MOD Secure by Design (SbD)

Building security into your capabilities right from the start.

Contact Us

Secure by Design (SbD) Overview

For many years the methodology used by the MOD to manage the risk to systems, applications and information was the accreditation process. In most cases this was reviewed between 3-5 years and included an RMADS for meeting established standards for security and risk management.

Since August 2023, all Defence capabilities, technology infrastructure, and digital services must follow the Secure by Design (SbD) approach. This shift is not just procedural—it represents a cultural change, embedding security from the very start of a capability, across delivery, security, and commercial teams.

The 7 SbD principles are mandatory for new MOD systems and for those being renewed under the old RMADS process. By adopting SbD, the MOD significantly improves assurance, strengthens risk management, and delivers secure and resilient Defence outcomes.

 

 

How Can We Help

We specialise in providing Secure by Design (SbD) services to the MOD suppliers for the continual assurance of MOD programmes, projects and capabilities following MOD policy and guidance, NCSC standards/guidance, Data Protection Act and GDPR using NIST CSF, NIST SP-800-53, and JSP440.

We have been providing continual risk management to the MOD and its supply chain for over 20 years across all Defence sectors. Consider us your expert SbD partners, whether you need support on a new or existing project, we can help.

With our vast expertise in assuring MOD systems, we can support you with;

  • Risk Assessment, Risk Treatment, Security Management Plan (SMP), Security Case
  • Transition from legacy MOD accreditation to MOD SbD
  • Continual assurance using SbD, providing through-life management
  • Supporting completion of MOD SbD risk management self-assessment question sets following the 7 Security Principles
  • Liaison with Delivery Team Security Leads (DTSLs)/Security Assurance Coordinators (SACs)
  • Cyber Security Policy & Standards Advice, Guidance, Development.
  • Audits and Reviews using JSP440, NIST, ISO27001/2
  • Provision of segregated, transparent assurance oversight
  • Assessment of supply chain risks
  • Bid writing to meet MoD SbD requirements
  • Outsourced SRO – Senior Responsible Owner
  • Services delivered by vetted Suitably Qualified and Experienced Persons (SQEP) up to DV cleared

Talk to us about MoD Secure By Design

Contact Us

Find Us

MakeUK Defence

JOSCAR

Cyber Security Services 3 (CCS3)

GCloud

Digital Outcomes and Specialists Framework

Video Content

MOD SECURE BY DESIGN (SBD) | CONTINUOUS RISK ASSURANCE FOR SYSTEMS AND APPLICATIONS | CASE STUDY

Published on November 15, 2024

Discover more about MOD Secure by Design (SbD) with our client case study.

From our Blog

PODCAST | The Multifaceted Risks and Implications of Obsolescence | Part 1

Obsolescence is more than just outdated tech—it’s a critical risk affecting industries worldwide. From aerospace and defence to rail and government, this podcast dives into the challenges of aging systems, counterfeit threats, and global supply chain disruptions. Join industry experts as we explore how professionals at every level—engineers, managers, and security specialists—can tackle obsolescence, mitigate […]

Other Defence Services

Find out more

© 2025 Advent IM Limited.