This standard ensures teams understand the threat models relevant to their domain-so they can design systems that mitigate real-world risks, not just theoretical ones. It strengthens proactive security thinking at every layer of development.
Aligned to our "Secure by Design" policy, this standard builds risk awareness and reduces vulnerabilities before they reach production. Without it, teams may unknowingly expose systems to avoidable threats and compromise trust.
Level 1 – Initial: Threat modelling is informal or non-existent. Security risks are reactive, identified only after incidents or audits.
Level 2 – Managed: Some teams conduct threat modelling during development, but it's ad hoc and not consistently applied across systems or phases of delivery.
Level 3 – Defined: Threat modelling is a documented and repeatable practice. Teams are trained on relevant threats in their domain and apply structured techniques (e.g., STRIDE, DREAD) during design.
Level 4 – Quantitatively Managed: Threat models are reviewed regularly and aligned to architectural artefacts. Coverage is tracked, and data informs mitigation planning and security posture improvement.
Level 5 – Optimising: Threat modelling is continuously improved through feedback loops, retrospectives, and incident learnings. Security considerations are embedded early, reducing vulnerabilities and raising trust across the engineering lifecycle.