The .gov.au means it’s official.

Australian government websites always use a .gov.au domain. Before sharing sensitive information online, make sure you’re on a .gov.au site by inspecting your browser’s address (or 'location') bar.

This site is secure.

The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

CMS requirements checklist

This CMS checklist summarises the base requirements to help you get clear on what you need from a CMS.

How to use this checklist

Use this quick checklist to ask questions and discuss CMS requirements with your team. You could also use it with a CMS vendor to help clarify the suitability of their CMS for your purposes. Refer back to the gather CMS requirements page if you need to.

CMS


  • Features and functionality

    Do you need specific or customised features such as events, social media integration, video capability? How will these be built into your CMS?

  • WYSIWYG (what you see is what you get)

    Can you create clean content with the WYSIWYG content editor tool? Can you write in the styles and format you need to? How flexible is the editor?

  • Multiple site management

    Can you manage multiple sites through the CMS, if required?

  • Metadata

    What metadata and tagging systems are available in the CMS?

  • Image editing

    Can you crop and resize images easily in the CMS?

  • Analytics

    Is there internal site analytics or integration with external analytics tools?

  • Version control and archiving

    What version control does your CMS have? Can you compare and restore earlier versions of content? How easy is it to archive content you no longer require?

  • Navigation

    How easy is it to change navigation of pages if required?

  • User roles

    What are the roles of the people using the CMS? Are the roles and permissions flexible and configurable?

  • Content workflow

    Will you manage some or all your content workflow through your CMS? Write down which parts.

  • Content types

    Have you clearly identified your own content types? Can you create and set up different kinds of content templates for different types of content in your CMS? Write down all of the different types of content you will use on your website (for example, generic topic page, about page, news stories, media releases and annual reports).

  • Headless CMS

    Can the CMS be used as a headless CMS for managing content for use on multiple sites?

  • Testing, staging and live sites

    How does your CMS manage content on the testing, staging and live site?

  • Other languages (if required)

    If you need content in other languages, can your CMS support this?

  • Accessibility

    Accessibility guidelines apply to both your CMS front and back end. For example, how will your CMS help to make your website compliant with WCAG2.0AA? Accessibility also includes things like using plain English. See the DTA Content guide for more about structuring, writing and creating accessible content.

  • Costs

    Write down all the associated CMS costs. Also consider ongoing maintenance, training, licences, development and support costs.

  • CMS roadmap

    Ask your CMS vendor about their product roadmap. How will their CMS technology direction and timing affect you as a client? What future changes might you need to be aware of.

Vendor choice and capability


  • Training

    Who will need CMS training in your agency? How often is it offered? What is the learning curve like for new people?

  • Support

    Is there a developer support community in Australia? Is it online, face to face, 24/7? Overseas based support can mean a delay in time zones.

  • Updates

    How often is the CMS updated to the next version? How might this affect your website content or CMS use?

  • Future changes or customisation

    If you want to make custom changes to your CMS in future, what is the process for this?

Security and hosting


  • Hosting

    How and where is your website hosted?

  • Security

    What type of CMS security do you have?

    What site protection features are in place?

    Do you need to encrypt your content?

    Are you using an SSL certificate for public facing web content?

  • Backups

    How often are content backups done and where are they stored?

  • Disaster recovery

    Is there a disaster recovery plan? How are issues logged by you?

  • Exit strategy

    If you change your CMS, is there a clear, secure process in place for migrating content?