An architecture is introduced built as the sole reference for securing ICT services delivered to the market. It provides complete security specifications for design and production as well as for customers that allow them to compare offerings and to assess associated risks. Service portfolio management, bid phases and implementation projects as well as service delivery management are covered. Roles and responsibilities are defined in collaboration models. The individual security measures are organized in a security taxonomy that follows an industrialization concept and covers all technology areas and the core processes of the provider. The taxonomy allows easy extraction of all details related to a delivered ICT service. The same documentation is used both for implementation (provider's side) and to demonstrate assurance and compliance (customers' side). This real-world architecture is thoroughly modular and hierarchic while providing information on all level of abstraction.