The onboarding phase involves planning, project management and some technical setup, but don't worry, the GovCMS Onboarding Team will guide you through the process. Our team will work with you up until your website is ready to Go Live and beyond.

On this page

Onboarding Checklist
This checklist is for personal use only. Checks are not saved.
Remember you can contact us at anytime for advice

GovCMS Proposal

Prior to requesting a Software-as-a-Service (SaaS) or Platform-as-a-Service (PaaS) proposal from GovCMS, you’ll need to provide a few details such as the number of page views per month the website is expected to receive, the database and file storage size (if known), whether you require a sandbox/development environment (including the number of months required), and the expected go live date for your website project. With a PaaS project, you’ll also need to let us know your support plan requirements and Web Protection Service (WPS) intentions.

Your organisation must ensure that approval is supported by its relevant Financial Delegate and then provide that approval to GovCMS via email.

Attachment A: Project details

Attachment A is provided to you as part of your proposal. It is important to ensure you complete all sections in the Attachment A of the proposal as returning an incomplete form will cause a delay in setting up your website project.

This includes letting GovCMS know who the contacts are for your website project. That can include your website domain host, product owner / project manager and your contact for communications.

Your completed Attachment A should include details on who needs access to the GovCMS Service Desk and GitLab. Your organisation can also request further accounts be created via a GovCMS Service Desk ticket. Finance can then arrange the appropriate Service Desk and GitLab accounts.

BETA websites

Confirm with GovCMS if you will be launching a public beta site (such as a site that seeks feedback from the public e.g.https://beta.agency.gov.au). There are additional costs involved for the use of a public beta when it is in addition to your main website project as you will have two live projects.

Security responsibilities

Prior to commencing building or migrating to the GovCMS platform, you need to understand your security responsibilities and that GovCMS operates on a public cloud. Upon request, the Systems Security Plan (SSP) highlighting the high level GovCMS architecture and the Authority to Operate can be emailed to the nominated Agency IT Security Advisor (ITSA).

Domain Name

You need to have a domain name registered before moving to the GovCMS platform. We recommend using short/succinct domain names which are easier for your customers to remember and reduces the chance of errors. In addition, please do not worry about the www. prefix with your website name, as this is now outdated. For more information for registering .gov.au sites, please visit domainname.gov.au

Shield Credentials

GovCMS will provide you with shield credentials, username and password, to enable you to access the project. If you are using a GovCMS sandbox environment, you will receive these via secure email at the beginning of the onboarding process. If you are building your website project off platform (forklift), you will receive the shield credentials via secure email on completion of the forklift process.

Onboarding meeting

GovCMS runs an onboarding meeting that familiarises customers and their site developers with the onboarding of their website to GovCMS. The information provided in this meeting sets clear expectations for all and ensures customers understand the onboarding process.

For more information on the onboarding meeting and requirements, log in to the Knowledge Base and read the following article:

GovCMS New Site Onboarding Checklist

Website redirect

GovCMS can do one website redirect. This redirect service is not highly available, as the service provider does have maintenance periods with short outages. GovCMS does not offer redirects from .com.au domains or non-GovCMS hosted sites.

If you need more than one domain redirected or require highly available redirects, you will need to engage an alternative Domain Name Server (DNS) redirect service provider to complete the redirects to your website project.

GovCMS offers a single redirect for the following use cases:

  • www to non www redirects (eg. www.agency.gov.au to agency.gov.au),
  • non www to www redirects (agency.gov.au to www.agency.gov.au),
  • Machinery of Government (MoG) domain redirects changes, and
  • Temporary redirects for GovCMS domains that have been renamed.

Secure Socket Layer and Domain Name Server

The Secure Socket Layer (SSL) certificate secures your website by encrypting the data sent between your website and the browser. As part of onboarding instructions with GovCMS, a Let’s encrypt digital (SSL) certificate will be ordered and configured by the Department of Finance for your domain for all Software-as-a-Service (SaaS sites), and for Platform-as-a-Service (PaaS) customers that have paid for our Web Protection Service (WPS). PaaS customers that have chosen an alternative WPS will need to organise their own SSL certificate.

Before the SSL certificate can be issued by the Certificate Authority (CA), you will need to demonstrate to the CA that you have control of your domain.

For websites that are moving to the GovCMS platform from another hosting service you will need to do this through the completion of a Domain Name Server (DNS) challenge. If you are asked to complete a DNS challenge, it must be actioned quickly to avoid delays. You will need to liaise with your DNS service provider to complete this task.

Find out more about DNS challenges by accessing the below article in the Knowledge Base:

What is a DNS challenge

If you’re launching a brand-new site which doesn’t require a DNS challenge, or after your DNS challenge has been completed, you will be asked to implement additional DNS changes prior to Go Live. GovCMS will cover these changes with you in your onboarding meeting.

Build website

When you’re ready to build, the GovCMS Onboarding Team will send you a Go Live checklist which maps out the steps you need to take to make sure your website launch runs smoothly. While building your website ensure you report any development issues with your developer or service provider and raise tickets for any issues relating to the platform via the GovCMS Service Desk.

Forklift your website

For projects that did not build in a sandbox on the GovCMS platform, you will need to book a forklift to migrate your website project materials into your GovCMS project environment. You will need to raise a GovCMS Service Desk ticket to nominate a day for your forklift. Please note that we usually require at least 8 days’ notice for forklift bookings. As part of your forklift you will need to fill out a form and complete some pre-forklift tasks. Please see the following service desk knowledge base article for more information:

Forklift basics

Following the completion of the forklift, your organisation will receive your URL and shield credentials for accessing the site and to continue testing including validating links and undertaking User Acceptance Testing.

User Acceptance Testing

User Acceptance Testing (UAT) is an important part of validating your website before and after Go Live. This includes checking that the theme, functionality and content migration is working as expected. If you notice any issues, make sure you report these to your developers or service provider to have them resolved as soon as possible.

It is recommended you do this before and after Go Live and iteratively throughout the life of the project.

Additional things to check during UAT includes:

  • Verifying that Google Analytics is working and ensure it is monitored while your site is live
  • Monitoring 404 page errors that occur – “page not found”
  • Updating 301 redirects – “permanent redirects”

Further information relating to UAT and validation activities is available on the GovCMS Service Desk

Google Analytics

Google Analytics allows you track pageviews and more for your website such as trending pages, behaviours and interests. GovCMS also uses Google Analytics to monitor usage of our Software-as-a-Service (SaaS) websites. GovCMS models our pricing on this data. This allows us to charge in an equitable manner for usage of across the platform. 

Google Analytics is required for all live websites on the GovCMS platform.

Steps on how to configure Google Analytics is included in the onboarding checklist on the Knowledge Base:

GovCMS Onboarding Checklist

Route change

GovCMS will schedule a route change with an Application Support agent on your behalf. This is the last step in preparing to Go Live. This includes GovCMS making some changes to ensure that your website project is ready for production and that your project will be accessible via your registered public URL.

The route change process can take up to 1 hour to action and we ask that you cease work on the site during this window. There is no down time during the route change.

For new websites on the GovCMS platform we will schedule this change the business day before your intended Go Live date to minimise any disruption to site owners and developers.

For sites that already exist on the GovCMS platform that are being upgraded or re-developed, the route change process will start one hour before your intended Go Live time to allow us to point your public URL to your new re-developed production version of your website.

We will confirm with you once the process has been completed via the GovCMS Service Desk.

Shield module

When you are ready for your website to go live you will need to turn off your website’s sheild module. Turning off the shield module will make your website available to the public. Log in to the Knowledge Base to access the below article with step-by-step instructions on this process:

How to use the Shield Module

After you've turned your shield off, both you and GovCMS will check your website is live. After this you can perform additional User Acceptance Testing and website validation to check redirects, links, webforms etc. are working as expected.

Penetration testing

A penetration test (pen test) is an activity used to identify security vulnerabilities that may compromise your website application. If you choose to do your own Penetration Testing (Pen Testing), we recommend this is done after the site has gone live, so that your website will be protected by our Web Protection Service during your tests.

Please notify GovCMS via a Service Desk ticket prior to commencing Pen Testing, as you will need to fill out a form advising us of the details of the testing. More information can be found in the Knowledge Base on the GovCMS Service Desk


You will generally receive your invoice after your project goes live. If you currently have a website hosted on the GovCMS platform, the initial invoice will be prorated to align with the current website. Sandbox fees are charged based on actual usage.

Decommission a previous website

If you have another live version of this website, you should plan to decommission it (if your new site is replacing another one) within 10 days of going live with your new site. Make sure to ask your developer or service provider to take a copy of your current website prior to decommissioning.

If both sites are on the GovCMS platform, charges will be incurred for two sites on the platform after this period.

For more information on decommissioning your GovCMS website visit our Exit page.

This page was last updated on