We’ve previously said that GOV.UK Verify will become the default way for people to access government services that need know who they are by 2016. In this post, we’re introducing some objectives that explain what we are aiming to achieve within that timescale. These objectives will define our roadmap for moving from beta to live by April 2016.
What ‘live’ means for GOV.UK Verify
GOV.UK Verify has been in public beta since October 2014. During that time we’ve been gradually developing and improving GOV.UK Verify, adding more providers and more government services, and making changes to make GOV.UK Verify as straightforward as possible for people to use.
We’ve made a lot of progress in our public beta
We now have 3 certified companies for people to choose from - Digidentity, Experian and Post Office.
10 services are connected to the hub (with 4 now available in public beta), and more will join them soon.
More than 25,000 people have verified their identity using GOV.UK Verify and they have signed in more than 80,000 times in total (see our page on the GOV.UK performance platform for more data about the service).
We’ve completed the procurement exercise for a new framework for certified companies, and are about to start work to get the new providers on board.
We’re also being transparent with our performance data, publishing new statistics weekly to the Performance Platform.
Objectives for live
Moving from beta to live is a constant process of iteration and development, rather than a single moment in time. We think it’s useful, though, to define clearly what we’re aiming for throughout that process. This helps us make decisions about what to prioritise, and how to organise our resources to make sure we’re devoting the right amount of attention to all the important aspects of the process.
We’ve defined 6 objectives that describe what a live GOV.UK Verify service would look like, and work is already under way to accomplish them.
Last week, we presented our proposed objectives to our programme board and digital leaders from government departments, and they endorsed them. We’re now drawing together our detailed plans to achieve each objective, and we’ll be publishing more about our plans towards each objective over the coming months.
- Readiness for services to adopt GOV.UK Verify: All the central government services that need to adopt GOV.UK Verify are able to do so
This means that once GOV.UK Verify is live, it will be ready and able to accommodate all the services that need to adopt GOV.UK Verify in central government and devolved services in Wales and Northern Ireland.
To help us achieve this, we have a comprehensive, realistic pipeline and a clear and efficient onboarding process for services that plan to adopt GOV.UK Verify. We’ll be continuing to develop these throughout our public beta, to help make it as straightforward as possible for services to adopt GOV.UK Verify once it is live, and for users to start using GOV.UK Verify to access those services.
- Demographic coverage: 90% for services using GOV.UK Verify by April 2016
We want to make sure that people who are expected to use GOV.UK Verify able to do so. We think that 90% is an ambitious but realistic target by April 2016 for those services that expect to start using GOV.UK Verify before then.
To do this, we are developing our capabilities to predict who is likely to be able to verify, based on their demographic characteristics, and use that information to identify and prioritise likely gaps in coverage.
We’ve written before about our work to expand the range of evidence people can use to verify their identity through GOV.UK Verify. Now that we’ve concluded the procurement of a new framework for certified companies, we are starting to map out the data and methods they’ll each use and what their collective demographic coverage is therefore likely to be. This will help us identify priority areas for further development and improvement.
- Success rate: 90%
The success rate is a measure of the proportion of those who try to verify using GOV.UK Verify who succeed - ie of those who choose a certified company and try to verify, 90% are successful.
We’ve blogged before to explain the five elements involved in verifying someone’s identity: certified companies have to reach a specified level of assurance against each element, to establish that the person is who they say they are to the required level of confidence. To reduce the numbers of ‘false negative’ results against these elements of the standards, a wider range of methods and data sources will be required.
Our new framework for certified companies will help us achieve this - we’ve signed new contracts with 9 providers. Over the coming months, existing and new certified companies will be introducing more data and more methods so that more people will be able to complete the verification process successfully.
The success rate can also be increased by improving and iterating the user experience to make it as straightforward as possible for people to use the service, and assisting users in choosing a certified company that is likely to be able to verify their identity.
- Everyone can use GOV.UK Verify to access services
We want to ensure that people who are not able to verify their identity digitally are still able to use digital services. We’ve recently started looking at how we can help services allow people to complete at least some of their task in the digital channel rather than having to resort to offline methods when unable to verify their identity.
- A range of high quality certified companies for people to choose from
GOV.UK Verify has an increasing range of quality certified companies for users to chose from.
We completed our procurement of new certified companies this week, and 9 certified companies have signed new contracts. Having more certified companies will offer people more choice of who they would like to verify their identity, and will bring more data and more methods, extending GOV.UK Verify’s demographic coverage and increasing the overall success rate for people attempting to verify.
Existing companies will transition to the new framework without any interruption to the service for users. New companies will start working towards joining the public beta shortly, and we’ll be able to give timescales for this once we’ve completed the first detailed planning phase with each of the new companies.
- The product and service are scaled, resilient and operationally ready for live
This includes our work and certified companies’ work to increase the scale and resilience of the product, infrastructure and support so to accommodate an increasingly large number of services and large volumes of users. It also includes the pan-government accreditation requirements and the Digital by Default Service Standard assessment requirements we will need to meet for live service.
We hope these objectives are helpful in explaining our direction for the next year. We’ll carry on developing and refining our objectives and plans, and we’re looking forward to sharing our progress.
Keep up to date with the latest news by signing up for email updates.
Comment by MarkK posted on
This is not going to be easy, e.g. for those services needing LoA3, but there are some other issues that are called for before going live:
A. All IdPs need to provide the service in Welsh, invoked automatically if coming from a welsh page of gov.uk
B. The Ombudsman's role is defined and the office adequately staffed; if it doesn't support those whose identities have been usurped and used for unknown purposes then that also needs to be covered.
C. The gov.uk is demonstrated to work for those with at least one foreign eID, e.g. Estonia.
D. Verify is demonstrated to work for UK users of at least one foreign service.
E. A system-level privacy impact assessment is published.
F. Legislation is in place to over-ride the data protection principle that data is only used for the purposes for which it is collected, without which banks and other data sources would be acting illegally in providing information outside the terms of current retail customer agreements.
G. Level 3 activities such as change of address are accommodated seamlessly.
H. The false positive rate has been established following penetration tests, and published.
I. All system documentation is no longer draft and is following an established version control mechanism.
Comment by Rebecca Hales posted on
Hi Mark, thanks for your comment.
We'll respond on all these issues in future posts on the blog.