Choosing secure and verifiable technologies

With an ever-growing number of cyber threats putting users’ privacy and data at risk, organisations must consistently choose secure and verifiable technologies. Customers are responsible for evaluating the suitability, security, and risks of acquiring and operating a digital product or service. 

However, customers should expect manufacturers to provide products and services that are secure by design and secure by default. This helps customers build resilience, reduce risk, and lower the costs associated with patching and incident response. 

When an organisation decides to procure a digital product or service, it must consider whether it is secure, and whether that security will be maintained throughout its lifecycle. 

Secure by design is a proactive, security-focused approach taken by software manufacturers during the development of digital products and services. It involves purposefully aligning cyber security goals across all levels of the organisation.

The NCSC encourages organisations that procure or use digital products and services, as well as manufacturers, to read this guidance and understand the responsibilities and actions necessary to support its implementation.