CLAS Consultant

commissum CLAS (CESG Listed Adviser Scheme) consultants provide government accredited expert Information Assurance consultancy.

commissum has been a long-standing subscriber to the CESG Listed Adviser Scheme (CLAS).  The CLAS scheme is managed by the Communications-Electronics Security Group (CESG), which is the Information Assurance (IA) arm of GCHQ (Government Communications Headquarters), based in Cheltenham, Gloucestershire, UK. CESG is the UK Government's National Technical Authority for IA.

The CLAS scheme was established by CESG in recognition of an increasing need for authoritative Information Assurance advice and guidance to government departments. This need has arisen from a growing awareness of the threats and risks that information systems face in an ever-changing world. 

commissum, through this scheme, assists in satisfying this need by providing CLAS qualified Information Assurance advice to government departments and other organisations that provide essential services for the United Kingdom. commissum CLAS consultants are approved to provide advice and consultancy on protectively-marked systems processing information up to and including SECRET level. 

All government systems, however, regardless of the data classification they handle, need to be assessed for the business impact in the event of a breach or data leak. Often the most difficult part of the process is determining the appropriate Business Impact Level. This level influences the selection of appropriate controls, as well as the CESG-defined mandatory accreditation process to be applied. Within this process, there are several services that the commissum team of experienced CLAS consultants is able to provide. 

These services include:

• Assessments against the Cabinet Office Security Policy Framework (SPF)
• The development of risk assessments in accordance with HMG IAS 1.
• The production of Risk Management and Accreditation Documentation Sets (RMADS) meeting the requirements of HMG IAS 2.
• Advice on meeting the requirements for connection to the GSi and Government Connect.
• Reviews of data handling procedures to ensure compliance with HMG IAS 6.
• Advice on the implementation of technical security architectures.
• Guidance on interpreting and meeting the requirements of the Security Policy Framework (SPF).
• Providing security advice during procurement, from the initial business case stage through tendering, implementation, assessment/testing and operation.

• Cyber Security Strategy
• ISO 27001/2 Gap Analysis
• CLAS
• Security Health Check
• Security Audit
• ISO 27001 transition
• PCI DSS
• Secure Software Development
• Business Continuity Consulting
• Education