Information

You appear to be using an unsupported browser, and it may not be able to display this site properly. You may wish to upgrade your browser.

8. Create a secure service which protects users’ privacy

Government services often hold personal and sensitive information about users. Government has a legal duty to protect this information. Failing to do so would undermine public trust in government services.

How you do it

  • Approach risk in a proportionate way
    Identify security and privacy threats to the service and have a robust, proportionate approach to managing fraud and security risks
  • Work with business and information risk teams
    Take advice from senior information risk owners (SIROs), information asset owners (IAOs) and data guardians to make sure the service meets security requirements and regulations without putting delivery at risk
  • Make security sustainable
    Plan and budget to manage security during the life of the service, for example by responding to new threats, putting controls in place and applying security patches to software
  • Protect users’ personal information
    Collect and process users’ personal information in a way that’s secure and respects their privacy
  • Test your systems
    Carry out appropriate vulnerability and penetration testing

Links to detailed guidance:

Digital Scotland Service Standard

1. Understand users and their needs

2. Solve a whole problem for users

3. Design and deliver a joined up experience

4. Help users succeed first time

5. Make sure everyone can use the service

6. Have a multidisciplinary team

7. Iterate and improve frequently

8. Create a secure service which protects users’ privacy

9. Define what success looks like and publish performance data

10. Choose the right tools and technology 

11. Make new source code open

12. Use and contribute to shared digital practices, processes, components, standards, patterns and platforms

13. Operate a reliable service

14. Ensure sponsor acceptance

 

 

Back to top