Secure by Design has been developed by the Government Digital Service (GDS) and a cross-government working group in collaboration with the Government Security Group, National Cyber Security Centre (NCSC) and industry experts.
As of 31 January 2025 all DfE projects and services that go through Cabinet Office spend control process must follow Secure by Design.
Implementing Secure by Design
How to understand if you have a project that is in scope and your roles and responsibilities.
Understanding if your project is in scope
What Secure by Design means for DfE and who is in scope.
Roles and responsibilities
What DfE teams must do to be Secure by Design.
Tracking Secure by Design progress
Get your Secure by Design self-assessment tracker.