Guidance for delivery teams and security professionals to help them achieve the Secure by Design principles.
These recommended activities provide good practice guidance that can be tailored to reflect your organisation's specific structure, processes and resources. They can be applied to both new and active services at different stages of the delivery lifecycle.
Examples and tools are provided to help teams implement each activity.
How Senior Responsible Officers (SROs), service owners and product managers should allocate the appropriate budget, resources and skills to ensure security is embedded within service delivery.
How business analysts, product managers and user researchers should involve security and technical architects in considering security in a broader business context.
How security professionals and delivery teams can assess threats and reduce cyber security risks by building appropriate security protection in the service.
How architects, developers and delivery teams can proactively and reactively manage weaknesses in the service to prevent potential security incidents.
How project managers can work with delivery teams to keep track of how the Secure by Design approach is being followed throughout the lifecycle of a service.
Read the implementation guide for details of how teams can prepare for transition to Secure by Design within the required timescales.
Secure by Design | About | Principles | Implementation
The Secure by Design approach will evolve to reflect the needs of government digital services. Your feedback will help us to improve it.
Last update: 25 March 2024
OFFICIAL