Governance for citizen developers

Working with multidisciplinary teams and establishing a governance strategy applied to the citizen developer (business user with little technical knowledge) is a complex task that requires an organized centralization, and ability to coordinate the different areas of the company.

The concept of citizen developer  starts with the first office applications. Tools such as Office or Lotus Notes, practically from the beginning, incorporated utilities for non-technologically qualified personnel to create automatisms that execute repetitive tasks, maintain a database, or manage a spreadsheet.

However, on many occasions, these applications have been developed without any control, generating information silos, security breaches and organizational chaos.


The current demand for application generation makes it totally unfeasible for the IT department to remain solely responsible for generating them and encourages the democratization of software development.

In this context, low code development platforms are entering the business world with great momentum, and are becoming the central axis of its digital transformation, since they not only allow the creation and modification of software much faster than traditional programming, but also enable the business user to participate in software generation.

The ease of development, and reduction of delivery times, can end up having a negative impact on the company’s organisation if the number of applications created with these tools grows significantly in an uncontrolled manner.

Governance is the determining factor that turns disorganized and unauthorized employee initiatives into successful citizen development. A low-code platform is the tool that enables these strategies to be executed and empowers employees from different departments to get involved in the application development process and contribute their business knowledge to the software development.


“A governance model is the backbone of any citizen development program”.

Today more than ever, organizations need IT to lead governance strategies that enable the full integration of citizen developers within the organization and ensure compliance with structural system requirements.

As mentioned above, integrating citizen developers into the organization without IT oversight and mentoring can result in a multitude of unsupervised applications that generate information silos, data inconsistency, duplication, and security breaches in the system.

A good strategy requires clear objectives and specifying what you want to achieve with your citizen developers. The key to success is being able to work with multidisciplinary teams that work in tune with the IT team to create applications that contribute to improving company efficiency.

The fundamentals that any governance system must cover are identity, access management, compliance with data security standards and regulations governing the systems. Generally, these concepts will be defined centrally and will answer the following five questions:

Who creates applications using the low-code platform?

In general, professional developers bring a lot of knowledge to the areas of application design, performance and reliability, however, it is the business experts that know what is really needed.

It is very common for business users to complain about the time they spend explaining their needs to developers, so incorporating them into software development tasks seems to be the most logical option.

Software development work today is undoubtedly a multidisciplinary task and it does not make much sense for the IT department to have this task exclusively.

It will therefore be necessary to establish which people will perform citizen developer functions and ensure that they are provided with a low-code tool that allows IT to set the access permissions and privileges that are needed.

How are applications created within the low-code platform?

A strategy that relies on a single development platform will help unify the software, and eliminate the risk of having applications, spreadsheets, or any other type of untraceable or unmonitored digital information.

If the organization already has established guidelines, the citizen developer must comply with them, and be respectful toward the existing way of working in the development and delivery of applications. If the existing workflows and protocols of an organization are followed, the integration of the citizen developer will be faster and more efficient.

The use of a low-code platform will facilitate software development for citizen developers, and provide the technological support necessary to naturally adapt to modern development and delivery methods: Agile, DevOps, etc.

The intended outcome is that all citizen developers have a common way of working that works in tune with the IT department.

What separates a strategic and coordinated citizen developer program from unauthorized IT activity is the use of a common platform.

What types of applications will citizen developers create?

There are basically three ways of approaching the type of applications that citizen developers can create:

  • Development of software for a single department or business unit.
  • Applications of a certain type, such as databases or workflow applications.
  • Developments by classes or purposes, such as applications focused on interacting with agents outside the organization, or non-critical departments.

When do we create applications on the low code platform?

It is necessary to have a plan for citizen developers in order to establish priorities and production guidelines:

  • Will customer-oriented applications or applications focused on departmental workflows have priority?
  • Considering that a citizen developer will probably have other functions in the company, how much time will be allocated to the creation of applications?

In which departments are the applications created?

In general, business units or departments can take responsibility for setting application priorities and delivering most applications, but they are dependent on the IT team or a cloud provider to operate the platform and its infrastructure.

In some cases, it is the development and delivery teams that take responsibility for operations, and the management teams that set the priorities.


Close collaboration between the IT department and the citizen developers is a key factor in ensuring a successful strategy. IT departments must guide and help citizen developers to improve their techniques and supervise development activities.

Building a community

Knowledge of the organization is a very important value of the organization and sharing it is essential to achieve good results.

In this spirit, citizen developers must not only collaborate with the IT team, but also extend this collaboration to other citizen developers.

Citizen developer communities are necessary to share skills and knowledge, but they also optimize work since they provide a space to share software.

service-support-portals-bpm - servicio de soporte

Technical Support

Citizen developers need technical support to[CH(|A3]  help them solve technical problems that may arise.

It will also be necessary to establish a protocol that defines who should be in charge of this support in the applications developed by citizen developers.

Training citizen developers.

Citizen developer must attend training and demonstrate that they have the necessary knowledge to develop applications with the low-code tool.

In addition, the IT or operations teams will have to inform them about the connected systems and provide them with a list of relevant data.

An ongoing training program with Webinars and workshops will enable citizen developers to acquire new skills and ensure they receive the support they need.

Prioritize security

Security risks are always the first issue raised by critics of citizen development. They argue that since it is not possible to control it, it will only result in non-compatible and vulnerable software.

However, as we have seen, centralizing the activity of the citizen developer through a low-code tool and establishing a governance strategy will allow us to control the software.

On the other hand, the specific security features of low-code software such as AuraQuantic will contribute to eliminating vulnerabilities.

Tomás Martí