Software Validation

At Echo-9, we understand the unique challenges and priorities of the Public Sector, HE/FE, Schools, Charities, and Non-Profit organisations. Our rigorous validation process ensures that every open-source solution we deploy meets the highest standards for compliance, security, and long-term sustainability.

Our 7 Stage Open Source Validation Process

  1. Compliance & Regulation
    1. Security Standards: Must meet frameworks like ISO 27001, Cyber Essentials Plus, NIST, CIS Benchmarks
    2. Data Protection: Ensure compliance with GDPR around data sovereignty, retention, and processing.
    3. Accessibility: Services should meet WCAG 2.1 AA accessibility requirements.
    4. Procurement Compliance: Achieve Procurement Act 2023 benchmark for "horizontal cooperation".
  2. Security & Trust
    1. Supply Chain Assurance: Open-source components must be vetted for vulnerabilities, with a clear patching and upgrade process.
    2. Audit Trails: Provide logging, monitoring, and accountability features.
    3. Transparency: Security hardening, penetration testing, and documented risk management.
  3. Support & Sustainability
    1. Long-Term Support (LTS): Ensure chosen open-source projects have active communities or commercial backing.
    2. Exit Strategy: Solutions can be handed over or maintained without vendor lock-in.
    3. Service Level Agreements (SLAs): Defined & clear response/resolution times for incidents.
  4. Interoperability & Standards
    1. Open Standards: Must integrate with other platforms, APIs, and data formats (e.g., ODF, JSON, REST/GraphQL, SAML, OIDC).
    2. Legacy Integration: Ensure migration and interoperability strategies are available.
    3. Federated Identity: Require integration with existing authentication (e.g., Active Directory, LDAP, GOV.UK One Login, eIDAS, Shibboleth).
  5. Governance & Transparency
    1. Code Provenance: Document open-source components origin and licensing terms.
    2. Licensing: Ensure compliance with GPL, AGPL, MIT, Apache, etc. Ensure licences pose no challenges for public deployments.
    3. Community Contribution: Open for contribution back to open-source projects to sustain them.
  6. Cost & Value Proposition
    1. Total Cost of Ownership (TCO): Open-source isn't "free" Identify costs of integration, security, support, and training.
    2. Value for Money: Demonstrable ROI and efficiency no lock-in.
    3. Scalability: Ensure solutions can scale across multiple organisation units/departments.
  7. User-Centric Delivery
    1. Service Design: Follow Government Digital Service (GDS) standards: user research, iterative design, agile delivery.
    2. Documentation & Training: Provide materials for technical and non-technical staff.
    3. Change Management: Change barrier is manageable through training/communication to ensure cultural adoption support.

Learn More About Our Validated Solutions

Discover how our rigorous validation process ensures secure, compliant, and sustainable digital services.

Get in Touch