The GDS Way and its content is intended for internal use by the GDS community.

Understand the risks to your service

When you build, maintain or change your service, you must have a clear understanding of any associated risks because they will impact your service design and affect your users.

You should work with GDS Information Security IA to design appropriate solutions for your service’s risks. IA may need to obtain risk acceptance from your Senior Risk Owner (SRO). You can also work with the COD Cyber Security Team to get advice on the threats applicable to your service, and how to best mitigate them.

The Service Manual has some recommendations which can reduce risk to your service, for example, how to:

• protect against fraud when you design and manage your service
• secure your information if you handle ‘official’ classified data

The government security hub security.gov.uk provides links to the policies and standards that we have to follow.

Model security threats

Modelling threats can help you gain a clearer understanding of threats against your service, see threat modelling.

Further Reading

The National Cyber Security Centre (NCSC) provides guidance about cyber security. The Service Manual has advice about securing your information and securing your cloud environment.

This page was last reviewed on 3 October 2024. It needs to be reviewed again on 3 April 2025 by the page owner #gds-way .