Skip to main content

This is a new service – your feedback will help us to improve it.

  1. Guidance
  2. Secure by Design

Secure by Design Approach

What delivery teams and security professionals need to do to incorporate effective cyber security practices in digital delivery.

This approach provides:

Secure by Design principles

To implement the Secure by Design approach, government departments and arm's-length bodies (ALBs) must follow a set of core principles when delivering digital services.

The principles form part of a policy (available in March 2024). Implementing them is mandatory for new digital and technology projects which deliver services either built within departments or procured through suppliers.

View the Secure by Design principles

Secure by Design activities

To achieve the principles, government departments and ALBs should perform a series of activities.

These activities offer practical guidance to achieve the Secure by Design principles and can be tailored to meet the organisation's specific governance, structures and resources.

Read the Secure by Design activities

About the Secure by Design approach

The Secure by Design approach has been developed by CDDO and a cross-government working group in collaboration with the Government Security Group, National Cyber Security Centre (NCSC) and industry experts.

It is a strategic priority included in the Transforming for a digital future roadmap and the Government Cyber Security Strategy. It aims to increase the government’s cyber resilience and improve data sharing between organisations.

By highlighting that security risks are business risks, it promotes a positive security culture and encourages project teams to make cyber security everyone’s collective responsibility.

The Secure by Design approach is not an assurance process, however one of the principles included is to implement continuous security assurance processes.

Delivery teams will need to provide a self assessment as evidence of meeting the Secure by Design principles when taking part in the digital and technology spend controls approval process.

Further information

The Secure by Design approach will evolve to reflect the needs of government digital services. Your feedback will help us to improve it.

Last update: 31 January 2024