Secure by Design

Commitment to Proactive Security and Risk Reduction
Security is not an afterthought - it is a fundamental requirement of how we build and operate software. We believe that security should be baked into every stage of the engineering process, ensuring that our systems, applications, and services are resilient, trustworthy, and protected by design.
By embracing a "Secure by Design" philosophy, we proactively identify, prevent, and mitigate security risks - delivering software that is both fast and safe, without compromising innovation or agility.

What This Means
Security must be an integral part of the software development lifecycle (SDLC), not a last-minute checkpoint. Engineering teams must take ownership of security from the outset, embedding secure coding practices, automation, and proactive risk management into their workflows.

Our commitment to Secure by Design is built on:

  • Threat Modelling & Risk Awareness – We proactively assess risks before writing a single line of code, ensuring that security threats are understood and mitigated early.
  • Secure Coding & Engineering Practices – We follow industry-leading secure coding standards to prevent vulnerabilities and protect against attacks.
  • Automated Security Testing & Continuous Scanning – We integrate static analysis, dynamic testing, and dependency scanning into our CI/CD pipelines to catch security issues early.
  • Least Privilege & Secure Access Controls – We design systems with strict access controls, least-privilege principles, and role-based security to minimise attack surfaces.
  • Security as Code & Embedded Compliance – We ensure security policies and compliance requirements are codified, automated, and enforced at scale.

Why This Matters
Security breaches erode trust, disrupt operations, and create financial and reputational damage. By embedding security from the start, we:
Reduce the risk of vulnerabilities, data breaches, and compliance failures.
Accelerate delivery by addressing security early, rather than fixing issues later.
Increase customer confidence by ensuring our products and services are resilient and trustworthy.
Enable teams to move fast while maintaining a strong security posture.

Our Expectation
All engineering teams must embrace Secure by Design principles, integrating proactive security measures into every stage of development. Leaders must create a security-first culture, ensuring that security is everyone’s responsibility, not just an isolated function.

To support this policy, security frameworks, automated tools, and best practices will be embedded into our engineering processes, ensuring that security is consistent, scalable, and frictionless. By making security an intrinsic part of how we build and operate software, we create a safer, more resilient organisation - delivering Better Value Sooner Safer Happier.

This policy establishes security as a foundational engineering practice, ensuring that teams design, develop, and deploy with security in mind from day one.