How to agree roles and responsibilities

Delivery teams should agree security roles and responsibilities for Secure by Design.

We recommend using a RACI (Responsible, Accountable, Consulted, Informed) matrix.

For each role and responsibility, you should:

clarify expectations
regularly review for relevance to the service and individual

Delivery teams need to:

review their existing resourcing plans
understand their mandatory security obligations, including relevant policies, regulations, laws, and contractual obligations
understand the activities required to deliver secure digital services
assign activities to roles
share roles and responsibilities with assigned individuals

The Cyber and Information Security Division (CISD) will be providing an outline RACI shortly.

Get your team involved

Secure by Design encourages everyone on the team to get involved with security. Together everyone can work together to spot and manage risks for the better.

Ensure your team understands the:

project's responsibility for cybersecurity
importance of integrating security from the beginning and throughout
role in safeguarding DfE data

Other manuals

Standards and assurance

Working in DfE

How to agree roles and responsibilities

Get your team involved

Tell us what you think of this manual

Cookies on the security manual

How to agree roles and responsibilities

Get your team involved

Tell us what you think of this manual