Keep systems and data safe with the appropriate level of security.
To meet point 6 of the Technology Code of Practice your plan or design must show how you are securing data and systems.
You’ll have to explain how you’re doing this as part of the spend control process.
Build security in from the start of your project or programme
Include security at the start of the project. Have your team involved in making each element secure instead of your security experts adding technical countermeasures to a finished product.
Training users and having clear processes are important for security, as is doing realistic threat assessments and taking a balanced approach to managing risk.
Plan how to deny, and quickly recover from, malicious access. Make sure you have processes in place to record information about any attacks and use this data to improve defences.
How to secure your technology
Choose the appropriate level of security for your technology project or programme. Consider the risks and have processes in place to mitigate against them and improve time to recovery.
You can protect your data and infrastructure by:
- following the principles set out in the Security policy framework and Security Classification Policy
- following the National Cyber Security Centre’s information risk management guidance
- designing and implementing the components of any system according to government best practice, including network principles and the security design principles for digital services
- increasing email security by following the guidance on securing government email, the email security standards and how to set up government email services securely
- determining the security requirements of cloud services using the Cloud Security Principles and accompanying guidance
You can find further information on the following security topics in the technology security guidance list:
- cloud security
- cyber security
- addressing cyber attacks and fraud
- securing data and consent
- digital service security
- email security
- Full list of related Technology Code of Practice guidance
- Security policy framework
- Network principles
- Security classification policy
- ‘OFFICIAL SENSITIVE’ data and IT
- Securing government email
- Security considerations when coding in the open
- NCSC risk management collection
- NCSC security design principles for digital services
- NCSC cloud security principles
- NCSC cloud security collection
- Managing the risk of cloud-enabled products
- NCSC NIS guidance collection