Security Development Lifecycle Tool

Catalyst and the Transport Agency innovate to build the SDLT - simplifying security assurance.

NZTA logo




The NZ Transport Agency is New Zealand's Crown entity responsible for promoting safe and functional transport by land, including the responsibility for driver and vehicle licensing, and administering the New Zealand state highway network.


The Transport Agency came to Catalyst looking for a solution that would automate essential aspects of their security assurance process and embed security requirements earlier into the product development lifecycle. The Transport Agency wanted a tool that delivered 'security by design' across the agency's technology teams.



By digitising and automating the previously document-based workflows, the Security Development Lifecycle Tool (SDLT) enables the Transport Agency to simplify the security assurance process, reduce spend on unnecessary third-party assessments, and cut the product approval and delivery process from weeks to days.


Through a simple form-based interface, SDLT uses a series of questions to determine the complexity of the end product and will generate additional questionnaires such as Privacy Impact Assessments, or cloud risk assessments – commonly known as the GCIO 105 – to help teams digitally assess and record their security requirements.


The SDLT integrates with workflow management systems such as Jira and provides an audit trail that ensures security assurance has been built into the project delivery from the start and is based on the Government Chief Digital Officer (GCDO) and the New Zealand Information Security Manual standards as used by the Transport Agency. 


The four fundamental functions of the Transport Agency’s SDLT are:


  1. Proof of Concept or Software Trial software

  2. Software-as-a-Service Adoption

  3. Solution or Initial Software Release

  4. Software Feature Release or Bug-fixes


Digital Security Risk Assessment

The SDLT also enables organisations to implement an innovative Digital Security Risk Assessment (SRA) process; questionnaires and task features are available to produce a complete risk assessment table. The SRA enables users to easily submit a Risk Questionnaire to assess and configure risks against digital component controls – these can all be customised and managed.


The Transport Agency open sourced the project as the tool handles information gathering, task creation, workflow management, and business approvals – meeting the needs of a large variety of agencies. Open sourcing this tool means that there is unlimited potential for organisations to save thousands of dollars and work hours.


Catalyst and the Transport Agency continue to innovate together, discussing new updates and features and we look forward to seeing this tool grow. 

Catalyst can install, host and support SDLT for your organisation. If you'd like a demonstration and a discussion about Catalyst's support services, get in touch or learn more about SDLT.