In our project with the Health & Disability Digital services at the Department for Work and Pensions (DWP), we embarked on an ambitious journey to transform the digital landscape for citizens with disabilities or health conditions. The primary challenge was to enhance the customer experience by providing seamless access to Health and Disability related services, necessitating the development of new digital services and the improvement of existing ones. These services required enhanced navigability and interoperability among systems to ensure consistent and responsive service provision.
To address these challenges, our team at BetterGov collaborated closely with DWP’s engineering team to conduct a comprehensive security audit against the OWASP DevSecOps maturity model. This audit provided us with a baseline to identify areas for development, enabling us to assist in the enhancement of CI/CD Gitlab CI Fragments. Our efforts were focused on incorporating additional security checks to bolster DWP’s cyber resilience posture.
We thoroughly examined the security tools in use, proposing methods to amplify their efficiency and value. Furthermore, we addressed security complaints, offering suggestions and potential solutions to identified issues. Our contributions extended to generating documentation to support DWP’s engineering governance processes and advising on security policy enhancements.
This collaborative effort significantly improved the Health and Disability Digital team’s understanding of their systems’ resilience during the development and enhancement of digital services. This understanding was pivotal in enhancing decision-making processes and reducing the risks associated with potential cyber attacks. Through this project, we also aimed to embed DevSecOps as a standard working pattern, thereby ensuring high resilience against malicious cyber threats.
Our engagement with DWP through a competitive procurement process underscored our commitment to driving digital and social empowerment. This case study exemplifies our dedication to improving secure engineering practices and our success in enhancing cyber resilience, governance processes, and the overall efficiency of security tools within a major government department.