Plan the through-life approach
Senior Responsible Owners (SROs), or suitable equivalent, are accountable for a through-life approach to security using Defence Lines of Development (DLoD).
This includes the in-service period and during disposal, decommissioning, or termination of service.
Every DLoD (all 8, collectively known as TEPIDOIL - training, equipment, people, infrastructure, doctrine, organisation, information and logistics) must be considered and integrated effectively across the capability.
Different capabilities will have different through-life security needs across the DLoD. It is important these needs are understood and clearly documented and planned for.
Capabilities should avoid describing security as a separate DLoD, as this has the effect of security activity taking place in silos.
Capabilities should work with supportability teams to meet availability requirements.
This could involve:
In-service costs, such as security, can be high. Delivery teams must plan and allow for these costs during the design phase, together with trying to make the capability easy to use, easy to maintain, and easy to upgrade.
This includes the in-service period and during disposal, decommissioning, or termination of service.
Every DLoD (all 8, collectively known as TEPIDOIL - training, equipment, people, infrastructure, doctrine, organisation, information and logistics) must be considered and integrated effectively across the capability.
Different capabilities will have different through-life security needs across the DLoD. It is important these needs are understood and clearly documented and planned for.
Capabilities should avoid describing security as a separate DLoD, as this has the effect of security activity taking place in silos.
Capabilities should work with supportability teams to meet availability requirements.
This could involve:
- understanding security training needs for end users and maintainers
- knowing the supporting infrastructure and how its security posture will be maintained
- planning for software updates and upgrades
- managing end-of-life software and obsolescence
- integrating with business continuity plans and incident response processes
In-service costs, such as security, can be high. Delivery teams must plan and allow for these costs during the design phase, together with trying to make the capability easy to use, easy to maintain, and easy to upgrade.
Benefits
Identification and management of capability risks and costs through-life.
Outcomes
A through-life management plan gives an understanding of this support for a capability.
Responsibility
Who is responsible:
- delivery team lead
- project management office (PMO)
- delivery team security lead
- capability sponsor
When to plan the through-life approach
At all stages of the capability lifecycle.