Who needs to do this
Every capability and service that handles Defence data needs to be secure. This includes projects delivered by suppliers.
All capabilities and services
Since July 2023, all capabilities, technology infrastructure and digital services in Defence need to follow the Secure by Design approach.
Examples include:
- platforms
- weapons systems
- networks
- applications
- services
If your capability or service has existing security accreditation, you need to move to Secure by Design before it expires.
Who is responsible
The Senior Responsible Owner (SRO) is accountable for making sure your capability or service is secure.
If you do not have an SRO, another appropriate person in your team should take on this role.
That person must have the appropriate risk management experience or qualifications.
Get your team involved
Secure by Design encourages everyone to identify and manage risk.
Make sure your team understands:
- the project is responsible for cyber security
- why designing for security from the start is important
- their role in keeping MOD data secure
The Ministry of Defence runs regular calls on Secure by Design. Find out who should join the regular calls.
Published August 2024