Security statement

The Digital Marketplace is being delivered to make it easier for government and digital businesses to work together. We value transparency while also taking security seriously. This document describes the practices we employ to help ensure the security of our users’ data.

Open source

Back to top of page

All code behind the Digital Marketplace is open source and available on Github. The original project was forked from a version of the Digital Marketplace UK, a service that has successfully been running for a number of years. A full log of all changes since the code was forked is available on our GitHub repository.

Raising issues

Back to top of page

Any member of the public is able to log an issue on GitHub for the Digital Marketplace. Whether it be a bug, feature request or security concern our team is ready to respond in a timely manner to all issues. Alternatively, you can email us at

Security audits

Back to top of page

The Digital Marketplace is regularly audited for vulnerabilities at source code level by the internal DTA Security Team. A full audit was completed for the Beta release. Periodic audits are now scheduled on new features on the live release. Any security bugs that are raised during these audits are fixed and deployed in a timely manner.

Secure cloud

Back to top of page

The Marketplace site is deployed to a secure Amazon Web Services (AWS) environment. It uses a combination of AWS services and services that are provided by the DTA cloud platform (Cloud Foundry). The database that contains all user data has restricted access and is periodically backed up.

Status and incident updates

Back to top of page

The current status of the Digital Marketplace site can be viewed at We publish our service availability in real time. If there is downtime for any reason, an incident will be raised on this site with regular updates until the service is restored.


Back to top of page

The Digital Marketplace is continually monitored by a range of tools that immediately notify the team of any errors or changes to performance that could affect the Digital Marketplace service.

Zero downtime

Back to top of page

The Digital Marketplace has a policy of zero downtime deployments. This means there’s no interruption when the site is being updated. The Digital Marketplace team regularly update the site, typically on a daily basis, and can quickly respond to any issues.


Back to top of page

The Digital Marketplace is an agile development, which means it evolves in response to the needs of its users. If you have any feedback or questions relating to this document (or any other Digital Marketplace matters) else email

Updated: 1 June 2018