Red Island Consulting

Similar documents
A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

How to gain accreditation for a G-Cloud Service

SCC Information Assurance Practice, CLAS Consulting, Check Testing and Accreditation Services

UK Government IA Recent Changes and Update

How To Secure Cloud Compute At Eduserv

Thales Service Definition for PSN Secure Gateway Service for Cloud Services

IT Heath Check Scoping guidance ALPHA DRAFT

ICT and Information Security Resources

ediscovery G-Cloud V Service Definition Lot 4 SCS Contact us: Danielle Pratt Tel: G-Cloud@esynergy-solutions.co.

GPG13 Protective Monitoring. Service Definition

UK Permanent Salary Index

Embrace the G-Cloud. Ultra Secure Colocation Services for the Public Sector. thebunker.net Phone: Fax:

PSN Protective Monitoring. Service Definition

Achieve ISO Certification

Protecting Malaysia in the Connected world

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

Choosing Ascentor as your cyber security partner. Secure your information Strengthen your business

Management Systems Consultancy & Support Specialists

Overview. Service Description: BCP & DR Strategy (L6)

Smart Security. Smart Compliance.

National Approach to Information Assurance

SCOTTISH CENSUS INDEPENDENT SECURITY REVIEW REPORT

Protecting Your Customers' Card Data. Presented By: Oliver Pinson-Roxburgh

esourcing MANAGED SERVICE CUSTOMER NOTICE Security Accreditation

Information Security ISO Standards. Feb 11, Glen Bruce Director, Enterprise Risk Security & Privacy

North East Regional Bias Against Information Security Threat

Vendor Management Panel Discussion. Managing 3 rd Party Risk

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR

Frequency Asked Questions Information Security Management System (ISMS) Standards Version 3.0 May 2005

Information governance strategy

February 2015 Issue No: 5.2. CESG Certification for IA Professionals

Security Risk Management Strategy in a Mobile and Consumerised World

Integrated Management System Software

ISO standards are not just for the large enterprises, they are of benefit to start-ups, micro businesses, SMEs and large undertakings alike.

PCI DSS Overview. By Kishor Vaswani CEO, ControlCase

CCTM IA CLAIMS DOCUMENT (ICD) Data Eliminate Ltd

Payment Card Industry Standard - Symantec Services

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

April 2015 Issue No:1.0. Application Guidance - CCP Security and Information Risk Advisor Role, Practitioner Level

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Name: Lynda Cooper Date: November 24th. Revising ISO/IEC to fit the future of service management

G-Cloud Service Definition. Atos Security Professional Services SCS

Security Overview. A guide to data security at AIMES Data Centres. TEL: enquiries@aimes.

Managing Supply Chain Impacts

IT Security Testing Services

Compliance Security Continuity

Our consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.

Third Party Supplier Security

Internal Audit Activity Update

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 1.0, Issue Date: 05/02/201405/02/2014. Classification: Open

Property of CampusGuard. Compliance With The PCI DSS

Third-Party Access and Management Policy

Let s talk information security.

How To Write A Scoping Statement For A Cloud Security Alliance

Cyber Essentials Scheme

INFORMATION SECURITY MANAGEMENT SYSTEMS QUOTE REQUEST FORM

SaaS IMPLEMENTATION BUSINESS CASE DEVELOPMENT SUPPORTING INFORMATION. VERSION 0 4 February 2014

Enforcement Operations. Module Db. Technical Solution

Data Centre excellence, consummate security and exemplary connectivity.

PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution

Payment Card Industry Data Security Standard

Infrastructure Services

Career Survey. 1. In which country are you based? 2. What is your job title? 3. Travel budget. 1 of 28. Response Count. answered question 88

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

SBL Integration, Capabilities, and Enablement in Defence

Understanding OHSAS 18001:1999 and ANSI Z-10

Paul Vlissidis Group Technical Director NCC Group plc

Information System Audit Guide

WHITE PAPER. How to simplify and control the cardholder security environment

ISO/IEC 27001:2013 webinar

A Flexible and Comprehensive Approach to a Cloud Compliance Program

PCI Compliance at The University of South Carolina. Failure is not an option. Rick Lambert PMP University of South Carolina

Supplier Information Assurance Assessment Framework and Guidance UNCLASSIFIED

Projects undertaken in current role. Governance Lead/CISO for international Geospatial Solution

NATIONAL RECORDS OF SCOTLAND preserving the past; recording the present; informing the future Census

IT Support for London

Client information note Assessment process Management systems service outline

An Introduction to the Information Security Program Model (ISPM)

G-CLOUD SPECIALIST CLOUD SERVICES

Request for Proposal For: PCD-DSS Level 1 Service Provider St. Andrew's Parish Parks & Playground Commission Bid Deadline: August 17, 2015 at 12 Noon

3rd Party Assurance & Information Governance outlook IIA Ireland Annual Conference Straightforward Security and Compliance

Quality Management Standard BS EN ISO 9001:

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT TELECOMMUNICATIONS

white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY

METANET and Interoute Zurich Data Centre Corporate Security & Risk Group Version 1.0 ; 4 April

PCI DSS 3.0 and You Are You Ready?

