​

Technology Code of Practice (TCoP) Review

​

Command

arckit tcop <project ID or name>

​

Arguments

• project (required): Project identifier (ID or name)

​

Examples

arckit tcop "001"
arckit tcop "Land Registry Digital Gateway"

​

Purpose

1. Assessing compliance against all 13 TCoP points
2. Identifying gaps and required actions
3. Generating an overall compliance scorecard
4. Prioritizing critical issues
5. Providing actionable recommendations

​

The 13 TCoP Points

1. Define user needs - Use research to understand user needs
2. Make things accessible and inclusive - Design services for everyone
3. Be open and use open source - Publish code openly and contribute to open source
4. Make use of open standards - Build technology that uses open standards
5. Use cloud first - Use public cloud first before considering alternatives
6. Make things secure - Keep systems and data safe with appropriate security measures
7. Make privacy integral - Make sure citizens’ rights are protected by integrating privacy
8. Share, reuse and collaborate - Avoid duplicating technology already available
9. Integrate and adapt technology - Build services that can adapt and scale
10. Make better use of data - Use data more effectively
11. Define your purchasing strategy - Plan how you’ll pay for and buy technology
12. Make your technology sustainable - Make sure your technology is sustainable
13. Meet the Service Standard - Meet the Service Standard for services

​

Output

• Executive summary with overall compliance status
• Detailed assessment for each of the 13 TCoP points
• Evidence and checklist items for each point
• Gaps and required actions
• Overall compliance scorecard (X/13 compliant)
• Critical issues list
• Prioritized recommendations (High/Medium/Low)
• GovS 005 alignment mapping

​

Assessment Guidelines

• ✅ Compliant: Clear evidence exists, all key criteria met, no significant gaps
• ⚠️ Partially Compliant: Some aspects addressed but significant gaps remain
• ❌ Non-Compliant: Criteria not met, no evidence of compliance, or critical gaps exist
• N/A: Point is genuinely not applicable

• No DPIA for projects processing personal data (Point 7)
• No accessibility testing for user-facing services (Point 2)
• No security assessment completed (Point 6)
• Public cloud not considered (Point 5)
• No user research conducted (Point 1)

​

Prerequisites

• REQ (Requirements) - FR/NFR IDs, technology constraints, compliance requirements
• PRIN (Architecture Principles) - Technology standards, approved platforms

• STKE (Stakeholder Analysis) - User needs, priorities
• RISK (Risk Register) - Security and compliance risks
• DIAG (Architecture Diagrams) - Deployment topology

​

Project Phase Considerations

​

Discovery/Alpha

• User research, technical spikes, open source exploration expected

​

Beta

• Accessibility testing, security assessments, DPIA should be complete

​

Live

• All 13 points must be fully compliant

​

Special Considerations

• Point 5 (Cloud First)
• Point 11 (Purchasing Strategy)
• Point 8 (Reuse and Collaboration)

​

UK Government Context

• Digital Marketplace: G-Cloud, DOS frameworks for procurement
• GDS Service Standard: 14-point standard for public services
• NCSC guidance: Cyber security best practices
• UK GDPR: Data protection requirements
• Cyber Essentials: Baseline security certification
• Cloud First policy: Public cloud preferred unless justified otherwise
• GovS 005: TCoP is the implementation guidance for the Government Functional Standard for Digital

​

Related Commands

• arckit service-assessment - GDS Service Standard assessment (Point 13 overlap)
• arckit secure - Security assessment (Point 6)
• arckit ai-playbook - AI governance (for AI/ML systems)

​

Resources

• Technology Code of Practice
• GovS 005: Digital