ISN 2023/10 is a massive change for Defence partners

Industry Secure Notice 2023/10 withdraws accreditation for industry owned systems processing MOD data. This is a massive change for suppliers to MOD as it means that industry itself needs to satisfy itself that a system is secure, using Secure By Design principles. Why is it such a big change?  Because previously MOD provided a free service via accreditation, effectively taking on the risk for the suppliers in case they were breached. Now this risk sits with the management board of the supplier. This shift in risk profile implies big changes in board responsibilities and behaviours.