The Health & Disability Digital services at Department for Works and Pensions (DWP) was undertaking a transformation of their digital journey for citizens with disability or health conditions. In order to offer an improved customer experience, providing easy access to Health and Disability related services, DWP needed to develop new, and improve existing, digital services.
These new digital services would need to be easily navigable and would require interoperability between both new and existing systems, to allow a more consistent and responsive provision of services. As part of this transformation, they needed to make sure their services are highly resilient against malicious cyber-attacks and were looking for an organisation to help them shift left the role of security within the development lifecycle and enable DevSecOps as a standard pattern of working. Through a competitive procurement process, BetterGov were appointed as chosen supplier to support DWP with this work.
Together with DWP's engineering team, BetterGov's Secure Engineering team performed a security audit against the OWASP DevSecOps maturity model to give DWP a baseline and pinpoint areas for development. BetterGov was asked to help with the development and extending the existing CI/CD Gitlab CI Fragments in order to support with extra security checks and enhance DWP's cyber resilience posture.
The BetterGov team examined the security tools currently in use and made suggestions for how to increase their efficiency and value. Additionally, we looked into security complaints and came up with suggestions and potential fixes for the problems found. BetterGov generated documents to support the DWP engineering governance processes and provide input on the security policy.
The Health and Disability Digital team now had a greater grasp of how resilient their procedures were while developing and enhancing their digital services, which enhanced decision-making and decreased risks of prospective cyber attacks.
Crown Commercial Service Framework procurement route
Transparent, controlled fixed price cost model
Detailed assessment of DevSecOps maturity model gap analysis
Implemented recommendations for areas of improvement
Enhanced cyber resilience posture
Increased efficiency and value of security tools
Improved governance process with supporting documentation