7 Implementation strategy for governments

National and institutional governance and regulatory alignment

The implementation of the CMS Building Block requires a cohesive long-term strategy that implies a framework of governance at the national level. This involves firm institutional alignment and assignment of institutional responsibilities for the lifetime of the governmental websites.

The specific strategy must be aligned with the national strategies, policies and regulations, as well as the guidelines that apply to government software development and procurement within the country, in particular those concerning websites and web services.

Sustainability through a long-term, comprehensive approach

The implementation of the CMS building block cannot be thought of only as a one-time development project involving the launching of several websites. It is imperative to the success of the project that the adoption of the CMS building block is implemented as a comprehensive and sustained effort. The methodology must be applied nationally, to all the websites of the government, and — to the extent it is feasible — to all other public institutions.

The national strategy must be built on at least these three pillars:

• Standardization must be sustained for the entire lifecycle of the government websites, as detailed in the prior chapters.

• Digital sovereignty must be founded on institutional expertise.

• Sufficient local technical expertise must be available or developed. Domain-specific experts will have to be employed at different stages, such as development, maintenance, upgrade, and content management.

Success factors for a sustainable and reliable result

Based on CMS building block implementation experience from diverse countries, a number of aspects are very relevant and should be implemented for a successful, sustainable and reliable outcome. The most critical elements are related to the project ownership and the institutional alignment.

Clear ownership and sponsorship

Website standardization is an important endeavor that requires active systemic change management. This requires an institutional owner managing all aspects of the project and an institutional sponsor supporting the implementation. Depending on the institutional ecosystem, these roles can be assigned to different institutions.

• The project owner may be the ministry in charge of the digital transformation or the national agency mandated to execute the national digitalization strategy.

• The project sponsor may be an institution responsible for the good governance of the country, such as the office of the president, the office of the prime minister, or another central body with a general mandate.

The cost of fragmented governance and infrastructure

Website projects for central institutions may already have been developed and deployed, leading to the presence of existing implementations, legacy processes, and technical approaches — even if central policies, regulations, or guidelines do not back them. In many countries, event transversal requirements and guidelines, such as graphic identity or web accessibility rules, are not centrally defined or enforced.

This decentralized project governance gives full autonomy to each institution, allowing them to define their requirements, technologies, suppliers, implementations, legal frameworks, and hosting. Institutions that already have dedicated personnel in their IT departments or that already own hosting infrastructure can be reluctant to cede their autonomy.

However, the fragmented approach leads to high cost, high risk, substantial management overhead, and inconsistent experience for the country’s website visitors.

Implementing necessary institutional alignment

Even without a history of fragmented website projects, existing structures may work against centralized institutional cooperation and alignment. Therefore, the establishment of a shared governance platform and institutional alignment through gradual evolution will often be required.

The following chronological steps exemplify a successful implementation process. Though proven to lead to the desired objective, the process is nevertheless no guarantee for quick or smooth progress. Other paths may be identified in the future.

1. Identify the long-term institutional owner of the project and the formal institutional sponsor.

2. Perform a stakeholder analysis on the national level, including:

   • Central institutions

   • The national technical ecosystem, that includes the private sector and academia.

   • Funding sources. This could include the government itself, international organizations, development agencies, and NGOs.

3. Determine the feasible implementation approach for the first phase.

   • A Top-down approach, starting with ministries and central agencies. This is the ideal first phase.

   • A transversal pilot approach that standardizes a certain institutional domain first. This is best when facing difficulties with institutional alignment. Real-world experience has shown that it may be easiest to start with one of the following:

     • Regional and local administration

     • Diplomatic representations

     • Public hospitals

4. Benchmark, identify and clearly define the technology stack. Following the CMS building block specification, different technical platforms may be suitable. The benchmarking should cover the criteria described in this specification, as well as criteria considered by the country, in particular by the institution that owns the project.

5. Determine the status of the national technical policies, regulations, and guidelines. Do they need development, updating, or refinement? Policies and guidelines that could be covered include:

   • Graphic identity and user experience guidelines

   • Web accessibility regulations or guidelines

   • Cyber security guidelines

   • Rules related to the project management of technical projects, public procurement of technical services, quality assurance of technical projects, etc.

