The planned go-live date was achieved through coordinated assurance delivery and faster, more joined-up decision-making
Total Quality assurance helps a UK public-sector organisation launch an accessible, secure service on time
Challenge
The organisation needed to launch a public-facing search service on time, with clear evidence it met WCAG 2.2 AA accessibility and CHECK-aligned security requirements, without the delay and overhead of running separate supplier engagements.
Approach
Resillion used a Total Quality delivery model to run accessibility and penetration testing in parallel, extend the existing contract vehicle and keep delivery moving through frequent touchpoints, practical reporting and flexible retesting.
Results
The organisation met its go-live date with stronger assurance and clearer compliance evidence, reduced procurement and coordination overhead, and faster remediation through prioritised findings and retest confirmation.
This national UK public-sector organisation provides free access to large collections of digitised historic records, images and research materials. It also supports specialist users through controlled-access services.
Ahead of launching a new public-facing search capability, the organisation needed independent assurance across both accessibility and security, working to a fixed and tight delivery deadline.
Resillion delivered all this using a Total Quality approach. We coordinated WCAG 2.2 AA accessibility testing and CHECK-accredited penetration testing in parallel and helped extend an existing contract rather than starting a new procurement process.
This gave the organisation one point of contact and a single escalation route. Delivery stayed practical and collaborative, with frequent touchpoints, clear reporting and flexible retesting so fixes could be verified as teams worked towards go-live.
The challenge: Meeting tight go-live deadlines for secure and accessible public services
The organisation operates across a mix of modern and legacy systems and offers services to a wide and diverse range of users across the UK and the world.
To release the new search capability, it needed independent assurance that the service was:
- accessible for users relying on assistive technologies, aligned to WCAG 2.2 AA
- secure, supported by CHECK-accredited penetration testing
- ready for go-live within a fixed timeline, without slowing delivery
- governance-ready, with clear, auditable outputs that could stand up to both technical and senior stakeholder scrutiny
The timeline was the main constraint. Testing needed to happen close to go-live, which left limited time for teams to fix issues and generate evidence.
Using multiple suppliers would have introduced duplicated scoping, additional coordination overhead and a higher risk of procurement-related delays.
The organisation therefore needed a single independent partner. One who could cover both accessibility and security, work within public-sector commercial constraints and align assurance activity to delivery. All of this without creating friction for already stretched teams.
Our approach: Integrated accessibility and security testing in a single assurance model
Resillion delivered this as a coordinated Total Quality engagement, bringing together Quality Engineering (accessibility testing) and Cyber Security (penetration testing) under a single delivery model.
This meant the organisation could address both accessibility and security assurance through one partner, with a single point of accountability for coordination, risk visibility and escalation.
Commercial enablement: extending an existing contract
To avoid delays from running a new procurement, Resillion helped the organisation extend an existing assurance contract so accessibility testing could run alongside penetration testing.
In practice, this is rarely a simple add-on. Different types of assurance work often come with different day rates, service levels, and delivery mechanics, which can create approval and invoicing risk if not handled carefully.
We worked through these points early with the right stakeholders agreeing ways of working, reporting expectations and how the additional work would be packaged and governed. By providing a single partner to coordinate both the delivery and the commercial detail, the organisation avoided weeks of back-and-forth. They reduced the chance of delays caused by contract queries, and kept the focus on getting assurance completed before go-live.
Delivery approach: aligned to release pressure and go-live certainty
We worked backwards from the go-live date to plan delivery, with assurance activity aligned to the organisation’s release schedule.
Joint scoping and risk-based planning included the public-facing interface, supporting services and key user journeys. This ensured testing focused on what mattered most from both a user impact and security perspective.
The coordinated delivery approach included:
A single, joined-up test plan covering scope, environments, key journeys, and evidence requirements
Accessibility testing aligned to WCAG 2.2 AA, with findings clearly structured around severity, impacted user groups, reproduction steps, and remediation guidance
A prioritised remediation backlog to help teams manage fixes in a controlled and traceable way
CHECK-accredited penetration testing with structured reporting and practical, risk-based remediation guidance
Frequent stand-ups (several times per week) to maintain alignment, confirm scope, and remove delivery blockers
Regular findings walkthroughs with technical teams to agree remediation approach and sequencing
Retesting cycles to validate fixes and maintain confidence ahead of release
A structured close-out process with senior stakeholders to confirm exit criteria and provide clear, non-technical assurance of readiness
Results: Faster go-live with validated WCAG compliance and security assurance
By combining the delivery of both accessibility and security assurance through a single partner and aligning delivery closely to the release window, the organisation could strengthen assurance without missing the delivery deadline. This also helped avoid procurement-related delays at a critical point at the start of the process.
This approach delivered both delivery confidence and clarity around governance:
1
2
Clear, audit-ready compliance evidence was produced for both WCAG 2.2 AA accessibility requirements and CHECK-aligned security assurance
3
Approximately 2 months of procurement time was avoided by extending the existing contract vehicle rather than initiating a separate tender process
4
The commercial changes to the contract that were needed were completed in around 2 weeks, reducing the risk of delays which would have affected delivery timelines
5
Contract terms were adjusted to reflect the differing market rates for pen testing versus accessibility testing, helping ensure fair commercial value for the client
6
Key issues were identified early and fixes validated before release, reducing both operational exposure and reputational risk at launch
Why Resillion: A Total Quality approach that unifies testing, risk and delivery assurance
Resillion’s Total Quality approach brings Quality Engineering and Cyber Security assurance together within a single coordinated delivery model.
In this engagement, that meant the organisation did not need to manage separate suppliers, parallel reporting structures, or duplicated scoping effort. Instead, they had a single, consistent view of risk, compliance, and delivery readiness.
This joined-up approach also maintained continuity of context across testing cycles. It enabled more efficient retesting and supporting future assurance activity for evolving or newly introduced components, without restarting discovery or re-establishing baseline understanding.
Related Insights
Providing solutions in a unified, structured approach across all critical domains to enable end-to-end quality.
Get in touch
Providing solutions in a unified, structured approach across all critical domains to enable end-to-end quality – Because we’re the only ones who can.
