Ongoing self-assessment is a crucial part of adopting Secure by Design (SbD) principles. It enables you to keep track of your SbD activities, ensuring cyber security remains integral to project/service activities and good practice is being applied.

We have created a Department for Education (DfE) version of the self-assessment tracker which aligns to SbD principles you need to meet throughout the delivery lifecycle. It also captures project/service details required for reporting on DfE's adoption of SbD as an organisation. Ensure you use the DfE self-assessment.

When should a self-assessment be completed?

You should complete self-assessments at several points of your project/service's lifecycle, including:

  • during the initial planning phase
  • after significant milestones or changes in the project/service
  • on a regular basis (for example, quarterly) to ensure ongoing compliance and security

The actual frequency is dependent upon your project/service.

What evidence or information do I need to supply as part of a self-assessment?

You will need to provide supporting information when completing your self-assessment. This could be an explanation of how your team has met the security requirement, or a reference to where activity outputs can be found. Our policies and standards will provide additional guidance on evidence requirements. These will continue to evolve to support a consistent DfE approach where appropriate.

If you provide links to supporting documents, check that access has been set appropriately to ensure security of the information.

Who do I need to share my self-assessment with?

As you progress through your Secure by Design journey it is essential to keep relevant stakeholders in the loop. You should expect this to include your delivery team, your service owner/SRO and the Cyber and Information Security team.

Submitting your self-assessment to CISD

You must submit completed self-assessments to CISD. This is so DfE can provide organisational reporting on SbD adoption and posture to wider government.

You can submit your self-assessments by completing this form.