Government - CLAS Services for Accreditation

CLAS Accreditation Consultancy - Government Blue Light Agency

commissum provided experienced CLAS consultancy and supporting technical services to assist in attaining accreditation.

Client

The agency is part of a major Whitehall department that works to prevent loss of life and improve safety in its area of responsibility.

Client Requirement and Business Drivers

As a consequence of the Gershon review findings the Whitehall department implemented a Shared Services Centre in order to reduce operational costs across the department and its agencies.

In order to derive these planned benefits from the Shared Services Centre the agency needed to be able to connect to it. This required the agency to become Accredited to demonstrate appropriate information security management in order to facilitate this connection.

The client therefore decided that it was essential to engage with an independent, expert CLAS consultancy provider to analyse the requirements to attain accreditation and assist in delivering the requirements. The business drivers for this engagement can be summarised as follows:

• Cost reduction targets as part of Whitehall wide shared services initiative
• Secondary benefits for agency in terms of managing their operational risk by improving their organisation’s information security to recognised government Accreditation standards
• The client recognised the potentially disastrous impact on operations that could arise from any security related incident

Recognising the importance of the right specialist expertise, together with the need for objectivity and independence commissum was engaged to meet the strategic, business and technical security related objectives of the project within tight timescales set by the business.

commissum Services Provided 

The assignment delivered services in the following areas:

Accreditation strategy 

commissum thoroughly reviewed the existing draft Risk Management and Accreditation Document Set.

Interviews were conducted with business sponsors and key IT staff to establish objectives, both explicit and underlying, of the Accreditation requirements. 

An initial gap analysis was conducted to assess what was required to attain Accreditation and consultancy was provided to assist the Agency in turning this into an implementation plan.

Advise on implementation and management of controls

commissum provided business and technical CLAS consultancy to both review existing controls in place and advise and implement deficient and missing required controls.

Areas covered included: physical security requirements, personnel security requirements, protective monitoring, security operational procedures advice, ISMS implementation, 3rd party access management and controls, RMADS risk assessments and documentation.

The agency continues to successfully move forward with its accreditation targets.

• Case Study 1 - Online Banking Project Assurance
• Case Study 2 - Government Data Handling, BCP & ISO27000 consultancy
• Case Study 3 - Oil & Gas Industry - Asset Tracking System Project Assurance
• Case Study 4 - Professional Institute - Strategic Security Review
• Case Study 5 - Government Agency - Business Continuity Exercise
• Case Study 6 - Government Agency - CLAS Services for Accreditation
• Case Study 7 - National Engineering Group - Security Programme
• Case Study 8 - Application Service Provider - Investor Due Diligence
• Case Study 9 – Global Legal Firm - Annual Test Programme & Security Partnership
• Case Study 10 - Investment Bank - Secure Application Development Training