Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Implementing Secure by Design

Author: Central Digital and Data Office (CDDO), Cabinet Office

Implementing Secure by Design

All central government departments and arm's-length bodies (ALBs) must incorporate effective security practices and meet the Secure by Design policy when delivering and building digital services and technical infrastructure.

This applies to new services and significant changes to services that fall into scope of the digital and technology spend controls approval process.

Affected organisations have been separated into two groups which determine their implementation timescales:

  • Group 1 – ministerial departments, ALBs managing government Critical National Infrastructure (CNI) and organisations managing priority government services.
  • Group 2 – all remaining ALBs and other central government organisations.

Implementation schedule

The Cabinet Office will be working with organisations to discuss their specific implementation schedule and establish what assistance may be required.

Organisations are encouraged to implement Secure by Design as soon as possible, however support from Central Digital and Data Office (CDDO) will be prioritised for group 1 organisations.

The implementation plan aligns with timescales in the government’s transforming for a digital future roadmap: 2022 to 2025. It has been developed in collaboration with security and digital leaders, including the Chief Digital Information Officers (CDIOs) who are accountable for the adoption of Secure by Design in their organisations.

Secure by Design is a journey for continuous improvement, not a compliance process. It is essential for government organisations to begin the transition early and make positive changes towards achieving the required cyber security maturity.

Guide to adopting Secure by Design

A detailed walkthrough has been developed for stakeholders within public sector organisations involved in the adoption of Secure by Design. It outlines key phases and milestones that should be considered at each stage.

Read the guide to adopting Secure by Design

Includes recommended actions, tools and templates

Download a Secure by Design preparation checklist

Use this template to assess whether your organisation is currently meeting the requirements of Secure by Design and identify where improvements are needed.

Download the preparation checklist

Select your preferred format and find out how to use this tool
About Secure by Design
Secure by Design Policy
Secure by Design Principles
Secure by Design Activities

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now