperless Direct Debit facility was needed to allow organisations to automate their registration fee payments. The team planned its introduction for summer 2020 and it was successfully operating by the end of that year. Reducing time spent on manual processing of Direct Debits has freed staff to do what gives them far more job satisfaction: assisting organisations and individuals.
Repetitive tasks such as updating contact details were also still being processed manually and were an obvious target for automation. By winter 2020, we had put together recommendations for the use of new Cloud technologies to support data from web forms being sent securely and in real time, opening up possibilities for robotic automation of these processes which have now also been realised, freeing up more time to address live enquiries.
Close collaboration and competent delivery allowed the ICO and Shout to deliver an ambitious initial programme of work.
The ICO now has confidence not only in the availability of its website but also that the confidentiality and integrity of the service is being maintained. Website performance has improved significantly with the number of instances required has steadily reduced (from up to 10 per day down to two), along with response times, which went from about 3 seconds down to just 0.5 seconds.
Our team carries out regular housekeeping and virtual infrastructure checks; annual, independent audits on the estate have all been positive. Site availability is monitored 24/7 and OWASP security scanning of ICO web applications continuously check for vulnerabilities.
Bringing best practice to the ICO’s Software Development Lifecycle (SDLC), we implemented ‘DevOps’ to support the team’s agile ways of working (including adding work to a backlog, refining it, estimating it and allocating to sprints), as well as to control code repositories and automate build and release. As this standardisation was implemented, the ICO benefitted from a streamlined and consistent approach.
The ICO and Shout are now in a regular rhythm of balancing business as usual, with new functionality and innovations, alongside maintaining the site’s high availability and security.
“We simply regard the Shout team as an extension of our own. Whether Shout or ICO, we each bring our own expertise to the work planning and delivery, all working together to meet our users’ needs.”
ICO Digital Architect Greer Schick