Department for Transport – User Research

Business challenge

Fact finding research to provide the DFT with an overview of security practices and procedures within DFT Central, focusing on:  

• Documenting sign-on and security routines – What Identity verification procedures do internal DFT Central users go through to access devices, systems and platforms? 

• What is the result of the procedure (what platform or application are they trying to access)? 
• What devices are the IV procedures related to? 
• What hardware/software do they use to verify access platforms and systems (VPN software, device-based verification etc) 
• Where are users accessing services from (home, on-site)?  
• What are the pain points inherent in these procedures? 

• Can the users pinpoint any flaws in security procedures? 
• How do users manage their IV information? (password management tools etc.) 
• How often is user-level IV information refreshed/reset? 
• What are the IV recovery procedures and how secure do the users find them to be? 
• Overall, how secure do users feel (personal information) and feel their data is? 
• How could security procedures be improved (based on previous experience in other organisations, knowledge of best practice or new IV techniques)

Solution

We needed to conduct rapid one-to-one user research sessions across DFT employees (plus contractors, partners, arm’s length bodies and suppliers) to build a comprehensive picture of security identification practices within DFT and associated agencies.

Results

A report documenting the identity verification landscape within the Department for transport which would then lead into a series of recommendations and help create a roadmap to inform changes to internal procedures to ensure data protection and security best practice,