A NSW Government website

NSW Government
Digital NSW

NSW Gateway Policy

There are five Gateway principles that provide the foundation for the Gateway system in the NSW public sector: 

  1. Management of Risks 
  2. Value for the Investor and the Delivery Agency
  3. Independence and Confidentiality
  4. Transparency and Accountability
  5. Continuous Improvement.

The NSW Gateway Policy (TPG22-12) sets out the guidance and minimum requirements for the Gateway Coordination Agencies (GCA), the Delivery Agencies and the Policy Owner (NSW Treasury). 

NSW Gateway Policy | Digital Assurance | Digital NSW
A summary of the interaction between the NSW Gateway Policy, Gateway Coordination Agency (GCA) Frameworks and delivery of Gateway reviews.

What are Gateway Reviews?

Gateway Reviews are a key tool Department of Customer Service (DCS) NSW uses to complete a risk-based assurance approach for all large ICT and Digital projects and programs valued at or more than $5 million.

The independent, expert-led reviews are conducted at key points, or Gates, along the lifecycle of a project. They are important for providing confidence to the NSW Government (through Cabinet) that projects are being delivered on time, to cost and in line with government objectives.

The outcome of each Gateway Review is a Review Report that includes commentary to inform the NSW Government. The Review Report also includes a series of recommendations to assist the delivery agency in developing and delivering their projects and programs successfully.

Gateway Review requirements

Gateway Review requirements for projects under the DAF are proportionate to their Tier level:

Digital Assurance Gateways graphic | Digital NSW

Different types of reviews

Gate 0 (in Pilot)

Gate 0 Reviews – which are currently in a Pilot stage – decide whether a digital project’s problem or service need has been appropriately defined and evidenced. The Review informs the delivery agency’s decision to allocate resources to progress the project through to an analysis of options and Strategic Business Case.

Gates 1-6

Gateway Reviews (Gates 1 to 6) are independent expert checks at key stages of a project. They help identify risks and issues that could affect success. Reviews are conducted over a short time period. These reviews are structured similarly and are focused on project development and delivery, and high value areas with the greatest impact on successful outcomes.

Health Checks

Health Check Reviews occur between Gateway Reviews to capture any emerging problems. They are otherwise similar to Gateway Reviews and follow the same format to address and rate overall delivery confidence as well as each of the seven Key Focus Areas. They may also cover additional areas of concern.

Deep Dive Reviews

Recommendations are made to project sponsors to conduct deep dives on issues that need greater insight. Deep Dive Reviews are similar to Health Checks, but they focus on a particular issue or limited terms of reference. These reviews are generally undertaken in response to issues being raised by key stakeholders to the project, or at the direction of the relevant Government Minister.

Rapid Assurance Reviews

Gated Assurance reviews in the delivery phase of a project are more suitable to projects following a Waterfall methodology. For projects following an Agile methodology, such as a product delivery model, the Rapid Assurance Review (RAR) is a more suitable and flexible risk-based assurance review, in lieu of the standard delivery Gate reviews.

The RAR is characterised by:

  • Iterative assessments.
  • Conducted on a periodic basis, depending on the needs of the project and visibility to IDIA.
  • Focusing on progress to treat the identified risks.
  • Reviewers as integral advisors to the project to ensure continual reviews and feedback to the project.
AI Assurance Review

This Review process was introduced to meet the project demands when using high to extreme risks AI solutions. The Review is conducted through the AI Review Committee, which is an independent committee managed by Digital NSW. The role of this committee is to review the proposed AI solutions and provide advice to the project sponsor on mitigation strategies surrounding AI implementation in NSW Government. This review can be conducted on a periodic basis, depending on the needs of the project and the AI development pathways.

Regular Project Reporting

Advice is provided to the NSW Government, as the investor, through regular project reporting. The reports utilise data for all Tiers, which is maintained by DCS in a central repository called the ICT Assurance Portal.

Regular project reporting is required monthly for all projects registered with Digital Assurance. The reports, which are prepared by the Digital Assurance team, offer an assessment of project development and delivery against:

  • Cost
  • Schedule
  • Benefits
  • Risks and Issues.

To support regular project reporting, delivery agencies provide timely and comprehensive project information. Reports are lodged by the relevant delivery agency after delegated executive approval is given.

Data reported in the ICT Assurance portal will also be made available to the Minister for Customer Service and Digital Government.

Download the Digital Assurance Framework (PDF, 1.11 MB), which underpins our approach and is consistent with NSW Gateway Policy and the NSW Digital Governance Model.

Explore Digital Assurance