icon picker
Defining the Work of the Cross Government Working Group on Vulnerabilities

by Shelley Heckman, Published 30 January 2024
A lot of progress has been made since the kick off meeting back in July 2023, which established the cross government working group on Vulnerability led by Central Digital & Data Office (CDDO) via the (DSA). This working group was formed to look into the problems around public sector data interoperability that impede the identification and provision of support and services to vulnerable people and households and develop common solutions to address them.
Over the last couple of months of August and September, colleagues at CDDO have engaged with a wide range of stakeholders, to consolidate and expand the membership base for the working group. In doing so, they conducted extensive desk research in the vulnerability space. This research has helped to map out a better understanding of which departments are in the space of identifying/supporting people and households in various areas of vulnerability.
Based on the opportunities identified by the working group in the first meeting, Paul Davidson (iStandUK) developed a number of product specifications grouped into three main categories: Modelling, Terminology and Enabling. These three product specifications were proposed to the working group and discussed at the second meeting which was held on 11 October 2023. The meeting was attended by representatives from a wide range of public sector organisations including HMRC, DWP, DfE, HM Treasury, DLUHC, NHS, and MoJ. Participants were asked to identify which product specifications they would like to be involved in working on. The rest of this blog sets out the proposed product specifications in more detail.

Product Specification 1: Modelling
This product specification contained three potential deliverables:
A common definition of vulnerability. Each department has its own definition of vulnerability, which tends to be focused on the organisation's remit and services. A single definition of vulnerability would be inclusive of existing departmental definitions and could be applied across a wide range of vulnerability scenarios.
A concept model for vulnerability. As a foundation for setting data and process standards, a concept model would map out the domain of “vulnerability”
A logical model for vulnerability. As a foundation for proposing interoperability standards, a logical model would set out data structures that can share vulnerability data.

The output of this product specification, particularly the agreed common definition of vulnerability, is required as the conceptual basis upon which the other product specifications can develop. Therefore, given this dependency, the delivery of the product specifications requires sequencing.

Product Specification 2: Terminology
This product specification consists of two potential deliverables:
Exploration of vulnerability scenarios. After the working group discussed some vulnerabilities such as becoming homeless, coping during flood and managing debt, this deliverable would look at selecting one or more vulnerability scenarios and developing a narrative to explain how data is or could be shared to find and support vulnerable people.
Taxonomies for vulnerabilities. A common understanding is essential and for standards to be scalable and reusable, it is proposed that hard-coded fields and definitions should be avoided, and replaced with links to agreed definitions. The proposed deliverable would look at selecting concepts from the concept model that could potentially become the class of a taxonomy and could be grouped in a list that would support a vulnerability scenario.

In the discussion about this strand of work, it was agreed that it is important to re-use and build on existing taxonomies and indicators for vulnerabilities.

Product Specification 3: Enabling
The third product specification, Enabling, consists of two potential deliverables:
Information Governance (IG) Framework. An IG framework to set out the steps to take in order to share data for a vulnerability initiative. Lots of guidance already exists that includes the reuse of existing data to support a vulnerability initiative. However, departments are likely to have their own IG frameworks that focus on supporting their own services.
Supporting guidance relating to data security, service considerations and data matching. Standards are only one of the considerations to get right for a multi-agency vulnerability initiative to succeed.

It is key to note that the work of this ‘Enabling’ strand will look at building from existing resources developed by central government departments, local government, government agencies and regulators, and does not replace existing resources already developed.
Now that the product specifications for the working group have been agreed, the next steps are to establish who in the group wishes to take these strands of work forward. Notes from this second working group will be published in due course by CDDO.

Find out more & Get Involved
The cross-government working group is open to all Government departments, and we welcome interest from Departments that are not currently engaged. To find out more about this work, please contact the .
Whilst the working group is not open to suppliers and vendors, SAVVI welcomes interest from Industry. Suppliers to the public sector to support vulnerability work are encouraged to join the SAVVI Tech working group, led by techUK, to engage with this conversation. Please contact for more information.
Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
) instead.