Skip to main content

What do you think of this service? Your feedback will help us to improve it.

Author: Central Digital and Data Office (CDDO), Cabinet Office

Outline Secure by Design Communication Plan

How to inform and engage colleagues within your organisation during the implementation of Secure by Design.

This guidance is for Secure by Design champions, working groups, and their internal communication teams. It includes example communication activities that can be adapted to raise awareness and understanding of Secure by Design.

Key considerations

Before you begin, there are various elements you should consider.

Communication and engagement objectives

These may include ensuring people know:

  • why Secure by Design is being implemented
  • how it will impact them
  • what they need to do
  • when they need to do to it
  • where they can find further information

Other goals might include driving collaboration between teams (including delivery and security) and giving opportunities to provide feedback so questions can be addressed and the approach can be improved.

Support and advocacy

Establish which colleagues from communication, training and security teams you need to help you develop and deliver this activity. Senior-level advocates such as your CDIO, CTOs and CISO (or equivalents) should also be used to help deliver your messages with the necessary authority to drive adoption.

Audience alignment

Identify who you need to communicate with and consider why they are important, what they need to know and what behaviours and actions you need to drive. The example RACI matrix outlines which roles might be affected by each part of the approach.

It’s important to establish how to position Secure by Design alongside your existing activities on cyber security, risk management, digital transformation and other relevant areas when engaging with various audiences.

Some of the people you need to engage with include:

  • your Permanent Secretary or equivalent, COO and other members of your executive team
  • senior functional leaders including CDIOs, CTOs, CISOs (or their equivalents)
  • senior Responsible Owners, service owners and product owners
  • project managers, delivery managers and digital and data teams
  • colleagues from cyber security, risk management and assurance
  • commercial, procurement, finance and auditing teams
  • suppliers

Channels and resources

Use a combination of tactics such as show and tells, webinars, newsletters, blogs and your intranet to ensure all relevant colleagues receive your messages. Prioritise face-to-face communication where possible so you can gauge reactions and respond to questions.

The example communication plan below includes links to various examples and templates – see the Secure by Design Communication Toolkit for a full list of available resources. These should be modified to reflect the branding and tone used in your regular communication.

Contact secure-by-design@digital.cabinet-office.gov.uk if you require support adapting these or have ideas for additional resources.

Insight and evaluation

Determine which tools you could use or create (such as staff surveys or focus groups) to research your audiences and measure the success of your activities.

The OASIS framework published by the Government Communication Service provides a useful structure for delivering an effective, efficient and evaluated campaign.


Example Communication Plan

These suggested activities are designed to align with the implementation phases (preparation, transition and operation) outlined in the Guide to adopting Secure by Design.

It covers suggested audiences, goals, key messages, and channels, but does not provide detail on the exact timing, frequency or ownership of each type of communication. This will need to be established by each organisation.

Some messages can be applied across government, while others will need to be adapted to be organisation-specific. Plan in advance so communication can be staggered appropriately, creating momentum as you progress towards the implementation deadlines.

Initial activities (aligns with the Secure by Design ‘Preparation’ phase)

A series of webinars is in development aimed at those working in various roles and teams to explain their relationship to Secure by Design. To find out when these will be available and to express your interest, email secure-by-design@digital.cabinet-office.gov.uk.

Ongoing activities (aligns with the Secure by Design ‘Transition’ and ‘Operation’ phases)

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now