Security Development Lifecycle Tool

Level up your Security Maturity with Assurance Workflows as a Service.

Originally developed by Catalyst for the New Zealand Transport Agency, SDLT is an innovative tool that automates essential aspects of the security assurance process and embeds security requirements earlier into the product development lifecycle.

The framework aligns with common government security classifications and risk assessment practices to deliver "security by design" across your product and technology teams.

Through a simple form-based interface, SDLT uses a series of questions to determine the complexity of the end product and will generate additional questionnaires such as Privacy Impact Assessments, or Cloud Risk Assessments - commonly known as the GCIO 105 - to help your teams digitally assess and record their security requirements.



Speed up product delivery

Eliminate spreadsheets and connect your teams, suppliers and governance.


Privacy and Risk Assessments

Automate your assurance policies in a sharable, auditable service.

Workflow Management Integration

Connect to Jira to ensure your project development is joined up and seamless.


Fully Auditable

Complete transparency and a single view of your assurance lifecycle.


Innovate with the SDLT

  • SDLT integrates with workflow management systems such as Jira and provides an audit trail that ensures security assurance has been built into the project delivery from the start. It can be used as part of the process to deliver or procure proof-of-concept products, Security as a Service (SaaS) applications, and scope feature revisions or bug fixes.
  • By digitising and automating previously document-based workflows, the SDLT enables the simplification of security assurance processes, reduces spend on unnecessary third-party assessments, and cuts the product approval and delivery process from weeks to days.
  • The highly configurable digital platform effectively provides a single point of presence to right-size security assurance across organisations from start to finish. This ensures that all product deliveries are assessed using the same criteria from the start.
  • SDLT handles information gathering, task creation, workflow-management, and business approvals and should meet with the needs of a variety of businesses that require a highly responsive security assurance process.
  • The Catalyst SDLT can be installed, hosted and supported for a flat monthly fee. No license costs, no user limits or limits on the number of questionnaires you can host. The standard package includes business hours support, regular backups, security patching and minor upgrades. Training and development are also available upon request.


NZTA chose to open source this tool, so other government agencies can similarly reduce their compliance overheads and allow them to focus on their core delivery. As the product is open source, any investments in functionality will automatically be available to all participants. Catalyst can install, host and support SDLT for your organisation.

Get in touch with Catalyst today to see the SDLT in action and learn how it can assist your business improve your security maturity and transform your assurance processes.