We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

MOD Secure by Design (SbD)

Continual risk assurance for systems and applications

Contact Us

Secure by Design (SbD) Overview

For many years the methodology used by the MOD to manage the risk to systems, applications and information was the accreditation process. This was often an annual process and included the production of an RMADS for meeting established standards for security and risk management.

Since July 2023, all capabilities, technology infrastructure and digital services in Defence need to follow the Secure by Design approach.  The change has been necessary to significantly improve the overall level of assurance and risk management applied to MOD systems and is crucial for achieving secure and resilient Defence Outcomes. The new process is called Secure by Design (SbD) and the 7 principles it advocates are mandatory for new MOD systems and those coming up for renewal under the old system.

 

 

How Can We Help

We specialise in providing Secure by Design (SbD) services to the MOD for the continual assurance of MOD programmes, projects and capabilities following MOD policy and guidance, NCSC standards/guidance, Data Protection Act and GDPR using NIST CSF, NIST SP-800-53, JSP440 and JSP604.

We have been providing continual risk management to the MOD and its supply chain for over 20 years across all Defence sectors. Consider us your expert SbD partners, whether you need support on a new or existing project, we can help.

With our vast expertise in assuring MOD systems, we can support you with;

  • Risk Assessment, Risk Treatment, Security Management Plan (SMP), Security Case
  • Transition from legacy MOD accreditation to MOD SbD
  • Continual assurance using SbD, providing through-life management
  • Supporting completion of MOD SbD risk management self-assessment question sets following the 7 Security Principles
  • Liaison with Delivery Team Security Leads (DTSLs)/Security Assurance Coordinators (SACs)
  • Cyber Security Policy & Standards Advice, Guidance, Development.
  • Audits and Reviews using JSP440, NIST, ISO27001/2
  • Provision of segregated, transparent Assurance/Accreditor oversight
  • Assessment of supply chain risks
  • Bid writing to meet MoD SbD requirements
  • Outsourced SRO – Senior Responsible Owner
  • Services delivered by vetted Suitably Qualified and Experienced Persons (SQEP) up to DV cleared

From our Blog

D3IP | Secure by Design Webinar | REGISTER NOW

Join Isabel Forkin, Managing Consultant at BSI Digital Trust Consulting, as she teams up with D3IP and Advent IM for a practical session on meeting MOD Secure by Design requirements. 🗓 Wednesday 14 May 2025 🕛 12:00pm 🔗 Register here: https://lnkd.in/eYz6BHU8 This expert-led webinar will explore how suppliers can meet Secure by Design expectations through […]

Talk to us about MoD Secure By Design

Contact Us

Downloads

MoD Secure by Design (SbD) Service Outline

Find out more

Find Us

MakeUK Defence

JOSCAR

Cyber Security Services 3 (CCS3)

GCloud

Digital Outcomes and Specialists Framework

Video Content

MOD SECURE BY DESIGN (SBD) | CONTINUOUS RISK ASSURANCE FOR SYSTEMS AND APPLICATIONS | CASE STUDY

Published on November 15, 2024

Discover more about MOD Secure by Design (SbD) with our client case study.

From our Blog

PODCAST | The Multifaceted Risks and Implications of Obsolescence | Part 1

Obsolescence is more than just outdated tech—it’s a critical risk affecting industries worldwide. From aerospace and defence to rail and government, this podcast dives into the challenges of aging systems, counterfeit threats, and global supply chain disruptions. Join industry experts as we explore how professionals at every level—engineers, managers, and security specialists—can tackle obsolescence, mitigate […]

Other Defence Services

Find out more

© 2025 Advent IM Limited.