Developing or selecting a content management system for your website

1. Introduction

A web content management system (CMS) is a software system that provides website authoring, collaboration, publishing, and administration tools. It enables users with little or no technical knowledge of web programming or markup languages to create, manage, and maintain website content efficiently.

These guidelines are intended to assist South African government departments and public entities in developing or selecting a CMS that supports accessible, secure, data-efficient, and user-centred government websites, in line with current policy, legislative, and technology developments.

When selecting or developing a CMS, departments must clearly define their functional, technical, governance, and compliance requirements, as these will vary depending on the purpose, scale, and audience of the website.

2. Core functionality

At a minimum, a CMS must enable users to:

  • Create, edit, publish, unpublish, and delete content
  • Organise content into logical structures (pages, sections, categories)
  • Apply changes once and reflect them consistently across the website
  • Interlink related content easily

The CMS should support separation of content from presentation to allow design updates without requiring content changes.
 

3. Functional and technical requirements

3.1 WYSIWYG editor

A WYSIWYG (What You See Is What You Get) editor is essential and must:

  • Allow users to add and edit text, images, tables, and downloadable files (e.g. PDFs)
  • Require alternative text (alt text) for images
  • Enable creation of internal and external links and anchors
  • Include tools such as spellchecking and table editing
  • Prevent users from altering fonts, colours, or layouts outside approved style sheets

Users should not be required to edit HTML directly.

3.2 Accessibility compliance

The CMS must support the creation and maintenance of accessible content in line with WCAG 2.1 AA standards (and WCAG 2.2 where feasible). This includes support for:

  • Keyboard-only navigation
  • Proper heading structures and semantic markup
  • Accessible forms with clear labels, instructions, and error messages
  • Captions and transcripts for audio and video content
  • Accessible documents, including PDFs

Where possible, the CMS should provide automated accessibility checks or warnings during content creation.

3.3 Mobile-first and performance

Government websites must be designed and delivered using a mobile-first approach. The CMS should:

  • Fully support responsive design
  • Optimise images and media automatically
  • Support lazy loading and caching mechanisms
  • Perform efficiently on low-bandwidth connections

This is essential to ensure equitable access for users on mobile devices and limited data plans.

3.4 Search functionality

For medium to large websites, robust search functionality is essential. The CMS search should support:

  • Indexing of pages, documents, and PDFs
  • Filtering and sorting of results
  • Tolerance for spelling variations and synonyms
  • Multilingual search capability where applicable

Search analytics (e.g. popular searches, failed searches) should be available to administrators.

3.5 Content customisation and display

The CMS should allow flexible retrieval and presentation of content, including:

  • Displaying content in different orders (e.g. reverse chronological news)
  • Dynamic content listings (e.g. latest news, notices, events)
  • Calendar-based views for events
  • Reuse of a single content item across multiple pages

3.6 User interaction and forms

The CMS must support the creation of online forms with:

  • Customisable fields and validation
  • Automated email notifications or acknowledgements
  • Secure handling of submitted information

Any collection of personal information must comply with POPIA requirements (see section 3.11).

The CMS may also support newsletters, RSS feeds, and integration with official social media platforms, subject to data efficiency and security considerations.

3.7 Roles, permissions and workflow

The CMS must support role-based access control, including:

  • Defined roles such as author, editor, approver, and publisher
  • Permissions based on responsibilities (e.g. section-level access)
  • Secure authentication (with support for strong passwords and multi-factor authentication where possible)

Configurable workflows must support content creation, review, approval, and publishing processes. Content should not be published without appropriate approval.

Version control and check-in/check-out functionality should prevent conflicting edits.

3.8 Versioning and audit trails

The CMS must:

  • Retain previous versions of content
  • Allow authorised users to revert to earlier versions
  • Maintain detailed audit logs showing actions taken on content, including dates and user roles

Audit logs must be retained in line with government record-keeping requirements.

3.9 Multilingual support

The CMS should support multilingual content to accommodate South Africa’s official languages. This includes:

  • Unicode support for special characters and diacritics (e.g. ṱ, ḓ, ê, ë, š)
  • Language-specific URLs or clear language-switching mechanisms
  • The ability to manage translations and language versions of content

3.10 Design, presentation and branding

Content generated by the CMS must be displayed within the approved government look and feel, controlled by style sheets.

Design consistency must be enforced centrally, and content editors should not be able to bypass branding standards.

3.11 SEO and metadata

The CMS must support search engine optimisation (SEO) through structured metadata fields, including:

  • Title
  • Description
  • Publish date
  • Review date
  • Expiry date
  • Author (automatically generated where possible)

Metadata should be accessible to external search engines to enhance discoverability of government information.

3.12 Analytics and reporting

The CMS should support integration with privacy-aware analytics tools to provide insights such as:

  • Page views and popular content
  • Content performance trends
  • Search usage and behaviour
  • File and document downloads

Analytics must be implemented in a manner that respects user privacy and applicable legislation.

3.13 Security requirements

Security is a critical requirement. The CMS must:

  • Be actively maintained with regular security updates
  • Protect against common web vulnerabilities (e.g. OWASP Top 10)
  • Support secure user authentication and session management
  • Provide detailed security and access logs

Departments must work closely with their IT units to ensure alignment with broader ICT security policies.

3.14 POPIA and privacy compliance

Where personal information is collected or processed, the CMS must support compliance with the Protection of Personal Information Act (POPIA), including:

  • Explicit consent mechanisms where required
  • Secure storage and transmission of personal data
  • Defined data retention and deletion rules
  • Clear separation between content management and personal data storage

3.15 Zero-rating and data efficiency

Where websites are zero-rated or intended for zero-rating, the CMS should support:

  • Data-light page delivery
  • Minimal reliance on external third-party scripts
  • Clear separation of zero-rated and non-zero-rated resources

This ensures accessibility for users with limited or zero data balances.

3.16 Content lifecycle management and archiving

The CMS must support the full content lifecycle, including:

  • Scheduled publishing and unpublishing
  • Review and expiry dates
  • Archiving of outdated or historical content
  • Clear distinction between current and archived information

This is particularly important for legal, policy, and announcement content.

3.17 Interoperability and future readiness

The CMS should be scalable and future-ready, with support for:

  • APIs for integration with other government platforms
  • Optional headless or decoupled architectures
  • Integration with service portals and transactional systems

3.18 AI-assisted content (optional)

Where AI-assisted tools are used for drafting, summarisation, or translation:

  • Human editorial oversight must always apply
  • Final publishing authority remains with designated officials
  • AI use must comply with government communication standards and ethical guidelines.

4. Governance and Ownership

Departments remain accountable for the accuracy, relevance, and timeliness of their website content. Platform governance, standards, and compliance oversight may be coordinated centrally (e.g. by GCIS), while content ownership remains with the responsible department.

Clear roles and responsibilities must be defined for content, technical maintenance, and compliance.

5. Conclusion

A well-selected or well-developed CMS is critical to delivering accessible, secure, and user-focused government websites. By adhering to these guidelines, departments can ensure their websites meet current standards, serve the needs of all users, and remain adaptable to future requirements.