Gaeilge Español

Security

Ensuring that digital products, platforms, services, and infrastructure are protected from unauthorised access, tampering, and failure – safeguarding the integrity, availability, and resilience of systems and the data they hold

Security means ensuring that public-serving digital systems remain trustworthy, resilient, and protected against unauthorised access, tampering, disruption, or loss.

We believe a person should be able to rely on the integrity and availability of the services they use, and trust that the information held by those services has not been altered, exposed, destroyed, or misused without authorisation.

For a public-serving entity, Security means protecting systems, records, and data through appropriate technical, operational, and organisational safeguards. It means controlling access to sensitive systems, securing communications and stored information, monitoring for intrusion or misuse, and maintaining clear procedures for responding to incidents, failures, or breaches.

It means designing systems that can recover from disruption without loss of integrity or continuity, maintaining secure backups and audit trails, and ensuring that important public records remain authentic, accessible, and protected over time. It means assigning clear responsibility for security oversight and reviewing protections regularly as systems, threats, and technologies change.

Example requirements (illustrative)

These example requirements are grounded in established international standards, regulations, and laws, which are listed in full in the section below.

  • Organisations maintain documented security policies covering access control, incident response, continuity, and recovery.

  • Access to sensitive systems and data is restricted to authorised individuals with appropriate authentication controls.

  • Encrypted connections are used for all public-facing services and administrative access.

  • Interoperability between systems is secured through documented authentication, authorisation, encryption, and audit mechanisms.

  • Security vulnerabilities and incidents are documented, assessed, and addressed within defined response timeframes.

  • Services are designed to remain operational and recoverable during technical failures, cyber incidents, or external disruption.

  • Digital records are stored and maintained in ways that preserve evidential integrity, authenticity, and chain of custody.

Standards, regulations, and laws informing this work

Organisations working in this area

Related standards: Responsibility to the Future Interoperability