Secure by Design

Who needs to do this

Every capability and service that handles Defence data needs to be secure. This includes projects delivered by suppliers.

All capabilities and services

Since July 2023, all capabilities, technology infrastructure and digital services in Defence need to follow the Secure by Design approach.

Examples include:

  • platforms
  • weapons systems
  • networks
  • applications
  • services

If your capability or service has existing security accreditation, you need to move to Secure by Design before it expires.

Who is responsible

The Senior Responsible Owner (SRO) is accountable for making sure your capability or service is secure.

If you do not have an SRO, another appropriate person in your team should take on this role.

That person must have the appropriate risk management experience or qualifications.

Get your team involved

Secure by Design encourages everyone to identify and manage risk.

Make sure your team understands:

  • the project is responsible for cyber security
  • why designing for security from the start is important
  • their role in keeping MOD data secure

The Ministry of Defence runs regular calls on Secure by Design. Find out who should join the regular calls.

Published August 2024