Code of Practice for Cyber Security in the Built Environment, 2nd Edition

This Code of Practice explains why and how cyber security should be considered throughout a building’s lifecycle and explains current best practice, focusing on building-related systems and all inter-connections to the wider cyber environment.  It provides clear practical guidance on the key aspects of cyber security relating to specific jobs and responsibilities in maintaining the security of a building.

Contents include:

  • An introduction and overview of the area
  • The five top-level security principles that should be applied to the application of digital technologies in the built environment
  • Security over a built assets’ lifecycle
  • Managing technical aspects
  • Managing process and procedure aspects
  • Managing people aspects
  • Applying the code of practice.

The new edition, supported and sponsored by the NCSC has involved considerable restructuring of the work which will be of value to a wide range of job functions connected to the design, management, operation and security of any building related systems.

This page is open to the public subject to the following terms:

  • You may download the document for your own use in reviewing content as part of the DPC process.
  • No further electronic copying is allowed without written permission.
  • You are permitted to pass on the web link to the registration page for other people to register with and review documents.
  • You are not permitted to create a direct link to any of the DPC documents.
  • You are requested to return any comments using the DPC comment form provided.
  • The form should be sent electronically to

Deadline for comments: Friday, 12 March 2021

Download the comments form: