tweaks to ai strategy to be more assistant agnostic

software-engineering/strategy/software-engineering-ai-strategy.md

@@ -2,19 +2,19 @@
 
 ## Foreword
 
-Software Engineering plays a central role in delivering UKHO's digital products and services. AI-powered developer tools are an opportunity to increase productivity, improve code quality, and free engineers to focus on higher-value design and systems thinking. This document sets out our practical, security-conscious approach to adopting AI within software delivery, with GitHub Copilot established as the sanctioned coding assistant.
+Software Engineering plays a central role in delivering UKHO's digital products and services. AI-powered developer tools are an opportunity to increase productivity, improve code quality, and free engineers to focus on higher-value design and systems thinking. This document sets out our practical, security-conscious approach to adopting AI within software delivery. GitHub Copilot is the current Organisation Approved coding assistant (referred to as the 'Approved Assistant' throughout this document).
 
 The strategy balances pragmatic adoption with strong governance: engineers remain accountable for all code, security and IP considerations are enforced, and we prioritise training, monitoring and targeted support so benefits are realised evenly across teams.
 
 This is a living strategy and will be reviewed annually to reflect technology, policy and operational lessons learned.
 
 ## 1. Executive Summary
 
-This strategy sets out how Software Engineering will use AI to improve delivery quality and developer productivity while maintaining security, IP and governance standards. Our pragmatic approach focuses on sanctioned developer tooling (GitHub Copilot), training and measurement to ensure benefits are realised safely and evenly across teams.
+This strategy sets out how Software Engineering will use AI to improve delivery quality and developer productivity while maintaining security, IP and governance standards. Our pragmatic approach focuses on sanctioned developer tooling (the Approved Assistant), training and measurement to ensure benefits are realised safely and evenly across teams.
 
 Key outcomes:
 
-- Broad, effective adoption of GitHub Copilot with measurable productivity improvements.
+- Broad, effective adoption of the Approved Assistant with measurable productivity improvements.
 - Clear governance, audit and safe-usage standards for developer-facing AI tools.
 - Reduced cycle times and improved code quality through AI-assisted testing and code review support.
 
@@ -24,7 +24,7 @@ This document describes the purpose, scope and constraints for adopting develope
 
 Scope
 
-- Developer-facing AI assistants (primary focus: GitHub Copilot) used by engineers, testers and platform teams during development, test and documentation activities.
+- Developer-facing AI assistants (primary focus: the Approved Assistant) used by engineers, testers and platform teams during development, test and documentation activities.
 - Tooling that generates or suggests code, tests, infrastructure-as-code, configuration or documentation.
 - Integration patterns and platform controls that permit safe experimentation with AI tools.
 
@@ -62,8 +62,8 @@ Refer to the [Code Generation Tools Policy](../../software-engineering-policies/
   - Improve code quality and reduce defect injection by using AI-assisted testing and linting alongside existing quality gates.
 
 - Enabling Platform & Tooling
-  - Provide secure, supported Copilot integrations and platform controls so engineers can experiment safely without exposing sensitive data.
-  - Build observability and metric pipelines to measure Copilot usage and its impact on delivery and quality.
+  - Provide secure, supported Approved Assistant integrations and platform controls so engineers can experiment safely without exposing sensitive data.
+  - Build observability and metric pipelines to measure Approved Assistant usage and its impact on delivery and quality.
 
 - Governance, Ethics & Risk
   - Maintain clear policies and approval processes for developer-facing AI tooling and ensure guidance is readily available.
@@ -87,21 +87,21 @@ Priority rationale:
 
 ## 6. Capability Development
 
-To accelerate practical AI adoption within Software Engineering we will prioritise developer-facing tooling. GitHub Copilot has already been rolled out organisation-wide and licences issued to most engineers. The current phase focuses on consolidating that rollout by emphasising training, pilots, monitoring and targeted support to raise effective adoption across all teams.
+To accelerate practical AI adoption within Software Engineering we will prioritise developer-facing tooling. The Approved Assistant has already been rolled out organisation-wide and licences issued to most engineers. The current phase focuses on consolidating that rollout by emphasising training, pilots, monitoring and targeted support to raise effective adoption across all teams.
 
-- **GitHub Copilot adoption program:**
+- **Approved Assistant adoption program:**
   - Licences have been provisioned for the majority of engineers; continue onboarding remaining staff as needed.
-  - Establish a set of usage guidelines and best practices for Copilot.
-  - Maintain and grow a Copilot champions network to support peer-to-peer learning and share patterns.
+  - Establish a set of usage guidelines and best practices for the Approved Assistant.
+  - Maintain and grow an Approved Assistant champions network to support peer-to-peer learning and share patterns.
 
 Implementation notes:
 
 - Licensing: maintain a licence registry and reconcile seat usage quarterly.
-- Training approach: each team will schedule team-level sessions at a cadence appropriate to their members; cadence will vary according to need. Periodic deep-dive workshops will remain available for cross-team topics. New starters should complete basic Copilot training as part of onboarding. Suitable training can be found on PluralSight.
+- Training approach: each team will schedule team-level sessions at a cadence appropriate to their members; cadence will vary according to need. Periodic deep-dive workshops will remain available for cross-team topics. New starters should complete basic Approved Assistant training as part of onboarding. Suitable training can be found on PluralSight.
 - Champions: identify champions to spread knowledge.
 
 - **Pilots and AI projects:**
-  - Continue focused pilots that demonstrate Copilot benefits on real engineering tasks (e.g., test generation, refactoring, documentation updates).
+  - Continue focused pilots that demonstrate Approved Assistant benefits on real engineering tasks (e.g., test generation, refactoring, documentation updates).
   - Collect case studies and lessons learned to inform further improvements.
 
 - **Monitoring & adoption support:**
@@ -113,49 +113,49 @@ Implementation notes:
   - Incorporate AI-assistant usage into onboarding and continuous professional development pathways.
 
 - **Platform & tooling:**
-  - Provide secure, approved integrations of Copilot with our development environments and repositories where permitted.
+  - Provide secure, approved integrations of the Approved Assistant with our development environments and repositories where permitted.
 
 - **Partnerships:**
-  - Work with GitHub and other vendors to stay aligned on security, licensing and feature roadmaps.
+  - Work with AI tool vendors and platform partners to stay aligned on security, licensing and feature roadmaps.
 
-By focusing on Copilot as the primary developer-facing AI tool, we expect faster, measurable productivity gains while ensuring governance and security controls are in place.
+By focusing on the Approved Assistant as the primary developer-facing AI tool, we expect faster, measurable productivity gains while ensuring governance and security controls are in place.
 
 ## 7. Governance & Ethics for Developer-Facing AI
 
 - **Tool approval and policy:**
-  - GitHub Copilot is the recommended and organisationally approved coding assistant. Use of other external coding assistants must follow the tool approval process.
+  - The Approved Assistant is the recommended and organisationally approved coding assistant. Use of other external coding assistants must follow the tool approval process.
   - The current approval includes provisioning and management guidance for licences and access.
 
 - **Data handling & privacy:**
   - Define acceptable data patterns to prevent exposure of sensitive or classified information to external services.
 
 - **Intellectual property & licensing:**
-  - Provide guidance to engineers on licensing considerations for code suggested by Copilot and how to validate and attribute where necessary.
+  - Provide guidance to engineers on licensing considerations for code suggested by the Approved Assistant and how to validate and attribute where necessary.
 
 - **Explainability & accountability:**
-  - Engineers are responsible for code produced with Copilot. All generated code must be reviewed, tested and signed off according to existing code review processes.
+  - Engineers are responsible for code produced with the Approved Assistant. All generated code must be reviewed, tested and signed off according to existing code review processes.
 
 - **Monitoring & audit:**
-  - Track Copilot adoption and any incidents or misuse. Maintain an audit trail of tool approvals and major changes to usage policy.
+  - Track Approved Assistant adoption and any incidents or misuse. Maintain an audit trail of tool approvals and major changes to usage policy.
 
 Operational governance responsibilities:
 
-- Engineering managers: ensure team members complete baseline training and that Copilot is used in line with guidance.
+- Engineering managers: ensure team members complete baseline training and that the Approved Assistant is used in line with guidance.
 - Platform/security: maintain secure integrations and monitoring dashboards; run periodic compliance checks.
 - Legal/IP: provide fast-turnaround guidance for licensing questions and keep an approved patterns list for reuse.
 
 ## 8. Security & Resilience
 
-- **Secure supply chain:** Ensure Copilot integrations and any model artifacts are vetted and kept up to date.
+- **Secure supply chain:** Ensure Approved Assistant integrations and any model artifacts are vetted and kept up to date.
 - **Threat modelling:** Analyse threats introduced by AI-assisted development workflows and mitigate accordingly.
-- **Fallbacks:** Maintain standard development workflows to operate without Copilot where necessary.
+- **Fallbacks:** Maintain standard development workflows to operate without the Approved Assistant where necessary.
 - **Incident response:** Extend incident response playbooks to include AI-related supply chain or data leakage events.
 
 Controls and safeguards:
 
-- Pre-approved data patterns: lists of safe code and data that can be used with Copilot in non-sandboxed environments.
+- Pre-approved data patterns: lists of safe code and data that can be used with the Approved Assistant in non-sandboxed environments.
 - Sandboxing: ephemeral workspaces where engineers can run Copilot on sensitive code without sending secrets to external services.
-- Access controls: RBAC for Copilot features where supported and integration with SSO for auditability.
+- Access controls: RBAC for Approved Assistant features where supported and integration with SSO for auditability.
 
 ## 9. Implementation Roadmap
 
@@ -168,34 +168,34 @@ Controls and safeguards:
 
 Success criteria for Phase 1:
 
-- 50%+ of engineers have completed basic Copilot training within 6 months.
+- 50%+ of engineers have completed basic Approved Assistant training within 6 months.
 - Two case studies demonstrating measurable productivity gains.
 
 ### Phase 2: Integrate & Scale (Years 2-3)
 
-- Embed Copilot-enabled workflows into CI/CD, code review and documentation processes where safe.
+- Embed Approved Assistant-enabled workflows into CI/CD, code review and documentation processes where safe.
 - Launch monitoring dashboards and adoption incentives; provide targeted support for slower adopters.
 - Expand sandbox and platform support for experimentation.
 
 ### Phase 3: Optimise & Institutionalise (Year 4+)
 
 - Use metrics to continuously refine training and tooling.
-- Institutionalise Copilot best practices and maintain a Copilot champions community.
+- Institutionalise Approved Assistant best practices and maintain an Approved Assistant champions community.
 - Explore advanced integrations (secure code generation, internal model tuning) where justified and governed.
 
 ## 10. Metrics & Evaluation
 
 We will measure both adoption and impact:
 
-- **Adoption metrics:** percentage of engineers with Copilot licences; active Copilot users; session frequency; training completion rates.
+- **Adoption metrics:** percentage of engineers with Approved Assistant licences; active Approved Assistant users; session frequency; training completion rates.
 - **Quality metrics:** number of defects introduced by generated code, security findings related to AI-assisted changes.
 - **Governance metrics:** number of tool approvals, incidents, and compliance with review processes.
 
-Use these measures to target coaching for slower adopters and to verify that Copilot usage delivers expected benefits.
+Use these measures to target coaching for slower adopters and to verify that Approved Assistant usage delivers expected benefits.
 
 Data sources and cadence:
 
-- Usage telemetry: weekly and monthly reports from Copilot management portal or platform integrations.
+- Usage telemetry: weekly and monthly reports from Approved Assistant management portal or platform integrations.
 - Delivery metrics: pull request, CI and defect metrics from SCM and CI systems (weekly rollups).
 - Quality/security: automated test and SAST/DAST results integrated into dashboards (per release).