SECURE BY DESIGN · THE OUTPUT

A Security Architecture Document that writes itself.

The document security architects dread writing is the by-product here, not a separate task. As you work the design-stage journey, each chapter assembles live from the real records: scope, threats, controls, exceptions, residual risk and readiness. Doing the work is writing the document.

WHAT IT IS

The design record, assembled not authored.

A Security Architecture Document sets out how a solution is designed to be secure: its scope, its threats and controls, its exceptions and its residual risk. Traditionally it's hand-written after the build, if it exists at all.

In Cybereen it's the opposite. There's no blank template to fill in at the end. Every time you confirm a scope decision, accept a threat, commit a control or record an exemption, the matching chapter of the document assembles itself. Open it at any point in the project and it reflects exactly where the design stands.

Because it's assembled from the same records that drive your Applied Controls and Risks, it's not a parallel copy that drifts. Update the work and the document updates with it.

The honest version: the reason design records are usually thin or missing is that writing them is a separate, thankless job. Remove that job — make the document a by-product of the work — and you finally get a real one.
DERIVED, NEVER INVENTED

Every chapter tells you its own state.

Each chapter is marked Confirmed, Draft or Empty, derived purely from whether the underlying work exists. If a number can't be re-derived from the records, it doesn't appear.

  • Confirmed — the work behind the chapter is committed and complete.
  • Draft — the chapter has content but isn't finished; you can see exactly what's outstanding.
  • Empty — no work yet, honestly shown as a gap rather than a padded page.
  • No invented figures, no back-dated write-ups — the document is only ever as complete as the work.
Security Architecture Document · Payments upliftLIVE
1Solution overview & classificationConfirmed
2Scope & architecture nodesConfirmed
3Threats & controlsConfirmed
4Exceptions & residual riskDraft
5Go-live readinessDraft
6HandoverEmpty
IN THE PRODUCT

The document, assembling itself as you work.

Open it beside the journey at any stage. Each chapter shows its own state — Confirmed, Draft or Empty — derived from the records behind it. Illustrative project shown.

app.cybereen.com / secure-by-design / document
LIVE
Cybereen Secure by Design — the Security Architecture Document panel assembling live beside the journey, each chapter marked Confirmed, Draft or Empty
WHAT'S IN IT

Six chapters, each from its own source.

The chapters mirror the journey. Each one is fed by a real surface in the platform, so it's evidence, not narrative.

1
Overview & classification

What the solution is and how sensitive its data is, from the Describe stage.

2
Scope & nodes

The in-scope domains and the architecture nodes, from the Scope stage.

3
Threats & controls

The threats per node and the controls that answer them, from Assess.

4
Exceptions & residual risk

What was exempted, its compensating controls, and the risk formally accepted.

5
Go-live readiness

The pre go-live checklist and the derived readiness position.

6
Handover

The closure summary and who owns the solution now it's live.

SAD FAQ

Questions about the document.

Do I write the document, or does the platform?
You never write it separately. Each chapter assembles from the work you do in the journey — confirming scope, accepting threats, committing controls, recording exemptions. Doing the design-stage work is what produces the document.
Can I trust the figures in it?
The document is derived, never invented. Every figure and every chapter is reconstructed from the source records at read time. If something can't be re-derived from the data, it simply doesn't appear — there are no stored, drifting numbers to distrust.
Is it board- and auditor-ready?
Yes. It's a single, current record of how a solution was designed to be secure — scope, threats, controls, exceptions, residual risk and readiness — backed by the same data as your Applied Controls and Risks. It reads as evidence rather than narrative.
Is this a separate tool?
No. The Security Architecture Document is the headline output of the Secure by Design module on the Cybereen platform, assembled from the platform records you already keep.

Get a real design record, without writing one.

Work your next solution through the journey and the Security Architecture Document assembles itself. Book a walk-through and we'll show you on a real project.

Explore Secure by Design →