DSIT’s Cyber Security Codes of Practice: Modular approach

Published

6/5/2025

The Department for Science, Innovation and Technology (DSIT) has developed five codes of practice to set clear expectations for cyber security.

The Department for Science, Innovation and Technology (DSIT) has developed five codes of practice to set clear expectations for cyber security. These voluntary codes of practices are designed to inform large organisations and small to medium-sized enterprises (SME’s) of the recommended baseline security practices to prevent and handle cyberattacks.

By setting out these voluntary standards, organisations will have access to greater knowledge of current cyber threats with actionable advice and steps towards protecting themselves and their customers from the constantly evolving cyber threat landscape. The Codes of Practice are also intended to help relevant entities understand the standards they should expect from their technology suppliers and to enable them to hold those suppliers accountable.

The five Cyber Security Codes of Practice:

DSIT has also included a diagram of how the code fit together - the modular approach diagram.

The modular approach

To support the adoption of the Codes of Practice, DSIT has proposed a modular approach that clearly outlines the relevance of both current and future codes for all stakeholders. This information will enable companies to identify which codes are applicable to them, understand how the various codes interrelate, and recognise where principles may overlap across different codes. The modular approach will facilitate a faster and smoother adoption of the voluntary codes building cyber resilience across a larger network of key stakeholders.

All enterprises with online/digital services are advice to implement the Cyber Governance Code of Practice as a minimum and become Cyber Essentials certified.

FOR MORE INFORMATION