We live at a time where the potential threat posed to our information systems has never been greater. We must protect our valuable information and associated assets in a proportionate and pragmatic manner. And, when it comes to Government data, the need to protect business assets is paramount.

Any system processing HMG Government information must receive formal HMG Security Accreditation, aligned to current HMG Standards and guidance. Accreditation is the gold standard by which information processing systems must be measured. A formally accredited system is a trusted system – a system recognised as one capable of securely handling and processing Government information in accordance with business needs and requirements.

As a long established CLAS consultancy, we have acquired many years’ information security experience. Via an array of high profile third party commercial and HMG contracts, we have demonstrated our strength in providing information assurance advice and consultancy services. We have, at all times, worked within the umbrella of the Security Policy Framework. A passion for information protection is our mantra.

Our CLAS consultancy is proud to present the following services:

Provision of advice regarding the HMG Accreditation process (which aligns to HMG Information Assurance Standards 1 and 2). Additionally, we also: collect relevant and pertinent information; produce relevant and proportionate documentation; and provide explicit advice to organisations on how they can secure HMG Accreditation.

• Provision of Technical Threat Assessments, which align current HMG guidance and intelligence.
• Provision of advice regarding System Decommissioning, which aligns to the requirements set down within Information Assurance Standard No.5.
• Execution of Security Policy Framework Compliance Reviews.
• Provision of guidance with regard to Secure Cloud Computing.
• Provision of guidance with regard to Off-Shore Suppliers and Data Handling.
• Provision of guidance with regard the Secure Use of Open Source Software.
• Provision of guidance with regard to CAPS / CPA / Common Criteria Product Evaluation.
• Execution and analysis of Security Architecture reviews, which aligns to CESG guidance and notices.
• Ensure Technical Risk Assessments align to HMG Information Assurance Standards 1 and 2.
• Execution of ISO/IEC 27001 related activities to assure compliance and/or certification (forming a good basis for implementation of HMG’s Baseline Countermeasure Set).
• Provision of guidance with regard to data handling requirements as per the Data Handling Review.
• Provision of guidance with regard to the production of Privacy Impact Assessments.
• Interpret and implement all current CESG Good Practice Guides.
• Ensure compliance with a wide variety of Codes of Connection, including PSN, GSi, GSE, GCSX, xGSi, and GCN.

The Agile Approach

Agile methodologies cannot be ignored. Indeed, Agile’s methods are rapidly becoming HMG’s defacto standards.  Agile is now considered integral to system development within both the public and private sectors.

The CLAS consultants working at Knox Cyber Security are Certified Scrum Masters and are members of the Scrum Alliance. We have pioneered a pragmatic and holistic approach to HMG Accreditation by leveraging Agile methodologies. The end result of our strategy is a fully integrated risk managed approach to HMG accreditation, which encompasses the full lifecycle from system development to decommissioning and every stage in-between.

Our approach to the accreditation process is totally transparent. The integrated Agile approach to security pioneered by Knox Cyber Security actively encourages the development of a ‘living’ RMADS, which reflects each stage of a system’s development lifecycle. This dynamic approach facilitates the production of an objective and proportionate RMADS that accurately portrays the security posture and risk profile of the target business system.