Embedding ‘Secure by Design’ within a Trading Fund Government Department

Case Study

Background

In support of the UK government’s evolving cybersecurity strategy, the Trading Fund Government Department has initiated the implementation of a critical cultural and operational shift: the adoption of the Secure by Design framework. This effort aligns with wider mandates from the Government Digital Service (GDS), requiring all new digital projects to embed security principles at every stage of their lifecycle.

To support the rollout of this mandated transformation, Certes IT Service Solutions deployed their Delivery Manager and Portfolio Management Service, to work alongside the department as part of a dedicated delivery team. With prior experience in structured operational environments, they joined a small embedded team to help guide the organisation through a complex organisational shift.

Objective

The primary goal was to integrate Secure by Design principles across all new digital projects within the department, ensuring alignment with GDS requirements. The team’s role was to not only raise awareness across departments but also to communicate the practical implications of the shift and support operational readiness.

Approach

The team focused on internal engagement, communication, and enabling adoption across the organisation. While the Secure by Design framework itself originated from GDS, the department was responsible for applying it to its internal processes and procurement activities.

The team of four engaged key stakeholders across the organisation. Their responsibilities included:

Delivering regular workshops and working groups with departments
Publishing internal communications and updates through digital channels
Supporting business units through the early implementation phase
Gathering lessons learned from pilot projects and ongoing use

Outcome

Operational Readiness Achieved: All new digital initiatives launched after May 2025 are now aligned with Secure by Design standards, meeting GDS compliance requirements and fostering a culture of proactive security.

Widespread Organisational Engagement: Over a dozen departments participated in workshops and working groups, leading to a demonstrable uplift in awareness and understanding of Secure by Design principles across the department.

Smooth Transition and Early Wins: The initial three-month support period enabled real-time feedback loops, resolution of early adoption issues, and refinement of internal processes, setting the foundation for long-term sustainability.

Knowledge Transfer and Capability Building: The embedded delivery team’s structured approach helped upskill internal staff, reduce reliance on external support, and ensure Secure by Design becomes a permanent part of the organisation’s project delivery ethos.

Scalable Implementation Model: Lessons learned from the pilot phase were documented and shared internally, providing a blueprint for future projects and enabling scalable application across broader government services.

By using Certes to embed Secure by Design as a foundational approach, the trading fund governmental department has not only met its strategic cybersecurity obligations but has also positioned itself as a forward-thinking leader in secure digital transformation within the UK government.

Who We Work With

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others

Who We Work With

Working in Partnership with Organisations and IT Professionals to Help You Deliver Your Goals

Case Study

Objective

Approach

Outcome

Who We Work With

Working in Partnership with Organisations and IT Professionals to Help You Deliver
Your Goals