How to gain accreditation for a G-Cloud Service

Size: px
Start display at page:

Download "How to gain accreditation for a G-Cloud Service"

Transcription

1 How to gain accreditation for a G-Cloud Service Demystify the process As a registered supplier of G-Cloud services you will be keenly aware that getting onto the G-Cloud framework does not automatically enable those services to be bought by your potential customers. In many cases first you will need accreditation for your service or product. The process of accreditation is documented and publically available but if you are not familiar with the world of HMG accreditation the terminology and jargon can seem confusing. More importantly if you have customers who are enquiring about your products or are keen to buy, you don t want unnecessary delays in achieving that sale. By reading this guide we hope to demystify some of the key principles and outline the critical steps required to achieve accreditation for your service or product. Following these steps will give a competitive edge over your competition and increase the likelihood of getting a return on your investment in the G-Cloud. Contents G-Cloud & the CloudStore Catalogue Three Tiers of Security Requirements 5 Steps to Accreditation Top Tips for IL1/2 Accreditation Top Tips for IL3 Accreditation About Ascentor Ascentor are independent Information Risk Management specialists who view information security as a powerful business enabler. CALL US NOW

2 G-Cloud and the CloudStore Catalogue The Government s G-Cloud service is open for business. To date over 1,700 information and communications services have been added to the CloudStore catalogue. At present the CloudStore catalogue is little more than a business directory; any customer selecting a product or service from the catalogue must still perform their own accreditation no different to selecting a product or service through any other mechanism. The objective of G-Cloud is to offer a catalogue of services that are fully accredited, requiring relatively little additional effort by the customer to use the service. For suppliers who wish to offer their services through G-Cloud there is a business imperative to become accredited. This will make your services more attractive to, and more likely to be selected by the public sector customer. Three Tiers of Security Requirements: G-Cloud services are divided into three tiers, which represent the security requirements of the customer s information. Your accreditation requirements vary between these tiers: IL0 IL1/2 IL3 This represents the lowest level of security requirements: There is no requirement for security accreditation. Very few services will fall into this category. This represents the baseline level of security requirements and is probably relevant for 60%-70% of public sector customers. Accreditation is based on the use of ISO certification, i.e. good commercial practice This requires enhanced security to protect sensitive information and is a common requirement for central Government departments and some agencies. Accreditation is based on HMG security standards these are based on ISO 27001, but with more stringent requirements. To get accredited for IL1/2 you need to have a suitably scoped ISO certification; the certificate must be awarded by a recognised certification body. Additional information is presented in a short document the light-weight RMADS that is used to present a collection of security information to the Accreditor. 2

3 5 Steps to Accreditation By breaking the process into steps you can plan your approach and make it happen at speed. PETER CURRAN, ASCENTOR Step One The first step of the process is to complete and submit the G-Cloud Service Description Security Accreditation Scope template. The initial assessment is performed by the G-Cloud programme office, which will primarily focus on your eligibility to join G-Cloud. If your application is deemed acceptable it will be submitted to the Pan Governmental Accreditor (PGA). Step Two The PGA will examine the information provided to ensure that the ISO certification is suitably scoped. Understanding what is meant by suitably scoped is important; in simple terms this means that all elements of the service must be subject to certification. In addition, the Accreditor is seeking evidence that the security controls in some key areas are robust and sufficiently comprehensive. Unsurprisingly, this is likely to be an iterative process if the information supplied is incomplete or insufficiently detailed. Step Three Once the Accreditor has agreed that the scope of the ISO certification is sufficient, he/she will specify what evidence is required along with appropriate assurance activities. In many cases the evidence will be based on independent audit reports (e.g. 6-monthly surveillance audits), but may require examples of audits of 3 rd parties, certificates for evaluated products, and so on. Assurance activities are often based around an IT Health Check (ITHC) conducted by an accredited penetration testing company, but could include information related to the use and configuration of evaluated products. In some cases specialist assurance activities may be required, especially if the use of technology, or the system architecture, are novel or unusual. 3

