Information assurance for government
Client
Government - education and training body. This government body provides careers advice and guidance plus the provision of training development.
Requirement & Business Driver
As a consequence of the Whitehall data handling review following the HMRC data loss, new mandatory data handling requirements were defined for government bodies.
Data handling is: the protection of sensitive personal information in accordance with specific measures covering access; removable media, controlled disposal, authentication, audit, forensic readiness and citizen-facing work.
The client therefore decided that it was essential to engage with an independent, expert information assurance consultancy provider to ensure they comply with government requirements in this area.
Additionally in order to ensure appropriate control of the organisation’s operational risk the client also requested assistance with Business Continuity Planning and Management and the ISO27000 Information Security Management framework.
The business drivers for this engagement can be summarised as follows:
- Compliance with Cabinet Office mandates regarding data handling
- Secondary benefits for agency in terms of managing their operational risk by improving their organisation’s information security and business continuity to recognised industry standards
- The client recognised the sensitivity of any potential data leaks in the current political context
Recognising the importance of the right specialist expertise, together with the need for objectivity and independence commissum was engaged to meet the strategic, business and technical security and continuity related objectives of the client.
commissum have considerable expertise and experience in addressing both government, i.e. IS6 and SPF, and commercial e.g. Data Protection Act and Financial Services Authority requirements in this area.
Services Delivered
The assignment delivered services in the following three areas:
Data Handling
Design and implementation of the information handling project at the client consisting of the design of a framework to identify and classify sensitive and critical information in the organisation. Identification of data handling governance roles and responsibilities for the individuals concerned within the organisation. Development of a risk assessment and classification tool and information handling tables to facilitate demonstrable compliance.
Business Continuity
commissum provided business continuity and planning consultancy to both review existing business continuity and disaster recovery plans, address key points from a recent audit report and update the plans accordingly. commissum also identified the composition of the BCDR teams, the parameters of the BCDR control centre and the contingency materials in order to facilitate more localised involvement and ownership of the plans.
ISO27000
commissum conducted a comprehensive ISO27001 gap analysis for the client, which included audit of ISMS, risk assessments, Statement of Applicability and a comprehensive governance and technical review of the implementation of ISO27002 controls.
commissum continues to provide information assurance services to this government body as a trusted security partner.
- Case Study 1 - Online Banking Project Assurance
- Case Study 2 - Government Data Handling, BCP & ISO27000 consultancy
- Case Study 3 - Oil & Gas Industry - Asset Tracking System Project Assurance
- Case Study 4 - Professional Institute - Strategic Security Review
- Case Study 5 - Government Agency - Business Continuity Exercise
- Case Study 6 - Government Agency - CLAS Services for Accreditation
- Case Study 7 - National Engineering Group - Security Programme
- Case Study 8 - Application Service Provider - Investor Due Diligence
- Case Study 9 – Global Legal Firm - Annual Test Programme & Security Partnership
- Case Study 10 - Investment Bank - Secure Application Development Training
- Case Study 11 - Manufacturing Company - Active Directory Review & ISO27001/27002 Gap Analysis
Get in touch with one of our security consultants today
- No obligation
- Expert advice
- Tailored solutions
"commissum understood exactly what we needed and delivered excellent service on time, and on budget. Why can't all companies be like them!"
Mr Duncan M, Information Security Manager - National Building Society
"commissum was particularly responsive and the project was well managed under demanding conditions. I was very happy with the technical standard. Very good value for money as well”
Mr Kenneth Y, Head of IT Risk & Compliance, International Retail Bank
“We have used commissum for several years and their work has always been professional and delivered to a high standard. We appreciate their ability to readily interpret project requirements and to make a valuable contribution even when a project's budget is tight. commissum are easy to deal with and have the flexibility to manage changing time scales and requirements.”
Mr Iain R, Account Director, International Business Systems & Managed Services Company
