Secure by Design (SbD) Overview
For many years the methodology used by the MOD to manage the risk to systems, applications and information was the accreditation process. This was often an annual process and included the production of an RMADS for meeting established standards for security and risk management.
This has now been replaced with a continual assessment process to support systems and applications through life. The change has been necessary to significantly improve the overall level of assurance and risk management applied to MOD systems and is crucial for achieving secure and resilient Defence Outcomes. The new process is called Secure by Design (SbD) and the 7 principles it advocates are mandatory for new MOD systems and those coming up for renewal under the old system.
How Can We Help
We specialise in providing Secure by Design (SbD) services to the MOD for the continual assurance of MOD programmes, projects and capabilities following MOD policy and guidance, NCSC standards/guidance, Data Protection Act and GDPR using NIST CSF, NIST SP-800-53, JSP440 and JSP604.
We have been providing continual risk management to the MOD and its supply chain for over 20 years across all Defence sectors. Consider us your expert SbD partners, whether you need support on a new or existing project, we can help.
With our vast expertise in assuring MOD systems, we can support you with;
- Risk Assessment, Risk Treatment, Security Management Plan (SMP), Security Case
- Transition from legacy MOD accreditation to MOD SbD
- Continual assurance using SbD, providing through-life management
- Supporting completion of MOD SbD risk management self-assessment question sets following the 7 Security Principles
- Liaison with Delivery Team Security Leads (DTSLs)/Security Assurance Coordinators (SACs)
- Cyber Security Policy & Standards Advice, Guidance, Development.
- Audits and Reviews using JSP440, NIST, ISO27001/2
- Provision of segregated, transparent Assurance/Accreditor oversight
- Assessment of supply chain risks
- Services delivered by vetted Suitably Qualified and Experienced Persons (SQEP) up to DV cleared