4 5 steps to accreditation Step Four All of this evidence will be submitted as a Risk Management and Accreditation Document Set (RMADS) a specific light-weight template has been developed for this purpose. Other documents that must be submitted, and agreed with the PGA, include a Statement of Residual Risk, Security Operating Procedures (SyOPs) and IA Conditions for consuming organisations. Once the PGA is content an accreditation certificate will be issued. There are specific issues around the role of personal data (and sensitive personal data) there is a separate questionnaire that must be completed to confirm that the service provider can support the customers obligations under the Data Protection Act 1998 (DPA). It is unlikely that a service provider would be accredited if their service is judged non-conformant with the DPA requirements. Step Five If the service is being offered at IL3 full accreditation is required. This is broadly the same approach as that used for IL2, except that the implementation of ISO controls using the HMG Baseline Control Set (BCS) is mandatory. It is also strongly recommended that a technical risk assessment is undertaken using the HMG IS1&2 methodology, along with a risk treatment plan that is aligned with CESG good practice guides. It is expected that IL3 services will be delivered by a G-Cloud service provider who is connected to the PSN at IL3 compliance with the PSN Code of Connection (CoCo) is required. Whilst it is theoretically possible to offer IL3 services via the Internet, it is likely that a CESG evaluated cryptographic product would be required. It is also more likely that specialist assurance services will be required to validate the configuration and use of the service providers systems. 4

5 Top Tips for IL1/2 Accreditation How to gain accreditation for your G-Cloud Service ➊ Check the Scope of your ISO Certificate Your certificate will say on it which of the activities of your business are within the scope of the certification this is probably a summary of the scope specified in your ISMS. If the services being offered to G-Cloud do not fall within this scope, you will need to discuss a scope change with your auditor. ➋ Prepare information for the Security Accreditation Scope document The scoping document asks some questions about your implementation of technical controls that are considered important for G- Cloud service providers. The answers to these questions are likely to inform the evidence requirements that will be subsequently specified by the PGA, so care in the wording and technical depth is important. It is a very good idea to try and use the language of HMG Information Assurance try and avoid sales speak. ➌ Define or update your Information Security Policy in an HMG friendly way If you have not yet been ISO certified, or are considering updating your security policies, it is well worth specifying policies that are compliant with HMG requirements for IL2 systems. Not only will this make it easier to prove that you meet all the requirements, but will also make it easier for you to offer your services via the PSN or at IL3. You should base your ISO control implementation around the HMG Baseline Control Set (BCS) at the DETER level. 5

6 Top Tips for IL1/2 Accreditation ➍ Don t forget about connecting to your customer For services offered at any impact level it is permitted to do so via the Internet. However, it is much easier to offer a service via the Public Services Network (PSN). Not only is this likely to be more attractive to public sector customers, but it avoids the problem of gaining accreditation for the customer connection mechanism. To gain approval for connecting your service to the PSN you will need to show that you are compliant with the PSN Code of Connection (CoCo) this should be relatively straightforward (but may require further adjustments to your ISO Information Security Management System). If you do decide to offer your service via the Internet you will need to include the connection method within the scope of your accreditation; SSL/TLS is a common mechanism. ➎ Think about aggregation and separation Aggregation is the term used in Information Assurance to indicate the probable rise in business impact if a collection of data is compromised. Aggregation can occur through accumulation (putting lots of data in the same place), or association (linking two relatively harmless pieces of data together). In the main accumulation is the problem for G-Cloud services; many thousands of personal data records is likely to be a more attractive target than one or two. The solution normally lies with more robust controls; better protective monitoring, increased physical security, etc. Separation is an important concept in cloud services. In most cases public sector customers will not want their data mixed up with other customers especially if those customers are also not public sector organisations. If your service does not naturally keep customers separate, you should consider the robustness of your access control mechanisms to ensure that the risk of data leakage is minimised. 6

7 Top Tips for IL3 Accreditation How to gain accreditation for your G-Cloud Service ➊ Review your ISO certification HMG Information Assurance is based on ISO You can use your existing ISO certification to provide key evidence to support the accreditation of your IL3 service. In general, controls should use the HMG Baseline Control Set (BCS) to define the implementation requirements. BCS is applied at three different levels (or segments) in general most controls should be implemented against the lowest segment; in some cases the middle segment may be more applicable depending on the nature of the service and the impact of aggregation, or the requirement to deliver IL4 for availability. ➋ Define your stance on protecting personal data Many IL3 systems will be storing or processing personal data usually because most public sector organisations treat aggregates (collections) of personal data at IL3. Public sector organisations are obliged by the Data Protection Act (DPA) to ensure that third party data processors are able to protect personal data. The DPA Checklist contains a number of questions that are intended to establish the basis on which the G-Cloud supplier will satisfy the legal requirements. Make sure that you understand the current guidelines issued by the Information Commissioners Office (ICO) in particular, you should note the sensitivity to offshoring data, especially outside the EEA. If you cannot provide satisfactory answers to the DPA Checklist it is unlikely that the service will be accredited. 7

