The Security Development Lifecycle Tool delivers 'security by design'

Logo associated with undefined

Catalyst and the Transport Agency innovate to build the SDLT – simplifying security assurance.

search forConsultingsearch forGovernmentsearch forSecuritysearch forSilverstripe CMS

Background

Waka Kotahi, the NZ Transport Agency, is New Zealand's Crown entity responsible for promoting safe and functional transport by land, including the responsibility for driver and vehicle licensing, and administering the New Zealand state highway network.

Challenge

Waka Kotahi came to Catalyst looking for a solution that would automate essential aspects of their security assurance process and embed security requirements earlier into the product development lifecycle. They wanted a tool that delivered 'security by design' across the agency's technology teams.

Solution 

By digitising and automating the previously document-based workflows, the Security Development Lifecycle Tool (SDLT) enables Waka Kotahi to simplify the security assurance process, reduce spend on unnecessary third-party assessments, and cut the product approval and delivery process from weeks to days.

Through a simple form-based interface, SDLT uses a series of questions to determine the complexity of the end product and will generate additional questionnaires such as Privacy Impact Assessments, or cloud risk assessments – commonly known as the GCIO 105 – to help teams digitally assess and record their security requirements.

The SDLT integrates with workflow management systems such as Jira, provides an audit trail that ensures security assurance has been built into the project delivery from the start and is based on the Government Chief Digital Officer (GCDO) and the New Zealand Information Security Manual standards as used by Waka Kotahi. 

The four fundamental functions of Waka Kotahi’s SDLT are:

  1. Proof of Concept or Software Trial software
  2. Software-as-a-Service Adoption
  3. Solution or Initial Software Release
  4. Software Feature Release or Bug-fixes

Digital Security Risk Assessment

The SDLT also enables organisations to implement an innovative Digital Security Risk Assessment (SRA) process: questionnaires and task features are available to produce a complete risk assessment table. The SRA enables users to easily submit a Risk Questionnaire to assess and configure risks against digital component controls – these can all be customised and managed.

Waka Kotahi open sourced the project as the tool handles information gathering, task creation, workflow management, and business approvals – meeting the needs of a large variety of agencies. Open sourcing this tool means that there is unlimited potential for organisations to save thousands of dollars and work hours.

Catalyst and Waka Kotahi continue to innovate together, discussing new updates and features and we look forward to seeing this tool grow. 

screenshot of sdlt website

KEY FEATURE

Questions to determine complexity

SDLT uses a series of questions to determine the complexity of the end product and will generate additional questionnaires such as Privacy Impact Assessments, or cloud risk assessments to help teams digitally assess and record their security requirements.

Gitlab repository for SDLT and Waka Kotahi

KEY FEATURE

The Transport Agency open sourced the project

This tool handles information gathering, task creation, workflow management, and business approvals, meeting the needs of a large variety of agencies. Open sourcing this tool means that there is unlimited potential for organisations to save time & money.

Related Projects

Image of people in the city

New branding and Catalyst Starter Site build for IGIS

New branding and Catalyst Starter Site build for IGIS
DIA financial help tool on mobile

Financial Help Tool to support all Kiwis

Financial Help Tool to support all Kiwis
Zoomed in view of image on Te Haeata website

Te Haeata makes Treaty settlement commitments more visible & accessible

Te Haeata makes Treaty settlement commitments more visible & accessible