SDA criteria

Core and Common SDA owners will be expected to meet the following criteria in the assessment and annual attestation process and may be requested to provide evidence to support their assessment and attestation. The SDA owner will be expected to be clear where they are not compliant and why. It is accepted that the following presents an established and mature SDA; any unmet criteria will be reviewed on case-by-case basis. As we operationalise this policy, we will establish a standardised methodology leveraging the following SDA criteria to ensure a consistent, evidence-based approach to evaluating an SDA's readiness for becoming core or common.

Desirable, Viable, Feasible (DVF)

The proposed State Digital Asset reuse is desirable, viable and feasible:

• Desirable (is it needed). NSW Government agencies need this solution now and will use it.
• Viable (is it sustainable). The digital asset is funded and has proven its ability to support the needs of customers and agencies. The total cost of ownership and implications to SDA users is understood. It is the best option for NSW Government for the forecast life of the SDA, and is enabled by suitable commercials contracts, with clear sponsorship. The risk of proceeding with the SDA is clearly understood (for example, financial, commercial, security, privacy, data, and impact to customers).
• Feasible (can it be done). the digital asset meets the needs of customers and agencies (functional, technical, architecture, when needed, at industry comparable cost), and considers the legal and regulatory constraints that agencies operate within.

Suitable operating and funding model

The SDA operating model supports a great customer experience and meets the requirements of the users by having:

• service levels  
• suppliers and related commercial contracts
• process maturity (customer support, onboarding, and continuous integration and delivery).
• clear governance models, managing the risk of a shared asset, including:  
  • service operations (for example, incident, problem, request fulfillment)
  • data (for example ownership and decision making)
  • cyber security (for example, incident roles and responsibilities)
  • business continuity planning and management.

The SDA total cost of ownership (TCO) is funded for the next three years:

• known funding model (for example, Digital Restart Fund, consolidated fund, cost recovery)
• funding covers onboarding, assurance, continuous improvement, delivery, and ongoing support, including training and guidance materials.

Best practice alignment

The SDA meets best practice:

• Meets whole of government needs. The digital asset is developed and continuously improved in collaboration with agencies, delivering clear value in its reuse, has effective governance and sponsorship, and defined service levels.
• Resilient to Machinery of Government changes. Where possible the digital asset is not dependent on any specific organisational structure able to continue to provide services when machinery of government changes occurs.
• Appropriate ownership. The digital asset should be provided by industry unless there is privacy, conflict of interest, or lack of market service offerings.  
• Appropriate development. The digital asset should be designed and developed by the agency that will continue to run and provide the service.
• Effective change management planning. Maintenance and change schedules, and SDA roadmap decisions are conducted in a way to ensure users’ needs continue to be met.  
• Secure by design. Appropriate security and cyber controls are in place for the full lifecycle of the asset.
• Privacy by design. Appropriate privacy controls are in place for the full lifecycle of the asset.
• Accessible by design. The digital asset is accessible and inclusive for all users.
• Proven and scalable. The digital asset has demonstrated its reusability and scalability to effectively meet the needs of adopting agencies, encompassing high availability, separation of concerns, and ample capacity (compute, processing, storage) in alignment with agency requirements.  
• Provides ongoing support and service transparency. The digital asset provides adopting agencies with robust onboarding, documentation, and support processes, including to aid in the transition from existing solutions. The performance of the service should be transparent to adopting agencies. The product roadmap should be published and available.
• Interoperable and extensible. The digital asset can be extended as requirements change, facilitated using established technologies and industry standards as well as enabling others to reuse components/data from the solution where possible.
• Aligns to government priorities, policies, and legislation. The digital asset supports the delivery of government priorities and meets relevant regulation and legislative requirements (for example, privacy, cyber security).
• Continuous integration and development. The SDA’s operations team runs continuous integration and continuous delivery of value, has robust testing and quality assurance processes, whilst ensuring service levels are maintained.
• Continuous improvement of service maturity. The service offering continues to improve, making it easier for customers to find, procure, onboard, integrate to, and obtain support. It provides mechanisms for gathering feedback from adopting agencies, facilitating ongoing improvements.
• Technology used informed from an open market engagement. The SDA owner has engaged the ICT market in a way that does not limit potential technology solution options, ensuring the best digital solution and technology is identified and used.
• Use of whole of government contracts. The SDA owner leverages whole of government digital solution contracts where appropriate.  
• Leverages NSW SDAs. The digital asset is compliant in using Core SDAs.
• Asset management. The digital asset is managed to NSW Asset Management Policy standard (TPP19-07).