8 Top Tips for IL3 Accreditation ➌ Consider connection to the PSN Whilst it may be possible to offer an IL3 service via the Internet, in most cases it is expected that you will do so via the PSN. You will need to comply with the PSN Code of Connection (CoCo) and contract with a company offering a PSN IL3 network service. Whilst this activity can be stand-alone, it makes sense to include PSN connectivity within the scope of the IL3 accreditation. ➍ Integration with the PSN/G-Cloud incident management process Whilst incident management procedures are important at all impact levels, IL3 requires specific activities to ensure that your incident management processes are fully integrated into those of the PSN/G-Cloud. Operation at IL3 requires a relatively pro-active approach to protective monitoring using a Security Information and Event Management (SIEM) product is a cost effective way of providing the required level of capability in this area. ➎ Supporting forensic readiness Forensic readiness is a further obligation on public sector organisations that requires a more proactive approach at IL3. G-Cloud service providers are required to support customer forensic readiness planning there are existing CESG guidelines that describe the requirements for forensic readiness at IL3. Designing your systems to incorporate this guidance will increase the likelihood that you can support the requirements of your customers. 8

9 G-Cloud accreditation is an art and a science; it can seem complex, confusing and daunting. The team at Ascentor is here to help. Meet Peter Curran With over 25 years in the business, and 17 years in information security, Peter is our resident G-Cloud expert. We invite you to pick his brains. All we ask in return is some decent coffee and a few biscuits. FREE 2-HOUR CONSULTATION Call Dave James to arrange a free no-obligation consultation with our G-Cloud expert, Peter Curran. CALL DAVE ON More information: Ascentor Ltd 5 Wheatstone Court, Davy Way Waterwells Business Park, Quedgeley Gloucester, GL2 2AQ +44 (0) (0)

Top Tips for Every Government Security Lead By Paddy Keating

Top Tips for Every Government Security Lead By Paddy Keating www.ascentor.co.uk Top Tips for Every Government Security Lead By Paddy Keating The growing importance of the security lead role In light of the UK Cyber Security Strategy and increasing cyber threat,

More information

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template G-Cloud Service Pan Government Security Accreditation Scope This form is intended for Suppliers of services on the G-Cloud to complete. Upon receipt, the G-Cloud Programme will check Section A, Reference

More information

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services Contents 1 Introduction...2 2 IA, CLAS Consulting and CHECK Testing...3 3 Information Assurance...4 4 Accreditation...5

More information

GPG13 Protective Monitoring. Service Definition

GPG13 Protective Monitoring. Service Definition GPG13 Protective Monitoring Service Definition Issue Number V1.3 Document Date 27 November 2014 Author: D.M.Woodcock Classification UNCLASSIFIED Version G-Cloud 6 2014 Copyright Assuria Limited. All rights

More information

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business Secure your information Strengthen your business Choosing Ascentor as your cyber security partner www.ascentor.co.uk Ascentor Ltd 5 Wheatstone Court, Davy Way Waterwells Business Park Quedgeley, Gloucester

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this

More information

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating

More information

PSN Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition PSN Protective Monitoring Service Definition Issue Number V3.0 Document Date 29 September 2015 Author: R.N. Connor Classification UNCLASSIFIED Version G-Cloud 7 2015 Copyright Tenian Limited. All rights

More information

Thales Service Definition for PSN Secure Email Gateway Service for Cloud Services

Thales Service Definition for PSN Secure Email Gateway Service for Cloud Services Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...

More information

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services Thales Service Definition for UK IL3 Encrypted Overlay Thales Service Definition for IL3 Encrypted Overlay for Cloud Services April 2014 Page 1 of 11 Thales Service Definition for UK IL3 Encrypted Overlay

More information

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers

More information

Service Definition Document

Service Definition Document Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)

More information

Information governance strategy 2014-16

Information governance strategy 2014-16 Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope

More information

National Approach to Information Assurance 2014-2017

National Approach to Information Assurance 2014-2017 Document Name File Name National Approach to Information Assurance 2014-2017 National Approach to Information Assurance v1.doc Author David Critchley, Dave Jamieson Authorisation PIAB and IMBA Signed version

