Creating a security plan
The security plan takes the high-level goals and principles of the security strategy and outlines how to achieve them.
It acts as a practical guide for implementing, maintaining and managing security controls throughout the lifecycle.
A good security plan should cover topics including (but not limited to):
A security plan provides the detailed procedures to make sure your strategic objectives are delivered and maintained throughout the capability's lifecycle.
When defining roles and responsibilities, refer to guidance on Suitably Qualified and Experienced Person requirements.
It acts as a practical guide for implementing, maintaining and managing security controls throughout the lifecycle.
A good security plan should cover topics including (but not limited to):
- a mission statement
- key stakeholders
- security tasks and approach
- roles and responsibilities
- high-level risk summary
- risk management framework
A security plan provides the detailed procedures to make sure your strategic objectives are delivered and maintained throughout the capability's lifecycle.
When defining roles and responsibilities, refer to guidance on Suitably Qualified and Experienced Person requirements.
Benefits
The benefits of a security plan include:
- security is designed into the capability from the start and not as an afterthought
- resourcing the right people at the right time, from early consideration of roles and responsibilities
- reduction in risks and costly rework
- enhanced Senior Responsible Owner (SRO), or suitable equivalent, confidence in capability security
- increased chance of gaining investment approvals
Outcomes
Your security plan, which could be in the form of a Security Management Plan (SMP).
Responsibility
Who is responsible for your security plan:
- capability sponsor
- Senior Responsible Owner (SRO) or suitable equivalent
- delivery team security lead
- commercial officers