Skip to main content

What do you think of this service? Your feedback will help us to improve it.

Author: Danny Chadburn

Guide to adopting Secure by Design – Transition

Once you have put the fundamental processes in place, you can begin applying the Secure by Design approach to active projects.

Capture feedback from pilot project(s)

The most important element of the test process is to gather information. This should cover what has worked as well as what hasn’t so improvements and solutions can be devised.

An evaluation can be shared with delivery teams in a staggered way by delivery phase, so those wanting to begin a discovery project don’t need to await the findings of an alpha stage pilot.

Inform in-scope projects about their Secure by Design obligations

When considering options for your pilot scheme, you will have gathered information on the services and projects where Secure by Design needs to be applied. Your champion should work with leaders including the CDIO, CISO, CTO and Senior Responsible Owners (SROs) to define a comprehensive list of all planned and existing projects that fall within scope.

This could also include arm’s-length bodies (ALBs) that your organisation has responsibility over.

Embed Secure by Design within commercial and procurement processes

CDDO is working with the Government Commercial Function to incorporate Secure by Design into future procurements and contracts that can be applied to projects.

Organisations should make updates to updates to procurement documents and commercial contracts and work with their suppliers to encourage them to adopt the Secure by Design principles.

Turn the transition plan into an operational plan

Update the outline transition plan produced during the preparation phase to take into account the lessons learned during the pilot scheme.

This should include specific plans for addressing any gaps that were identified in the preparation checklist and accurate resource estimates for updating internal policies and processes.

Share Secure by Design progress with internal teams and senior leaders

To ensure there’s sufficient momentum to achieve full adoption of Secure by Design within the required timescales, regular engagement should take place with affected teams and those ultimately responsible for the successful implementation.

You may also choose to share relevant information with selected suppliers so they’re aware of their responsibilities in relation to Secure by Design and are able to change their ways of working to meet requirements.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now