Information Security, Privacy and Compliance Convergence

How To Implement An Information Security Management System

IA Assessor Panel APMG IA ASSESSORS PANEL

PCI DSS Certification. Fast and easy security compliance

Guide to Penetration Testing

Procurement Policy Note Use of Cyber Essentials Scheme certification

Government Security Classifications FAQ Sheet 2: Managing Information Risk at OFFICIAL. v2.0 March 2014

Career Analysis into Cyber Security: New & Evolving Occupations

Key USP s. Multiple PCI level GRC tool

INFORMATION ASSURANCE

Specialist Cloud Services. Acumin Cloud Security Resourcing

Transcription:

Red Island Consulting SECURITY ACCREDITATION FOR THE PSN Dave Duke Head of Business Development Red Island Consulting 9/17/2013 8:45:39 AM. AM 1

Agenda 1. A bit about Red Island Consulting 2. PSN Accreditation First Steps 3. PSN Accreditation Impact Levels 4. PSN Accreditation IL2 5. ISO27001 Certification Process 6. IL2 and IL3 Accreditation process 7. PSN Accreditation Things to Consider 9/17/2013 8:45:39 AM. 2

Who are we? Enterprise Risk Management, Compliance and Governance Services Management System & Technology Specialists 3 rd Party Information Assurance and Risk Management Off-site Analysis On-site Audit Global Information Security / ISO27001 Specialists 28% of all UK ISO27001 certs HMG / CLAS / NHS N3 / GPG Numerous telco s and ISPs PCI DSS QSA Since 2008 Sole QSA to BT, EE, o2 De-Scoping and Process Experts BCP / ISO22301 (BS25999) Global Business Continuity Specialist -1 st Major Middle East Energy Co to UKAS certification Bespoke Training Industry Leading E- Learning On-site training Experienced Consultants Only Experienced Consultants Technical people turned Consultants Business focused Client Sizes 7 26,000 9/17/2013 8:45:39 AM. 3

PSN Accreditation First Steps PSN = Public Services Network Intended to unify the provision of network infrastructure across the public sector into an interconnected "network of networks Designed to enable you to get accredited once and then enable you to continue to deal with the public sector. Designed to make it easier for SMEs to do business with public sector. (e.g. You become certified once rather than by contract) To initiate accreditation suppliers need to formally apply through the government procurement process so you ll need a sponsor. 9/17/2013 8:45:39 AM. 4

PSN Accreditation First Steps Network Diagrams PSN Code IT Health Check Assurance 9/17/2013 8:45:39 AM. 5

PSN Accreditation Impact Levels (IL) IL2 Protect IL3 Restricted 9/17/2013 8:45:39 AM. 6

PSN Accreditation IL2 ISO27001 process Asset Identification Business Impact Analysis Risk Assessment Risk Treatment Plan Documentation Implementation On-going Monitoring 9/17/2013 8:45:39 AM. 7

ISO27001 Certification Process Certification involves 2 audits Stage 1 Review Asset ID, BIA and RA Methodology Review RTP Review Roles & Responsibilities Review ISMS Maturity Stage 2 Evidence of Implementation & Awareness Certificate is valid for 3 years, subject to regular surveillance audits 9/17/2013 8:45:39 AM. 8

PSN Accreditation IL3 Greater protection and segregation Reviewed by CLAS Airgap RMADS 9/17/2013 8:45:39 AM. 9

IL2 & IL3 Evidence Sets RMADS Lightweight RMADS required for BIL2 / Full RMADS required for IL3 Residual Risk Statement Risk Register Security Operating Procedures (relevant to the consumer and/or supplier) Other Security Related documentation such as IA conditions consumers are expected to meet Statement on personal data and a completed DPA questionnaire Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services Required for both IL2 and IL3 systems/services ITHC (scope and results) and other evidence of assurance (e.g. CPA certificate) Required for both IL2 and IL3 systems/services, though the extent will be less for the IL2 systems/services. ISO/IEC 27001 Certificate, report & improvement notice Required for IL2systems/services 9/17/2013 8:45:39 AM. 10

PSN Accreditation Things to consider Functional description of Services Required (No marketing info!) Is my assurance evidence sufficient for accreditation? IS1 technical risk assessment Mapping between system components and ISO 27001 certifications (for IL2) 9/17/2013 8:45:39 AM. 11

PSN Accreditation Help? Who can I use to provide independent assurance? ISO27001 certification consultants CLAS consultants ISO27001 certification bodies CHECK testers 9/17/2013 8:45:39 AM. 12

Activities Phase 1 Phase 2 Phase 3 Phase 4 Gap Analysis Implement Controls PSN Application Accreditation Client brief on services to be accredited and confirm future PSN scope Agree phase 1 objectives with client Review & assess current documentation against scope Document Gaps against ISO/IEC27001:2005 and CESG GPG 32 (Telecoms Audit Standards) SAPMA Physical Security assessment of all sites 1 day per site Risk Treatment Plan Management summary report Agree next stage objectives with Client Scope and deliver Accreditation Plan based on phase 1 post objectives Update Design documents Document new controls into documentation Update Procedure documents Procedure planning / scheduling PSN Application planning Populate PSN CoCo and Annex B Approve initial PSN application (CoCo (spreadsheet) and Annex B (word document)) with Client Agree next stage objectives with Client Submit PSN Application to PSNA Respond to PSNA requests for change Develop resulting RMADS to support approved application CHECK Penetration Testing, (Scope, test, resolve risks) Update RMADS CLAS consultant to review and approve RMADS prior to formal submission to CESG Submit RMADS to CESG Update RMADS based on CESG comments Agree next stage objectives with Client Accreditation achieved Implement audit strategy to maintain accreditation Implement annual reaccreditation activities as business as usual Submit annual accreditation self assessment Review all changes either client or 3 rd Parties for impact to accreditation 9/17/2013 8:45:39 AM. 13

A date for your diaries! Find out more about Security Accreditation for PSN Friday 20 th September 9.00am to 12.30pm HMS Belfast, London 9/17/2013 8:45:39 AM. 14

Red Island Consulting Thank you! Dave Duke Head of Business Development Red Island Consulting M: 07818 064130 9/17/2013 8:45:39 8:45:41 AM. AM 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information