The Government Digital Service (GDS) has updated the security guidance within the Technology Code of Practice (TCoP) for the public sector.
It said it has pulled together basic security principles which everyone knows about but which are rarely recorded in one place.
This is part of an effort to make it easier for users to understand and help organisations to embed security in their projects from the beginning.
GDS technical writer Claire Ashworth and senior policy adviser Lewis Dunne said the previous guidance explained what organisations had to do but not how to do so – they had to read all of the policies and guidance relevant to their project.
They said the TCoP should provide an overview of technology security and signposts to more detailed guidance. The new version of the code, written with the National Cyber Security Centre and Government Security Group, gathers together basic security principles.
These cover assessing security and resources, using proportionate security for the technology – with details on networks and infrastructure, data, service, cloud and assurance – and continuous improvement planning.
There are also links to a series of related guides.
“We’ve positioned the TCoP security point to be useful in a broad range of situations,” Ashworth and Dunne said. “But we know we need to provide more guidance for more specific circumstances and for services.”
They added: “We want to look at how security works end-to-end. It’s our first attempt and we will continue to iterate and improve it based on user feedback.”
Image from iStock