Prevent technical debt and legacy
You must have a legacy-proofing plan for all digital services to prevent the build up of technical debt and future legacy
To meet this commitment as part of Digital and Data function’s strategic commitments your plans must show how you will prevent the build up of technical debt and future legacy for your service.
Legacy technology means any IT assets which may be:
- out of support from the supplier
- impossible to update
- unable to support modern ways of working such continuous integration and continuous delivery (CICD) or APIs
- no longer cost-effective
- considered to be above an acceptable risk threshold in alignment with the managing legacy technology guidance
You should be able to answer ‘yes’ to all of the following questions:
- has a business risk owner accountable for the legacy risks been identified?
- does your plan incorporate legacy risk management activities?
- has a legacy owner been identified with responsibility for the technical health of the product or service?
- have you made sure there is money available for future legacy remediation and technology upgrades?
- have all the department’s IT assets associated directly or indirectly with the product or service been included in your organisation’s asset register?
If the build of your product or service has not yet begun, for example you are in discovery, then you should commit to adhering to these principles
You must make sure that all legacy technology associated directly or indirectly with the product or service has been scored against the legacy IT risk assessment framework.
If you’re going through the spend control process you must explain how you’re meeting this commitment if your spend request has been rated high on the risk and importance framework or has an assurance rating of control.
Answering ‘no’ will not lead to an automatic rejection and you will need to explain why your spend cannot align to the commitment.