Transparency data

20 September 2022: One Login for Government Accounting Officer assessment

Published 29 September 2022

Accounting Officer Memorandum: One Login for Government (Government Digital Service)

An Accounting Officer assessment for the One Login Programme was conducted in line with the Cabinet Office commitment to publish Accounting Officer Assessments for Government’s Major Projects. This Accounting Officer assessment considers the four standards of regularity, propriety, value for money and feasibility.

Background and context

One Login for Government (‘One Login’) is a multi-year cross-government programme that was established by the Government Digital Service (GDS) in January 2021. It will provide a single, ubiquitous and simple way for people to log in and prove their identity when accessing online His Majesty’s Government (HMG) services. Users will no longer need to repeatedly enter the same information when dealing with different services. One Login will replace duplicative and disjointed systems across government, saving money and combating fraud more effectively. The core objectives of the programme are to:

• Enable and accelerate digital transformation in government;
• Improve user experience and inclusion when accessing government services; and
• Remove barriers to service integration and deliver a smooth transition to the future state.

This assessment has been made at the Outline Business Case stage.

Regularity

Spending on One Login falls within the Cabinet Office’s inherent powers and no primary legislation is required to enable the programme. Cabinet Office’s departmental expenditure aims to drive more effective delivery across government and to modernise and reform the work of HMG functions. Spending on One Login is consistent with both of these goals.

The programme was initially funded through Spending Review 2020 to undertake detailed planning and to begin delivery. A further three-year settlement was agreed through Spending Review 2021 and subsequently confirmed by HM Treasury in the Main Estimates. Details have been published in the Cabinet Office’s Main Estimates memorandum, which is available for public and Parliamentary scrutiny. This funding spans financial years 2022/23, 2023/24 and 2024/25, and will facilitate the build, roll out, operation and scale-up of One Login. As the programme’s cost exceeds the Cabinet Office’s delegated authority from HM Treasury, it has been - and will continue to be - developed and assured in accordance with HM Treasury’s Green Book and Approvals processes, with the next Treasury approvals point panel scheduled for October 2022.

Realising the benefits of the One Login programme is heavily dependent on government services adopting the new system. The then Chancellor of the Duchy of Lancaster and the then Chief Secretary to the Treasury wrote to Cabinet colleagues in February 2021 to mandate the migration of their department’s services onto the One Login platform, once it has the features they require. The Minister responsible for GDS, and therefore One Login, is the Minister for the Cabinet Office.

The programme will continue to ensure that it meets its obligations under all relevant legislation and regulations including (but not limited to) UK GDPR and the Data Protection Act 2018; and the Public Contracts Regulations 2015.

Regularity Accounting Officer Standard: Met.

Propriety

The One Login programme is included in the Government Major Projects Portfolio and is also overseen by the Chair of the Cabinet Office Portfolio Office. A permanent Senior Responsible Owner (SRO) for the programme (and Verify simultaneously) has been in post since September 2021. The SRO is directly accountable to the CEO of GDS. One Login’s wider governance framework includes a Ministerial Oversight Group and a Programme Board, which are attended, respectively, by ministers and senior officials from across government. These arrangements together ensure that the programme is subject to regular and robust reporting and assurance.

The programme’s business cases have repeatedly demonstrated that One Login will support a number of other government policies and strategies. For example, One Login is one of six mission-critical programmes in the ‘Roadmap for Digital and Data out to 2025’. There are no concerns that the programme is outside of Ministers’ intentions.

One Login has commercial arrangements with a range of suppliers. All such procurements will continue to follow relevant regulations and Government Commercial Function and Crown Commercial Service best practices, including the use, where appropriate, of the G-Cloud 12 and the Digital Outcomes and Specialists frameworks. Conflicts of interest are addressed in the tender documents and terms and conditions of these procurements. The programme routinely takes advice from the Government Legal Department and external lawyers on procurement law issues and on contractual terms and conditions.

A public sector equality duty assessment has been carried out regarding the advancement of secondary legislation to the Digital Economy Act 2017 - the context for which is to enable data-sharing and identity re-use across government for the One Login programme. As a result, the analysis is focused on the individual’s use of the final product - thereby illustrating the actions the programme is taking to fulfil its duties under the Equality Act 2010.

Propriety Accounting Officer Standard: Met.

Value for money

One Login will make online services more inclusive and user-friendly, expanding the reach of digital government. One Login will drive greater efficiency across government, providing the infrastructure to stop duplicative waste in departments and to avoid hundreds of millions of pounds being lost to fraud. The main costs associated with the programme over the next three years are related to the development and roll out of One Login, integrating government services to the new central solution, and running the operational system.

The programme has been subject to extensive economic appraisal, in accordance with Green Book principles and most recently in its Outline Business Case. The preferred option will see GDS develop and build One Login over the first part of the current Spending Review period, which will then enable rapid scaling up of the live service and the onboarding of more departments and services. Analysis has shown that this option best meets the programme’s strategic objectives and critical success factors, whilst also providing a strong benefits-costs ratio and balanced risk profile. GDS is continuing to work closely with HM Treasury and others to refine its approach to benefits realisation and tracking.

Value for Money Accounting Officer Standard: Met.

Feasibility

Developing, rolling out and running a cross-government transformation programme of this scale and complexity is a major undertaking. It is being delivered through agile product development, in accordance with HMG’s Digital Service Standard, supported by project and programme management capability. The pace of delivery demonstrates that this approach is working.

One Login’s sign-on solution was launched in October 2021 and its identity checking journey entered private beta with the Disclosure and Barring Service’s Basic Check - and its first live users - in June 2022. A further three services are on track to be onboarded by this autumn. In August we launched One Login’s identity checking smartphone app, which is initially supporting people to access HMRC’s online services. Together, these steps will bring around 3.2 million users into scope this calendar year and pave the way for adoption by further services thereafter.

In conjunction with GDS’s and the Cabinet Office’s central processes, the programme is actively managing its high-level risks. These include: the potential for procurement delays to hinder the delivery of One Login; migration planning with departments being hampered by an incomplete One Login product roadmap; the programme failing to meet information assurance and privacy requirements; GDS being unable to respond to incidents and/or vulnerabilities effectively as One Login expands; and failing to sustain buy-in from government departments.

The programme is implementing a range of mitigations. These are underpinned by ongoing and targeted engagement across government, civil society and the private sector, and through multidisciplinary working groups and advisory forums. Compliance against applicable legislation and regulation is assessed and monitored by subject matter experts. As well as working closely with the National Cyber Security Centre, regular testing is being carried out throughout the system’s development to identify and address any potential vulnerabilities in the technical architecture.

GDS’s experiences and learning from GOV.UK Verify (‘Verify’), which are consistent with previous independent reviews of that programme, have been embedded in One Login’s core design principles and approach.

Feasibility Accounting Officer Standard: Met.

Conclusion

I am satisfied that the One Login Programme relies on clear legal powers, meets the standards in Managing Public Money and accords with the generally understood principles of public life, representing value for money for the Exchequer as a whole, and is feasible to deliver.

This summary will be published on the government’s website (GOV.UK). Copies will be deposited in the Library of the House of Commons, and sent to the Controller and Auditor General and Treasury Officer of Accounts.

Alex Chisholm

Permanent Secretary, Cabinet Office

20 September 2022