More information

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT Issue 1.0 Date 24/03/2011 Logica is a business and technology service company, employing 39,000 people. It provides business consulting, systems integration

More information

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

February 2015 Issue No: 5.2. CESG Certification for IA Professionals February 2015 Issue No: 5.2 CESG Certification for IA Professionals Issue No: 5.2 February 2015 The copyright of this document is reserved and vested in the Crown. This document may not be reproduced or

More information

UK Government IA Recent Changes and Update

UK Government IA Recent Changes and Update UK Government IA Recent Changes and Update INTRODUCTION Agenda Part 1 Government IA and Cyber Security Background Quick Threat Update UK Government Cyber Security Initiative Government Asset Control in

More information

Specialist Cloud Services. Acumin Cloud Security Resourcing

Specialist Cloud Services. Acumin Cloud Security Resourcing Specialist Cloud Services Acumin Cloud Security Resourcing DOCUMENT: FRAMEWORK: STATUS Cloud Security Resourcing Service Definition G-Cloud Released VERSION: 1.0 CLASSIFICATION: CloudStore Acumin Consulting

More information

Growth Through Excellence

Growth Through Excellence Growth Through Excellence Public/Private Cloud Services Service Definition Document G- Cloud 5 REFERENCE NUMBER RM1557v Table of Contents Table of Contents... 3 Executive Summary... 4 About the Company...

More information

IBM Web Server as a Service

IBM Web Server as a Service IBM Web Server as a Service Service Definition IBM G-Cloud Web Server as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business Services and provides a Web Server

More information

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level April 2015 Issue No:1.0 Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level Application Guidance CCP Security and Information Risk Advisor Role, Practitioner Level

More information

Implementing the CESG Cloud Security Principles

Implementing the CESG Cloud Security Principles Implementing the CESG Cloud Security Principles February 2015 Eduserv Public www.eduserv.org.uk Contents Introduction... 4 The principles... 4 About our claims... 5 1 Data in transit protection... 6 2

More information

Thales Service Definition for NOC Services for Cloud

Thales Service Definition for NOC Services for Cloud Thales Service Definition for UK NOC Services Thales Service Definition for NOC Services for Cloud April 2014 Page 1 of 13 Thales Service Definition for UK NOC Services CONTENT Page No. Introduction...

More information

Service description RFL Virtual Data Centre

Service description RFL Virtual Data Centre Service description RFL Virtual Data Centre IaaS G-Cloud 6 1 Contents Overview... 3 Highlights... 3 Description... 3 Use cases... 3 Use cases... 5 Use cases... 5 Pricing... 5 Information assurance... 5

More information

HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS

HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS white paper HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS EXECUTIVE SUMMARY There has been much talk of cloud services, G-Cloud and Cloud First in recent months, but what does

More information

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC) Version 1.0 Crown Copyright 2016 All Rights Reserved Page 1 Document History Version Date Description 1.0 October 2013 Initial issue Soft copy

More information

A guide to procuring Accredited Cloud Services

A guide to procuring Accredited Cloud Services A guide to procuring Accredited Cloud Services Contents 2 Introduction 3 Chapter 1: What are Accredited Cloud Services? 4 Chapter 2: Preparing to procure Accredited Cloud Services 6 Chapter 3: Comparing

More information

DIGITAL MARKETPLACE (G CLOUD 7) OFFERING. Sopra Steria Integration Platform Support as a Service. Service Overview. Sopra Steria in the public sector

DIGITAL MARKETPLACE (G CLOUD 7) OFFERING. Sopra Steria Integration Platform Support as a Service. Service Overview. Sopra Steria in the public sector DIGITAL MARKETPLACE (G CLOUD 7) OFFERING Sopra Steria Integration Platform Support as a Service Sopra Steria in the public sector Organisations across the public sector choose Sopra Steria to deliver transformation

More information

Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014

Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014 Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL v2.0 March 2014 This FAQ describes how risk management activities should be conducted for the new OFFICIAL classification.

More information

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service. i Compliant Fully managed Encryption Overlay service enabling data sharing across secure networks. Provides operational efficiencies and cost savings through simplified procurement Get Better Protected...

