Information Risk Management

INFORMATION RISK
MANAGEMENT for
GOVERNMENT

The demands on government, non-governmental bodies and their third party commercial suppliers to prove information is appropriately secured are increasing. Any system carrying, storing or transmitting protectively marked data requires an appropriate technology and information risk management process to be carried out. This is to ensure that proportionate security controls have been applied to safeguard the system’s information assets and provide assurance to Accreditors and other key stakeholders.

In a changing Government security landscape, individuals who create and process data and documents must understand how that data should be marked and protected and implement agile, pragmatic and proportionate risk managed controls throughout its lifecycle. Wherever there is a need for authoritative, expert advice on implementing risk management methodologies, policy or how to mark, process, handle and dispose of data in line with the GCS, our CESG Certified Professional (CCP) certified Consultants can help. Our deep industry experience and links within Government and Cabinet Office, CESG and the wider IA community, combined with our full spectrum of independent Accreditation and Risk Management services offers our clients an unrivalled and compelling proposition for your cyber security needs.

As an established cyber security consultancy, we have years of experience in providing information assurance advice to government and third party commercial suppliers in line with best practice, HMG Policy and Standards and the Security Policy Framework, and our CCP Consultants have a 100% record in successful system accreditations.

HMG Technology & Information Risk Management and Assurance Consultancy services include:

  • Application of current and legacy IA Assurance Methodologies
  • Risk Management, Risk Assessment & Risk Treatment following guidance including ISO27005, ISO31000, ISO27002 and IAS1&2 (where still used)
  • Security Architecture System Designs and Reviews
  • Digital and Cloud Security Services
  • IA Audits and Reviews including RMADS (where still used), Security Policy Framework (SPF) Compliance
  • IA Incident Management
  • IA Policy & Standards Advice and Guidance, including policy development and reviews
  • Advice on Off-shoring Data
  • System Decommissioning Services
  • Codes of Connection Reviews e.g. PSN, PSN(P), NHSMail2
  • Privacy Impact Assessments

We pride ourselves on putting our clients first…

...our approach is both consultative and facilitative and each solution is bespoke to your business needs and drivers.
Find out more...