Alpha activities

An overview of all activities you will need to do across the alpha phase.

Activities to start with

Considering security within the business case

Identifying security resources (Opens in new tab)

Agreeing roles and responsibilities (Opens in new tab)

Working out the project's security risk appetite (Opens in new tab)

Managing third-party product security risks (Opens in new tab)

Ongoing activities that must be carried out throughout the alpha phase:

Tracking Secure by Design progress

Activities to do next

Documenting service assets

Assessing the importance of service assets (Opens in new tab)

Sourcing a threat assessment (Opens in new tab)

Performing threat modelling

Performing a security risk assessment (Opens in new tab)

Agreeing a security controls set for your service (Opens in new tab)

Activities to do later

Responding to and mitigating security risks (Opens in new tab)

Assessing the effectiveness of security controls (Opens in new tab)

Implementing a vulnerability management process

Discovering vulnerabilities

Managing observability

Evaluating the security impact of changes (Opens in new tab)

Retiring service components securely (Opens in new tab)