If you are a service provider to a Government Department or Agency and handle HMG physical or information assets you may be required to comply with guidance in the Security Policy Framework (SPF). Your client is responsible for determining which areas of the SPF should apply to your service provision and should notify you accordingly.

To demonstrate compliance, your Information Security Officer (or equivalent) must:

  • Conduct an initial self assessment using external security specialists or internal audit functions;
  • Submit annual security returns to the Department or Agency on the relevant Mandatory Requirements and associated security policy;
  • Carry out regular internal audits using external security specialists or internal audit functions.

To help you with these requirements, Advent IM can carry out a high level Compliance Review of your organisation against the Mandatory Requirements (MRs) within SPF relevant to you. Our service includes:

  • A high-level assessment of your current compliance status against the relevant MRs;
  • A detailed report including current status and remediation requirements if necessary;
  • General security policy advice and guidance on remediation requirements;
  • If you are already compliant, we can provide a high-level annual update review to provide assurance for annual security returns.

We work with many organisations including HMG Government Departments themselves, providing guidance on all aspects of security best practice following SPF, Counter-Terrorist Security Policy Manual (CTSPM), ISO 27001 and BS 25999. We are therefore ideally placed to work with your organisation to ensure compliance with the SPF.

Why Choose Advent IM?

We pride ourselves on putting our customers first…

...our approach is both consultative and facilitative and each solution is bespoke to your business needs and drivers.
Find out more...