More information

Procurement Policy Note Use of Cyber Essentials Scheme certification

Procurement Policy Note Use of Cyber Essentials Scheme certification Procurement Policy Note Use of Cyber Essentials Scheme certification Action Note 09/14 25 September 2014 Issue 1. Government is taking steps to further reduce the levels of cyber security risk in its supply

More information

IBM G-Cloud Microsoft Windows Active Directory as a Service

IBM G-Cloud Microsoft Windows Active Directory as a Service IBM G-Cloud Microsoft Windows Active Directory as a Service Service Definition IBM G-Cloud Windows AD as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business

More information

IT Heath Check Scoping guidance ALPHA DRAFT

IT Heath Check Scoping guidance ALPHA DRAFT IT Heath Check Scoping guidance ALPHA DRAFT Version 0.1 November 2014 Document Information Project Name: ITHC Guidance Prepared By: Mark Brett CLAS Consultant Document Version No: 0.1 Title: ITHC Guidance

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS

G-Cloud Service Definition. Atos Business Intelligence Dashboards and Analytics SCS G-Cloud Service Definition Atos Business Intelligence Dashboards and Analytics SCS Atos Business Intelligence Dashboards and Analytics SCS The Atos approach to Business Intelligence (BI) Dashboards and

More information

IBM G-Cloud Application Systems Management as a Service

IBM G-Cloud Application Systems Management as a Service IBM G-Cloud Application Systems Management as a Service Service Definition 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business Services and provides a Systems Management

More information

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services G-Cloud 7 Service Definition Atos Oracle Cloud ERP Implementation Services Atos Oracle Cloud ERP Implementation Services Customers need adaptive and agile Enterprise Resource Planning (ERP) systems to

More information

SIAM Procurement G-cloud 7 framework

SIAM Procurement G-cloud 7 framework SIAM Procurement G-cloud 7 framework SIAM Procurement Service Definition Document October 2015 Table of contents SIAM procurement 3 1.1 Service overview 3 1.2 Key features 3 1.3 Key business benefits 3

More information

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services) CenturyLink Disaster Recovery Service G-Cloud V Lot 4 (Specialist Cloud Services) Overview of the Service To help public sector organisations be prepared in the event of a disaster, CenturyLink Technology

More information

SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY. Classification: Open

SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY. Classification: Open SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this

More information

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective. Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,

More information

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE Classification: Open Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this

More information

white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY

white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY SECURITY EXECUTIVE SUMMARY The UK government has increasingly been encouraging the use of cloud services instead of traditional

More information

Committees Date: Subject: Public Report of: For Information Summary

Committees Date: Subject: Public Report of: For Information Summary Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security

More information

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co.

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: 0207 444 4080 Email: G-Cloud@esynergy-solutions.co. ediscovery G-Cloud V Service Definition Lot 4 SCS Tender Validity Period: 120 days from 10/04/14 Contact us: Danielle Pratt Email: G-Cloud@esynergy-solutions.co.uk Contents About... 1 Specialist Cloud

More information

IBM Database as a Service

IBM Database as a Service IBM Database as a Service Service Definition IBM G-Cloud Database as a Service 1 1. Summary 1.1 Service Description This offering is provided by IBM Global Business Services and provides a versatile (relational

More information

G-Cloud Service Definition. Atos Data Quality Audit SCS

G-Cloud Service Definition. Atos Data Quality Audit SCS G-Cloud Service Definition Atos Data Quality Audit SCS Atos Data Quality Audit SCS As organisations increasingly utilise a hybrid of Legacy and Cloud based technology platforms, it becomes increasingly

More information

G-Cloud Service Definition. Atos SharePoint Development Service

G-Cloud Service Definition. Atos SharePoint Development Service G-Cloud Service Definition Atos SharePoint Development Service SharePoint Development Services SCS A comprehensive electronic document and records management, collaboration or web content management solution

More information

ISO 14001 Environmental Management Certification for AXA PPP healthcare via e-learning

ISO 14001 Environmental Management Certification for AXA PPP healthcare via e-learning ISO 14001 Environmental Management Certification for AXA PPP healthcare via e-learning Introduction AXA PPP healthcare has been helping people to access healthcare services since 1940. Today it forms the

More information

developing your potential Cyber Security Training

developing your potential Cyber Security Training developing your potential Cyber Security Training The benefits of cyber security awareness The cost of a single cyber security incident can easily reach six-figure sums and any damage or loss to a company

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker.

