Information security

The information security lifecycle describes the process to follow to mitigate risks to your information assets.


Click to see the lifecycle infographic

Click to see the lifecycle infographic

Understand what information and ICT systems you need to protect

To implement the right security measures, you need to understand what information you have and how valuable it is.

Assess the risks to your information security

To protect your organisation's information, you have to understand how it could be threatened.

Design fit-for-purpose information security measures

Based on the risks your organisation faces, you will need to design the appropriate information security measures your organisation needs to protect your information’s confidentiality, integrity and availability.

Implement your information security measures

During this phase of the information security lifecycle, you implement the agreed security and privacy measures including policies, processes, and technical security measures.

Validate your security measures

Validate your organisation’s information security measures to find out if they’ve been correctly implemented and are fit for purpose.

Operate and maintain to stay secure

Threats, vulnerabilities, and risks evolve over time as technology, business, and information demands change. Security measures must keep pace with this change to remain relevant and effective.

Review your security measures

Undertake regular reviews to ensure your security measures remain fit for purpose. Identify changes in how you use and organise your information, and any changes required by legislation.

Retire information securely

When your information and supporting ICT systems are no longer required, they need to be archived, destroyed, repurposed, or disposed of securely.