Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  5. Download a Secure by Design preparation checklist

Author: Central Digital and Data Office (CDDO), Cabinet Office

Download a Secure by Design preparation checklist

This template is designed to help public sector organisations assess whether they are currently meeting the Secure by Design policy requirements.

It should be completed by those responsible for driving the adoption of Secure by Design across your organisation. Outcomes of the assessment should be discussed with accountable senior leaders, such as your Chief Digital and Information Officer (CDIO), to secure their backing for making any necessary improvements.

Select your preferred format

The template can be adjusted to meet the needs of your organisation.

Google Sheets

Click the ‘Use Template’ button to create a copy

Microsoft Excel

This will download a file to your device

The Secure by Design preparation checklist template is currently in alpha. Your feedback will help us to improve it.

How to use the Secure by Design preparation checklist

Before using this checklist you should read the Secure by Design approach so you can understand the policy, principles and recommended activities for implementation.

The template includes separate sheets where you can assess your organisation’s current status related to the required and recommended elements of Secure by Design:

  • Principles Checklist – assess current practices against the Secure By Design policy, mapped to the core principles and their underlying requirements
  • Activities Checklist – review whether the organisation is currently applying the best practice Secure By Design activities
  • Implementation Checklist – log which milestones have been met during the preparation and transition phases

Each sheet includes an ‘Assessment Status’ where you can indicate the current status ranging from ‘Not Started’ to ‘Assessed – Met’. The ‘Progress Dashboard’ tab allows you to view the current status of all items across each checklist.

For items that have been assessed, there is an option to add a ‘Maturity Level’ where you can rate the current working practices or capabilities:

  1. Initial – unstructured and undocumented with limited formal processes
  2. Managed – planned and documented to allow a consistent approach
  3. Defined – described in standards, procedures and tools so they are well understood
  4. Measured – monitored and controlled using quantitative statistics and other analytics techniques
  5. Optimising – continuously improved based on data and feedback

Include any evidence of meeting criteria or additional information related to identified gaps within the columns provided.

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now