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: 01304 814800 Fax: 01304 814899 info@thebunker. Embrace the G-Cloud Ultra Secure Colocation Services for the Public Sector 1 Phone: 01304 814800 Fax: 01304 814899 info@ Contents Introduction What is G-Cloud? Types of accreditation: Business Impact Levels

More information

THINK. CLOUD VENDORS. December 9 th 2014. Level39 One Canada Square Canary Wharf London E14 5AH. Venue: Tele: www.thinkcloudvendors.

THINK. CLOUD VENDORS. December 9 th 2014. Level39 One Canada Square Canary Wharf London E14 5AH. Venue: Tele: www.thinkcloudvendors. THINK. CLOUD VENDORS December 9 th 2014 Venue: Tele: Level39 One Canada Square Canary Wharf London E14 5AH 0203 668 3600 www.thinkcloudvendors.com Day Summary 08:30-09:00 Coffee, Registration & Networking

More information

UK Permanent Salary Index - 2015

UK Permanent Salary Index - 2015 1 SYSTEM INTEGRATORS & CONSULTANCIES Job Title Guidelines 8 9 2010 2011 2012 2013 2014 Information & Risk IT Officer Project & Risk Consultant Analyst Part of a team in a large organisation responsible

More information

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES

DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES G Cloud IV Framework Lot 4 DIGITAL FORENSICS AND CYBER INCIDENT RESPONSE SERVICES Service Description - ANSEC IA Limited CONTENTS 1 Company Profile. 2 The ANSEC Effect 3 Qualifications 4 Service Description..

More information

Cardiff Council. Data protection audit report. Executive summary June 2014

Cardiff Council. Data protection audit report. Executive summary June 2014 Cardiff Council Data protection audit report Executive summary June 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act 1998

More information

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open Cloud Enablement Version: 2.0, Issue Date: 05/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this Response, no part of this

More information

IT asset disposal for organisations

IT asset disposal for organisations ICO lo Data Protection Act Contents Introduction... 1 Overview... 2 What the DPA says... 3 Create an asset disposal strategy... 3 How will devices be disposed of when no longer needed?... 3 Conduct a risk

More information

Vodafone Total Managed Mobility

Vodafone Total Managed Mobility Vodafone Total Managed Mobility More productivity, less complexity Vodafone Power to you What s inside? What you get see how your business benefits 4 In detail find out how it all works 5 Service lifecycle

More information

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS G-Cloud Service Definition Canopy Big Data proof of concept Service SCS Canopy Big Data proof of concept Service SCS Canopy Big Data Proof of Concept (PoC) Service is a consulting service that helps the

More information

Overview. Service Description: BCP & DR Strategy (L6)

Overview. Service Description: BCP & DR Strategy (L6) Service Description: BCP & DR Strategy (L6) Government Enterprise Architecture Specialists T: 07966 457 571 E: peter@vision-ist.net Overview Visionist will help your organisation develop a Business Continuity

More information

Supplier Assurance Framework Good Practice Guide

Supplier Assurance Framework Good Practice Guide Supplier Assurance Framework Good Practice Guide Version 2.0 February 2015 1 P a g e V e r s i o n 2. 0 F e b 1 5 Contents INTRODUCTION... 3 SUPPLIER ASSURANCE FRAMEWORK OVERVIEW... 4 USING THE STATEMENT

More information

ICT and Information Security Resources

ICT and Information Security Resources Methods GCloud Service Definition ICT and Information Security Resources HEAD OFFICE: 125 Shaftesbury Avenue, London WC2H 8AD Scottish Office: Exchange Place 2, 5 Semple Street, Edinburgh, EH3 8BL t: +44

More information

GLASGOW LIFE Review of Business Continuity Planning. Final Report

GLASGOW LIFE Review of Business Continuity Planning. Final Report Final Report INTERNAL AUDIT September 2011 Glasgow City Council Internal Audit 1 Table of Contents Section No Section Title 1 Introduction and Background 2 Audit Remit 3 Audit Opinion 4 Conclusions 5 Recommendations

More information

Remote Access Service (RAS)

Remote Access Service (RAS) Remote Access Service (RAS) Contents 1 Introduction to Remote Access Service...2 2 Service Definition...3 2.1 Functionality & Features... 3 2.2 Access Methods... 3 3 Differentiators...4 4 Commercials...5

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things

Cyber security. Cyber Security. Digital Employee Experience. Digital Customer Experience. Digital Insight. Payments. Internet of Things Cyber security Digital Customer Experience Digital Employee Experience Digital Insight Internet of Things Payments IP Solutions Cyber Security Cloud 2015 CGI IT UK Ltd Contents... Securing organisations

More information

WebFOCUS Cloud Express. The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions Ltd.

