This snapshot taken on 14/02/2006, shows web content selected for preservation by The National Archives. External links, forms and search boxes may not work in archived websites.
This section provides advice on the main issues that should be taken into account in procuring services for the design and hosting of websites. This advice should be read in conjunction with wider guidance on government procurement, e-Government Interoperability Framework and your Departmental security policy. Refer to section 1.11.
Refer to section 1.11
1.12.1 Procurement of web design services
Contracts should distinguish clearly between the roles of the supplier and the purchaser regarding: design - structure and look and feel;
Contracts should specify that copyright for those aspects of design that are not open source reside with the Crown (the purchaser) and not the supplying designer/agency. Where it is agreed that the supplier is retaining the intellectual property source code then a full licence must be provided for the use of the object code with the purpose of the licence, the duration of the licence and any geographical limitations. for example, do you need an non-exclusive, indefinite, world-wide, royalty-free licence? Your supplier may be using contractors and freelancers and therefore must ensure that all third-party rights have also been assigned and moral rights waived.
Purchasing officers should consider very carefully whether to accept implementation of proprietary code by suppliers where there is an open-source alternative. You may not have the right to amend proprietary code when you need to, and you may have to back to the original supplier to have this done.
In competitive tendering exercises, adherence to these guidelines should be a prerequisite of an acceptable bid.
1.12.1.1 Maintenance and redesigns
Contracts for maintenance should specify service levels, including:
Site redesigns should not be part of a maintenance contract. Redesigns should be carried out as new work (a separate project). However, the contract should specify the distinction between maintenance and new work, that is, work that exceeds a certain financial, timescale or scope threshold will be considered as new work under a separate project.
1.12.1.2 Other channels
In contracting for website design, departments and agencies should consider the emerging requirement for information and services to be provided via other channels. However, interactive digital TV is a very different medium and there are several platforms. It is, therefore, not practical to simply delivery the same website for access via PC and iDTV. Web managers need a multi-channel strategy and that appropriate solutions will need to be developed for each channel.
1.12.2 Procurement of hosting services
1.12.2.1 Hosting services
Choosing the correct hosting service with the right level of services requires careful planning. Broadly there are three types of hosting:
1.12.2.2 Connection guarantees
The level of connectivity (availability) assurance should be agreed with the Internet Service Provider (ISP)/hosting service, as should compensation arrangements if they are not met. It is for the business to decide whether 100 per cent connectivity needs to be guaranteed. If it does, it should be borne in mind that 100 per cent connection can only be guaranteed when connectivity is provided by more than one telecommunications operator. Where web servers are guaranteed 100 per cent uptime, purchasers must be aware that this is only likely when the website is hosted on two servers in different locations. Contracts should specify levels of availability and compensation arrangements if they are not met. Purchasers must be aware of compensation claim procedures, and whether connection and uptime guarantees are calculated annually, quarterly or monthly and whether these are on a fixed or rolling basis.
1.12.2.3 Protection
No information appearing on a public website should be classified (protectively marked). The level of protection provided by the ISP/hosting service site should be sufficient to ensure the continued integrity and availability of your website. The service provider should agree to regular and independent penetration testing to confirm the quality of the protection measures. Guidelines for access control and physical security should be sought through your Departmental Security Officer or equivalent responsible officer and checked against the ISP's procedures.
Refer to section 1.11 Backgrounder on securing websites.
See section 1.11
1.12.2.4 Backup
The ISP/hosting service should perform backup procedures to the client's predetermined schedule. They should guarantee these procedures and the maximum time to site restoration in the event of a failure.
1.12.2.5 Database integration
If the purchaser wishes to implement a database-driven site, either immediately or in the future, they must be aware of any technical limitations and cost implications imposed by the supplier.
1.12.2.6 CGI bin and scripting
Refer to section 1.11.2 The security of the web server application.
See section 1.11.2
1.12.2.7 HTML editor extension provision
Where the purchaser wishes to use WYSIWYG software to produce content for the site, they must be aware of any extensions required by the server, and whether the supplier can support this. There are two potential difficulties with the use of WYSIWYG HTML tools:
1.12.2.8 Web server statistics
The contract should specify whether the supplier will provide web server statistical reports, as described in section 1.4, or provide the raw log files for reports to be generated as part of another service.
See section 1.4
1.12.2.9 Bandwidth
It should be the role of the service provider to ensure that adequate bandwidth is available to you. However, it can be useful for purchasers to estimate growth in the requirement for bandwidth over the course of a contract.
For some websites, bursting connection is desirable (typically useful for websites that receive seasonal or occasional growth in traffic). Unfortunately, it becomes very difficult to predict the overall cost of bandwidth over the year. The alternative is to purchase fixed bandwidth. In this situation, high bandwidth (to cope with bursts of traffic) will be expensive, whereas low bandwidth will result in users being unable to reach the site.
Contracts should include pricing for higher and lower bandwidths than those initially purchased and conditions for changes in bandwidth requirements, including periods of notice. It is not, however, uncommon for bandwidth charges to be based on actual usage.
1.12.2.10 Technical support
You should consider if you need 24x7 telephone technical support from your supplier.
1.12.2.11 Pricing
Pricing should be transparent. Purchasers must be aware of potential 'hidden' costs, such as:
1.12.3 Disaster recovery
Ensure that you have written into your contract a range of information covering protective actions, such as:
1.12.4 Hosting offshore
If it is proposed to host your website outside the UK then it is important that the correct procurement procedures have been used, eg, comply with EU/WTO. As with any ISP/hosting service ensure that you are satisfied, in writing, that they are:
The contractual terms and conditions that may be applied by a supplier hosting outside the UK may not complement the terms and conditions expected to be applied to a UK Government website. You are advised to seek specialist procurement and legal advice.
The security clearance of personnel is an important part of a security policy. It may be difficult for a supplier abroad to meet your security standards. You are advised to seek advice from your security officer.
Checklist: Choosing an Internet Service Provider/hosting service
Important:
Your briefing document should focus on the business case and objectives for the project - what your website needs to achieve.
Make sure that your supplier confirms that your server or the proposed system solution supports all their proposals and that these proposals will be part of the delivered final product. You should also ensure that their proposals work within your declared privacy policy.
Brief in your needs for documentation, staff training and content management and updating. Companies do go out of business, consider safeguarding against this by using an escrow agent - an independent third party that will store a copy of the source code, so that developers can use it in the future.
When buying design services it is inadequate for the designer to simply present colour visuals or mock-ups of the look and feel. It is important that they guarantee that these can be closely reproduced on screen and that their HTML markup meets the W3C recommendations. When you buy web design you are also buying the source coding that will render the visual onto computer screens and the standard of this is the backbone in achieving HTML validation and meeting the WAI requirements. It is important that the successful bidder is asked to present a specimen to you as HTML markup.
Domaim name registration
If you are considering registering a domain name, it should be clearly understood who is undertaking this registration. If it is an agency doing so on your behalf then ensure that the name is to be handed over to your department/agency. Clarify what will happen to domain name renewal notices. Failure to clarify these lines could leave you vulnerable to an outside agency and possible failure to renew.
See section 1.9
Publicity Management
Contractors may wish to use the relationship with you in their publicity material. It is important to consider including a suitable clause in your web contracts in order that they do not use this relationship for their press and publicity purposes without first ensuring that it is part of your communications strategy.
e-Government interoperability framework