Skip to main content

This is a new service – your feedback will help us to improve it.

  1. Guidance
  2. Secure by Design
  3. Implementation

Implementing Secure by Design

All central government departments and arm's-length bodies (ALBs) must incorporate effective security practices and apply the Secure by Design principles when delivering and building digital services and technical infrastructure. This applies to new services and significant changes to services that fall into scope of the digital and technology spend controls approval process.

Affected organisations have been separated into two groups which determine their implementation timescales:

Implementation schedule

The Cabinet Office will be working with organisations to discuss their specific implementation schedule and establish what assistance may be required.

Organisations are encouraged to implement Secure by Design as soon as possible, however support from Central Digital and Data Office (CDDO) will be prioritised for group 1 organisations.

The implementation plan aligns with timescales in the government’s transforming for a digital future roadmap: 2022 to 2025. It has been developed in collaboration with security and digital leaders, including the Chief Digital Information Officers (CDIOs) who are accountable for the adoption of Secure by Design in their organisations.

Secure by Design is a journey for continuous improvement, not a compliance process. It is essential for government organisations to begin the transition early and make positive changes towards achieving the required cyber security maturity.

Further information

Secure by Design | About | Principles | Activities

The Secure by Design approach will evolve to reflect the needs of government digital services. Your feedback will help us to improve it.

Last update: 25 March 2024