Software Validation

At Echo-9, we understand the unique challenges and priorities of the Public Sector, HE/FE, Schools, Charities, and Non-Profit organisations. Our rigorous validation process ensures that every open-source solution we deploy meets the highest standards for compliance, security, and long-term sustainability.

Our 7 Stage Open Source Validation Process

1. Compliance & Regulation

  • Security Standards: Must meet frameworks like ISO 27001, Cyber Essentials Plus, NIST, CIS Benchmarks
  • Data Protection: Ensure compliance with GDPR around data sovereignty, retention, and processing.
  • Accessibility: Services should meet WCAG 2.1 AA accessibility requirements.
  • Procurement Compliance: Achieve Procurement Act 2023 benchmark for "horizontal cooperation".

2. Security & Trust

  • Supply Chain Assurance: Open-source components must be vetted for vulnerabilities, with a clear patching and upgrade process.
  • Audit Trails: Provide logging, monitoring, and accountability features.
  • Transparency: Security hardening, penetration testing, and documented risk management.

3. Support & Sustainability

  • Long-Term Support (LTS): Ensure chosen open-source projects have active communities or commercial backing.
  • Exit Strategy: Solutions can be handed over or maintained without vendor lock-in.
  • Service Level Agreements (SLAs): Defined & clear response/resolution times for incidents.

4. Interoperability & Standards

  • Open Standards: Must integrate with other platforms, APIs, and data formats (e.g., ODF, JSON, REST/GraphQL, SAML, OIDC).
  • Legacy Integration: Ensure migration and interoperability strategies are available.
  • Federated Identity: Require integration with existing authentication (e.g., Active Directory, LDAP, GOV.UK One Login, eIDAS, Shibboleth).

5. Governance & Transparency

  • Code Provenance: Document open-source components origin and licensing terms.
  • Licensing: Ensure compliance with GPL, AGPL, MIT, Apache, etc. Ensure licences pose no challenges for public deployments.
  • Community Contribution: Open for contribution back to open-source projects to sustain them.

6. Cost & Value Proposition

  • Total Cost of Ownership (TCO): Open-source isn't "free" Identify costs of integration, security, support, and training.
  • Value for Money: Demonstrable ROI and efficiency no lock-in.
  • Scalability: Ensure solutions can scale across multiple organisation units/departments.

7. User-Centric Delivery

  • Service Design: Follow Government Digital Service (GDS) standards: user research, iterative design, agile delivery.
  • Documentation & Training: Provide materials for technical and non-technical staff.
  • Change Management: Change barrier is manageable through training/communication to ensure cultural adoption support.

Learn More About Our Validated Solutions

Discover how our rigorous validation process ensures secure, compliant, and sustainable digital services.

Get in Touch