6. Establish the informational content presentation structure and the website content strategy, including specific requirements related to national must-have content, content structure reuse between multiple websites, standardized ways to present the content (content blocks or design elements), content management workflows, etc.

7. Establish and implement an action plan to ensure reliable and accessible technical capacity. Generally, the capacity should be developed through a combination of initial intensive training and on-the-job coaching. A plan for continuous expansion of capacity should be implemented, including training materials and training knowledge, through a train-the-trainers program. The training should include all relevant roles involved, in particular related to project management, technical implementation and maintenance, and content managers. The training should not be limited to the personnel hired by the public institutions

8. Involve the national digital ecosystem, including universities, local IT companies, and local developers. The involvement of non-governmental stakeholders enables a broadening of the technical capacity pool and wider adoption of practices and technology outside the public sector, securing long-term availability and accessibility of technical resources. The fostering of a national technical community can bring additional benefits in long-term sustainability of the technical talent pool.

9. Ensure that there is support for local training for the content creators and editors that are responsible with the content management of the CMS websites. The training process should be conducted by a central responsible training unit, based on training manuals and procedures. The content editors should benefit from permanent direct support in determining optimal content publishing approaches and content migration from old website versions, developed using legacy technologies.

10. Establish a support and maintenance process and assign responsibility for it. Government websites require permanent support and maintenance. Maintenance operations may include fixing errors, optimizing performance, developing new content blocks, installing and configuring new functional modules, developing new custom functionality, or applying patches made available by the technology provider. Maintenance operations should be subject to constant management and monitoring and should rely on permanently available technical specialists (employees of the responsible central institution or private local contractors, ideally both). Support-level framework agreements are a recommended contractual management approach. These are awarded competitively to at least one — but ideally multiple — contractors. Multiple contractors leverage potential resource availability bottlenecks.

11. Establish a software upgrade schedule and assign responsibility for it. Government websites require periodical upgrades of the underlying technology and server components to ensure security, performance, accessibility, user experience, and other improvements offered by new versions. The upgrades should be predictable, requiring planning, budgeting, and scheduling well in advance. Contractors and other important stakeholders involved in upgrades must be consulted early. Upgrades fall into different categories and frequencies:

    • Security upgrades and high-impact bug fixes are time-sensitive and must be implemented rapidly.

    • Functional additions and corrections

    • Minor and major upgrades should follow the software’s release schedule. Commonly every 9–18 months.

    • CMS instances usually benefit from a comprehensive review, reengineering, or replacement every 5–6 years.

12. Establish and follow a hosting strategy. Digital sovereignty is best achieved using a national data center controlled by the government, with a dedicated and well-trained team, available 24/7 for support, monitoring, and intervention.

    • Websites can be clustered in multi-tenant instances based on a grouping strategy (e.g., grouping together national government websites, hospital websites, etc.). This balances risk and maintenance effort.

    • The server software should use a well-maintained and up-to-date stack.

    • Suspicious activity and attacks can be mitigated through continuous monitoring. A disaster recovery mechanism with off-server automated backup and specific recovery procedures should be implemented.

    • Servers should be available for different stages of the deployment and testing process (e.g., development and staging environments). Here, modifications and updates to code and configuration can be tested in a close-to-real-life setting to ensure minimal downtime for the production websites.

    • Domain names should follow a coherent and well-documented strategy governed, controlled, and allocated by a central authority.

    • All websites should be secured with centrally managed and updated SSL certificates to maximize security and uptime.

13. Establish and follow a cybersecurity strategy. Even a minimal cybersecurity strategy should include procedures for security validation of CMS instances and servers, periodical security audits, and continuous monitoring. A rapid intervention capacity must exist and use clear operational procedures.

14. Establish and follow a permanent performance and accessibility monitoring process. The performance of the servers and websites should be continuously monitored. Web page response times and accessibility may be influenced by numerous factors. Decreasing performance should be investigated immediately and resolved through e.g., software or database optimizations, improved caching, or additional hardware resources.

15. Ensure sustainable financing. Funding the implementation and long-term evolution of the national project based on this CMS building block must be approached strategically. Multiple components are involved and a financial plan must determine the sources of funds and ensure that each component of the life cycle has sufficient budget allocated.