5 Make it secure

Identify the data and information the service will use or create. Put appropriate legal, privacy and security measures in place.

Why it’s in the Standard

People who use government services must have confidence that:

If a service cannot guarantee confidentiality, integrity and availability of the system, people will not use it.

How you’ll be assessed

During Alpha you’ll have an understanding of the users, data and threats that affect your service. You will have established an appropriate approach to integrate relevant security and privacy measures into your design with minimal user impact.

You should:

To support the work in Alpha you should:

During the Beta stage you’ll develop a secure system that integrates seamlessly into the proposed solution. It will have appropriate security controls embedded within it to mitigate all identified threats. You should:

As you go live you should be able to show that you have created a robust secure solution that meets all security, legislative and legal requirements. It should:

Further reading

Last updated: 6 May 2016