WebFOCUS Cloud Express. The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions Ltd. Service Definition The name of the Service is: WebFOCUS Cloud Express An overview of WebFOCUS Cloud Express The WebFOCUS Cloud Express service is delivered as a managed G-Cloud service by Amtex Solutions

More information

G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services

G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services G Cloud III Framework Lot 4 (SCS) CHECK Accredited Penetration Testing Services Contents Executive Summary 3 CHECK Accredited Penetration Testing Services 4 Why Deloitte? 5 Package Cost 7 Contact 9 Service

More information

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service G-Cloud Service Definition Atos Information Security Wireless Scanning Service Keeping your wireless networks secure Atos Information Security Wireless Scanning Service The Atos Wireless Scanning Service

More information

Virtual Desktop Infrastructure Platform as a Service

Virtual Desktop Infrastructure Platform as a Service www.steria.com/uk Virtual Desktop Infrastructure Platform as a Service creativity simplicity independence respect openness contents 1 Overview... 4 1.1 Benefits of Virtual Desktop Infrastructure... 5 2

More information

G-Cloud Service Definition. Atos Oracle Database Upgrade

G-Cloud Service Definition. Atos Oracle Database Upgrade G-Cloud Service Definition Atos Oracle Database Upgrade Database Upgrade for SCS While providing a technical database upgrade facility, Atos also assist organisations in maximising the benefits from the

More information

G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service

G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service G-Cloud Service Definition Lotus Notes to Microsoft SharePoint Migration Discovery Service Lotus Notes to Microsoft SharePoint Migration Discovery Service This service provides an opportunity to review

More information

HOW MUCH MONEY HAVE YOU WASTED ON G-CLOUD?

HOW MUCH MONEY HAVE YOU WASTED ON G-CLOUD? Winning on G-Cloud & The Digital Marketplace 6 TIPS FROM SUCCESSFUL SUPPLIERS HOW MUCH MONEY HAVE YOU WASTED ON G-CLOUD? As of 2 February, there were a total of 1,852 suppliers registered on the G-Cloud

More information

Cloud Service Baseline Requirements

Cloud Service Baseline Requirements Cloud Service Baseline Requirements Prepared for THE CLIENT By Flexible Computing Ltd www.flexiblecomputing.co.uk Tel: 0845 5440959 @cloudrockstars @mcraddock Version V1.2 Author Mark Craddock Distribution

More information

The Audit Committee self-assessment checklist

The Audit Committee self-assessment checklist GOOD PRACTICE The Audit Committee self-assessment checklist 2nd edition January 2012 Financial Management and Reporting 2 The Audit Committee self-assessment checklist Our vision is to help the nation

More information

RISK MANAGEMENT AND ACCREDITATION OF INFORMATION SYSTEMS ALSO RELEASED AS HMG INFOSEC STANDARD NO. 2

RISK MANAGEMENT AND ACCREDITATION OF INFORMATION SYSTEMS ALSO RELEASED AS HMG INFOSEC STANDARD NO. 2 RISK MANAGEMENT AND ACCREDITATION OF INFORMATION SYSTEMS ALSO RELEASED AS HMG INFOSEC STANDARD NO. 2 AUGUST 2005 This paper was previously published by the National Infrastructure Security Co-ordination

More information

ABCs G-Cloud Secure South West

ABCs G-Cloud Secure South West ABCs G-Cloud Secure South West Mark Craddock (@mcraddock) G-Cloud CloudStore Lead Propagation Lead v1.3 (SSW) Why? Public Sector spends ~ 16Bn on ICT 20 suppliers represent majority of government spend

More information

Managing Supply Chain Impacts

Managing Supply Chain Impacts Managing Supply Chain Impacts Increasing shareholder, public and media scrutiny means that any irregular or irresponsible practices within an organisation's supply chain can permanently damage an organisation's

More information

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open Connecting to the Cloud Version: 3.0, Issue Date: 01/12/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201415/12/2014. Other than for the sole purpose of evaluating this Response,

More information

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV

D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV D-G4-L4-126 Police contact management and demand reduction review Deloitte LLP Service for G-Cloud IV September 2013 Contents 1 Service Overview 1 2 Detailed Service Description 2 3 Commercials 6 4 Our

More information

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments

Cloud Software Services for Schools. Supplier self-certification statements with service and support commitments Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Meritec Limited Meritec House, Acorn Business

More information

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS G-Cloud Service Definition Atos Infrastructure as a Service (IL3) for Cloud IaaS Atos Accredited Secure Cloud Infrastructure as a Service (IL3) Robust, secure, scalable Cloud computing and consumption-based

More information

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved.

