Guidance

Digital Services: Operating a secure digital service

Created:  25 Sep 2016
Updated:  25 Sep 2016
Operate your service well by continually improving and testing it, patching or mitigating security issues in components and by monitoring for attacks, or unusual behaviour.

To remain secure a digital service needs to be well operated and maintained. If it doesn't evolve in response to the latest threats it will become more vulnerable and easier to compromise as time goes on. There are two crucial aspects to this, vulnerability management and monitoring.

Vulnerability management and patching

It's vital to keep components within the service up-to-date, and to apply the latest security patches as soon as they become available. Our guidance on vulnerability management can help you understand the importance of this, and how to prioritise applying patches.

Security operations and monitoring

You should operate your service on the assumption that it will be attacked. You need to be monitoring the service for attempts to compromise it, and be able to manage security incidents as they occur. Please see our advice on security operations and monitoring and incident response.

Was this guidance helpful?

We need your feedback to improve this content.

Yes No