Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. About Secure by Design

Author: Government Digital Service

Last updated: 2025-04-11

About Secure by Design

The Secure by Design approach aims to increase the government’s cyber resilience and improve data sharing between organisations.

The Secure by Design policy has been developed by the Government Digital Service (GDS) and a cross-government working group in collaboration with the Government Security Group (GSG), National Cyber Security Centre (NCSC) and industry experts.

Secure by Design is a strategic priority that was included in the transforming for a digital future roadmap: 2022 to 2025 and the Government Cyber Security Strategy. It is a core requirement of the government Cyber Security Standard.

The approach provides:

  • risk-driven activities for building appropriate and proportionate cyber security controls within digital services
  • clarity on roles and responsibilities to continuously manage security risks and improve security culture
  • practical guidance and tools to achieve the Cyber Assessment Framework (CAF) outcomes as part of GovAssure

How assurance works

Secure by Design is not an assurance process, however one of the principles is to continuously deliver effective security controls throughout the life of a service.

To achieve this, delivery teams will need to provide a self assessment as evidence of meeting the Secure by Design principles when taking part in the digital and technology spend controls approval process.

Secure by Design in the Service Standard and Service Manual

The Service Standard Point 9 (Create a secure service which protects users’ privacy) has been updated to advise service teams that they must follow the Secure by Design principles.

The Service Manual, which helps teams meet the Service Standard, also includes Secure by Design as an essential part of designing quality services. This will help to ensure that security is naturally embedded throughout the life cycle of government digital services.

Secure by Design for the defence industry

The Ministry of Defence (MoD) offers advice on how delivery teams and suppliers can design security from the start.

The MoD approach shares the cross-government objective of making security an integral part of service design through effective risk management, collaboration and continuous improvement. This has been mapped to their specific environment and project management lifecycle.

Further information

Secure by Design Policy
Secure by Design Principles
Secure by Design Activities
Implementing Secure by Design

Find out more about Secure by Design

News and views

Read the Secure by Design blog for the latest project updates

Subscribe

Sign up to receive the Secure by Design email newsletter

Chat

Join us on the Secure by Design Slack channel

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now