UNCLASSIFIED CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION. Version 1.0. Crown Copyright 2012 All Rights Reserved. CESG ASSURED SERVICE CAS SERVICE REQUIREMENT DESTRUCTION Version 1.0 Crown Copyright 2012 All Rights Reserved Page 1 Document History Version Date Description 0.1 June 2012 Initial Draft Version 1.0 July

More information

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS

G-Cloud Service Definition Canopy Big Data proof of concept Service SCS G-Cloud Service Definition Canopy Big Data proof of concept Service SCS Canopy Big Data proof of concept Service SCS Canopy Big Data Proof of Concept (PoC) Service is a consulting service that helps the

More information

28400 POLICY IT SECURITY MANAGEMENT

28400 POLICY IT SECURITY MANAGEMENT Version: 2.2 Last Updated: 30/01/14 Review Date: 27/01/17 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. The objective of this policy is to provide direction and support for IT

More information

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS

CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS CESG CIR SCHEME AND CREST CSIR SCHEME FREQUENTLY ASKED QUESTIONS QUESTION General What is the Cyber Security Incident Response (CSIR) Scheme? What is the Cyber Incident Response (CIR) scheme? Why have

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

The trusted technology partner in the Public Sector

The trusted technology partner in the Public Sector The trusted technology partner in the Public Sector www.exponential-e.com/public-sector About Exponential-e Market Leaders in Technical Innovation GovConnect: The Exponential-e public sector service portfolio

More information

G-Cloud IV Services Service Definition Accenture Cloud Security Services

G-Cloud IV Services Service Definition Accenture Cloud Security Services G-Cloud IV Services Service Definition Accenture Cloud Security Services 1 Table of contents 1. Scope of our services... 3 2. Approach... 3 3. Assets and tools... 4 4. Capabilities... 5 5. Expected Outcomes...

More information

NOT PROTECTIVELY MARKED

NOT PROTECTIVELY MARKED Information Management Strategy SPSA 0062 Version V3 23 rd June 2011 Review Date June 2012 Owner Senior Information Risk Owner Copyright SCDEA 2010. All rights reserved. NOT PROTECTIVELY MARKED This document

More information

G-Cloud or PSN Service Descripton and Commitment for Security Accreditaton

G-Cloud or PSN Service Descripton and Commitment for Security Accreditaton G-Cloud or PSN Service Descripton and Commitment for Security Accreditaton This form is intended for Suppliers of PSN or G-Cloud services to complete. Upon receipt, the G-Cloud or PSN Programme will check

More information

EU F-Gas Regulation Guidance Information Sheet 15: Fire Protection System Contractors

EU F-Gas Regulation Guidance Information Sheet 15: Fire Protection System Contractors Information Sheet 15: Fire Protection System Contractors Target audience for this Information Sheet This Information Sheet is aimed at contractors that carry out installation, maintenance and decommissioning

More information

Integrated Management System Implementation (ISO27001/ISO9001/ISO14001)

Integrated Management System Implementation (ISO27001/ISO9001/ISO14001) Service Overview Governance is key to any organisation or Government department wishing to establish a proven and repeatable business formula. How organisations deliver that governance may vary considerably.

More information

How to develop and maintain an OHSAS 180001 Health & Safety Management System faster, better, and smarter

How to develop and maintain an OHSAS 180001 Health & Safety Management System faster, better, and smarter Qudos Management Pty. Ltd. Quality Health & Safety Environmental management 320 Adelaide Street, Brisbane, QLD 4000 Tel: +61 (07) 3010 9259 3 Spring Street, Sydney, NSW 2000 Tel: +61 (02) 8249 4670 Email:

More information

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015

Information Governance in Dental Practices. Summary of findings from ICO reviews. September 2015 Information Governance in Dental Practices Summary of findings from ICO reviews September 2015 Executive summary The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that

More information

Data Protection Act. Conducting privacy impact assessments code of practice

Data Protection Act. Conducting privacy impact assessments code of practice Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3

More information