Skip to content

Identity & Security Principles

Security as an enabler

Security should be viewed not as a barrier but a fundamental element that supports and enhances business objectives, innovation, and operation efficiency. Robust security measures will enable agility and trust.

Minimum effective toolset

Use the smallest number of tools and solutions necessary to achieve security objective effectively.

Secure supply chain

Ensure the supply chain is secured by ensuring the security, integrity and reliability of all parties responsible for delivery of services or products. This will involve an assessment of security controls and standards of a supplier, and their incident response plans and capability.

Assume when not if

Instead of assuming a security breach might happen, DHCW must assume it will happen and plan accordingly. This will mean elevating response and recovery capabilities to the same status of detection and prevention.

Design for Isolation where possible

Systems, applications and processes should be compartmentalised where possible. Systems, applications and processes should be designed to isolate components and restrict their interaction unless explicitly required.

Zero Trust

No device, user or system should be automatically trusted whether inside or outside the network perimeter, and must be given the minimum access necessary to complete their tasks (least privilege). All interactions must be monitored and audited.

Defence in depth

Multiple layers of security controls and measures must be implemented to protect systems, infrastructure and data.

Secure by Design

Security must be incorporated into the design and development process of systems, infrastructure and applications from the start of the project, rather than considering security late in the design lifecycle.

Single source of truth

All users, applications and systems rely on a single, consistent, and authoritative source for authentication and user data.

Verify then Trust Emerging Technologies

New technology such as GenAI must be comprehensively evaluated and validated before use by DHCW, particularly for critical systems.

Simple as Possible

Minimise the complexity of the design, implementation and management of systems, applications and processes where possible. Use validated or previously used successful designs where possible.