New features of GIGW 3.0
The new version of the guidelines has several enhancements to make it more user centric, accessible, secure and at par with the global best practices and latest technological benchmarks. This version was reorganised to ease adoption and implementation and ensure wider conformity with GIGW. The following major enhancements have been included in the current version.
The new version of the guidelines is structured so as to reduce ambiguity and provide clarity on the roles and responsibilities of the implementers. The guidelines are structured under the following heads:
- Statement: Requirement or checkpoint to meet the particular guideline.
- Benefits: Positive outcomes achieved by following the requirements, such as improving user experience, accessibility, security and trust-building with citizens.
- Government organisation action: Actions pertaining to the owner government organisation. These will be undertaken by the respective WIM nominated by the organisation.
- Developer action: Specific tasks and actions a developer is responsible for in order to comply with the guidelines and ensure the website/app meets the desired standards of quality, usability and effectiveness.
- Evaluator action: Refers to testing of the website/app manually or with automated tools to verify conformity with this checkpoint.
The key thrust of GIGW 3.0 is on enhancing user interface and user experience (UI and UX) of websites/apps and the implementation of user-centric information architecture (IA) to ease the user journey and provide content as per the user profile. To ensure the quality of content throughout the lifecycle of the website, GIGW guides on the provisioning of a centralised monitoring dashboard to identify the issues and provide alerts on non-conformity. Content creators must also be supported with the right tools and technologies for accessible content creation
GIGW 3.0 stresses on API level integration with platforms like India Portal, DigiLocker, Aadhaar-based identity, single sign-on, data and citizen engagement platforms, language translation tools to enable seamless content and data flow among the different web initiatives of government organisations. Social media integration also needs to be ensured.
Accessibility guidelines for web content have been formulated by W3C and are known as the web content accessibility guidelines (WCAG). GIGW 2.0 was compliant with version 2.0 of WCAG, however in the recent past WCAG has been upgraded to version 2.1 which inherits its requirement from WCAG 2.0 with additional guidelines to improve accessibility guidance for three major groups: users with cognitive or learning disabilities, users with low vision and users with disabilities on mobile devices.
GIGW 3.0 has been upgraded to include these additional requirements to ensure that websites/ apps can be used by the widest possible audience. The current version ensures conformity with Level AA of WCAG 2.1. In all 17 new success criteria have been added to the new version.
A chapter on cybersecurity, formulated by CERT-In, has also been incorporated which relates to websites, web portals, web applications and mobile apps. The chapter focuses on protecting web resources from unauthorised use, access, changes, destruction, or disruption. It also guides on the prevention of leakage of sensitive information like passwords, email addresses and credit card details, which cause both personal embarrassment and financial risks.
It deals with all aspects of security starting from design, coding and implementation to testing and deployment, which prevent malfunctioning, phishing, cyber-crimes or cyberattacks to avoid data loss of the organisations or users.
It is based on the best industry security practices and guidelines such as ISO 27001, the Application Security Verification Standard (ASVS) issued by Open Web Application Security Project (OWASP), OWASP Top 10 vulnerabilities and the Center for Internet Security (CIS) benchmarks as per the prevailing security policy.
This chapter must be read in conjunction with the guidance and advisories issued by CERT-In from time to time, which should be treated as updates to the guidance contained in the chapter.
Government organisations must continue to obtain a “safe to host” certificate issued by the cybersecurity auditors empanelled by CERT-In/STQC or the auditors of STQC or NIC.
The chapter on lifecycle management deals with the policies, processes and plans that the department has to put in place to guide the website management team in maintain the quality, accessibility security of the website throughout its lifecycle. It also stresses on the need for dedicated Web information Manager who is a senior official from the department to head the website management team.
Risk factors and their mitigations
Risk mitigation is one of the important criteria behind the formulation of any standard/ guideline. The new version of the guidelines outlines the risk factors associated with non-conformity with each section of these guidelines. They have also been mapped with each guideline and presented in the conformity matrix.
Therefore, while the description of each guideline informs the users about the benefits of conformance the conformity matrix will make the users aware of the risk involved in case, they fail to meet the guideline.