The following principles must be met by delivery teams with support from security professionals throughout the service lifecycle.
As outlined in the Secure by Design policy, these principles are mandatory for government departments and arm’s-length bodies (ALBs), and optional for other parts of the public sector. Third party suppliers to these organisations should liaise with their security contacts to understand the specific requirements that apply.
Organisations may introduce additional principles and tailor the recommended activities to meet their specific circ*mstances, provided they still meet the core principles.
The implementation guide explains how teams can prepare for transition to Secure by Design within the required timescales.