​

Technology Code of Practice (TCoP) Review

​

What is TCoP?

​

Command: /arckit.tcop

​

Usage

/arckit.tcop 001  # By project ID
/arckit.tcop "Land Registry Digital Gateway"  # By project name

• Project ID (e.g., 001) or project name

​

Output: ARC-{PROJECT_ID}-TCOP-v1.0.md

​

The 13 TCoP Points

​

Point 1: Define User Needs

• Understand user needs through research
• Test prototypes with real users
• Have a plan to test the service with users frequently

​

Point 2: Make Things Accessible and Inclusive

• Meet accessibility standards (WCAG 2.1 AA minimum)
• Test with assistive technologies
• Make it easy for everyone to use your service

​

Point 3: Be Open and Use Open Source

• Publish your code under an open source license
• Use open source software to avoid lock-in
• Share learning and collaborate

​

Point 4: Make Use of Open Standards

• Use open standards and common platforms
• Build services on open standards (APIs, data formats)
• Contribute to the development of open standards

​

Point 5: Use Cloud First

• Consider public cloud solutions first
• Justify exceptions to cloud-first policy
• Use cloud-native patterns

​

Point 6: Make Things Secure

• Identify security and privacy threats
• Have a plan to address security risks
• Collect and process personal data securely

​

Point 7: Make Privacy Integral

• Comply with data protection legislation (UK GDPR, DPA 2018)
• Complete a Data Protection Impact Assessment (DPIA) if required
• Have a plan for managing data subject rights

​

Point 8: Share, Reuse and Collaborate

• Avoid duplicating technology that’s already available
• Use common platforms and services (GOV.UK Notify, Pay, etc.)
• Share your solutions with other teams

​

Point 9: Integrate and Adapt Technology

• Use APIs to integrate services
• Plan to adapt your technology as needs change
• Consider using microservices architecture

​

Point 10: Make Better Use of Data

• Use data to inform decisions
• Have a plan for managing and improving data quality
• Publish data for reuse where appropriate

​

Point 11: Define Your Purchasing Strategy

• Know your total cost of ownership
• Consider build vs buy
• Avoid vendor lock-in
• Follow government procurement rules

​

Point 12: Make Your Technology Sustainable

• Consider environmental impact
• Use energy-efficient technology
• Plan to reduce carbon footprint

​

Point 13: Meet the Service Standard

• Follow the GDS Service Standard for public-facing services
• Book and pass service assessments

​

Assessment Criteria

• ✅ Compliant: Clear evidence exists, all key criteria met, no significant gaps
• ⚠️ Partially Compliant: Some aspects addressed but gaps remain, evidence incomplete
• ❌ Non-Compliant: Criteria not met, no evidence of compliance, critical gaps exist
• N/A: Point genuinely not applicable (e.g., Point 13 if not building a public service)

​

Report Contents

1. Executive Summary
   • Overall TCoP compliance status
   • Compliance scorecard (X/13 compliant)
   • Critical issues requiring immediate attention
   • Key strengths
2. Detailed Assessment (for each of 13 points)
   • Status: ✅/⚠️/❌/N/A
   • Evidence of compliance (with file references)
   • Checklist items
   • Gaps and required actions
   • Specific recommendations
3. Overall Compliance Summary
   • Score breakdown by status
   • Critical issues list
   • Prioritized recommendations (High/Medium/Low)
4. Next Steps
   • Immediate actions (before next gate)
   • Short-term improvements (1-3 months)
   • Long-term enhancements (3-6 months)
5. GovS 005 Alignment Mapping
   • Traceability between TCoP points and GovS 005 principles
   • Governance obligations

​

Project Phase Considerations

• User research, technical spikes, open source exploration expected
• Cloud-first policy application
• Initial security and privacy considerations

• Accessibility testing complete
• Security assessments complete
• DPIA completed (if processing personal data)
• Open source code published

• All 13 points must be fully compliant
• Continuous improvement demonstrated
• Performance data published

​

Common Critical Issues

• No accessibility testing for user-facing services
• WCAG 2.1 AA compliance not achieved

• Public cloud not considered
• Cloud-first exemption not justified

• No security assessment completed
• Cyber Essentials not obtained

• No DPIA for projects processing personal data (BLOCKING for Beta)

• No user research conducted
• Service built without user testing

​

Integration with Other Commands

• /arckit.service-assessment - GDS Service Standard (Point 13 requires this)
• /arckit.secure - Security assessment (Point 6 evidence)
• /arckit.dpia - Data Protection Impact Assessment (Point 7 evidence)
• /arckit.research - Technology research (Point 11 build vs buy)
• /arckit.wardley - Strategic technology choices (Point 11)
• /arckit.requirements - If requirements weak (Point 1)

​

Digital Spend Control

• Point 5 (Cloud First) - Justify cloud strategy
• Point 11 (Purchasing Strategy) - Total cost of ownership, procurement route
• Point 8 (Reuse and Collaboration) - Use of existing platforms

​

Re-running for Updates

/arckit.tcop 001

• Detect existing ARC-{PROJECT_ID}-TCOP-v*.md files
• Determine whether to increment version (minor or major)
• Compare current state against previous assessment
• Update compliance status based on new evidence

• Minor (e.g., 1.0 → 1.1): Refreshed assessments, updated evidence, corrected details
• Major (e.g., 1.0 → 2.0): New TCoP points assessed, fundamentally different compliance posture

​

Resources

• Technology Code of Practice - All 13 points
• GovS 005: Digital - Functional standard
• Digital Spend Control guidance

• GDS Service Standard - Point 13
• WCAG 2.1 - Point 2 accessibility
• UK GDPR - Point 7 privacy
• Cloud Security Principles - Point 5 cloud first

​

Example Use Cases

/arckit.tcop 001  # Assess compliance before Digital Spend Control submission

/arckit.tcop 001  # Regular compliance check, update evidence

/arckit.tcop 001  # Validate technology choices against TCoP principles