Secure by Design (SbD)
Continuous risk assurance for systems and applications
For many years the methodology used by the UK Government to manage the risk to systems, applications and information was the accreditation process.
The new Secure by Design (SbD) process was formally launched in 2023 to evolve the risk management process into one of continuous risk assurance, for systems / applications from inception through their natural lifecycle. The SbD approach is not an assurance process, however one of the principles included is to implement continuous security assurance processes.
For example, within the MoD any new system or information-based capability now must be assured using the SbD process. There are transition arrangements for any currently accredited capabilities to adopt the MoD SbD.