Skip to main content

This is a new service – your feedback will help us to improve it.

  1. Guidance
  2. Secure by Design
  3. Activities

Secure by Design Activities

Guidance for delivery teams and security professionals to help them achieve the Secure by Design principles.

These recommended activities provide good practice guidance that can be tailored to reflect your organisation's specific structure, processes and resources. They can be applied to both new and active services at different stages of the delivery lifecycle.

Examples and tools are provided to help teams implement each activity.


Prepare a secure service

How Senior Responsible Officers (SROs), service owners and product managers should allocate the appropriate budget, resources and skills to ensure security is embedded within service delivery.

Understand the security landscape

How business analysts, product managers and user researchers should involve security and technical architects in considering security in a broader business context.

Manage cyber security risks

How security professionals and delivery teams can assess threats and reduce cyber security risks by building appropriate security protection in the service.

Anticipate and respond to vulnerabilities

How architects, developers and delivery teams can proactively and reactively manage weaknesses in the service to prevent potential security incidents.

Maintain continuous assurance

How project managers can work with delivery teams to keep track of how the Secure by Design approach is being followed throughout the lifecycle of a service.

The Secure by Design approach will evolve to reflect the needs of government digital services. Your feedback will help us to improve it.

Last update: 31 January 2024