Adopting an efficient information security supply side is critical for any government system that handles (uses, stores, processes and/or transmits) classified information. Before a system can go live, the appointed government certification must approve it.
For new systems, as the prime contractor running the project, you are probably responsible for information security, which means you need to determine a plan and resources. You may need to prepare an approach for your response to a customer’s Invitation to Tender, or at the start of the delivery phase.
If you have an in-house information security supply team, you can respond at any stage – pre- or post-contract award. If you don’t have an in-house team, or you need an extra level of skill or experience, or you want to bring an independent perspective to the project, you may prefer to work with a specialist third party.
As information security increases in importance, customers may make it an inherent part of the specification and evaluation process. So, having a robust approach from both a business and project perspective should enable you to build competitive advantage – it could make the difference between winning and losing a contract.
Where the customer hasn’t put focus on information security, it may be tempting to ignore or trade it off in favour of lower cost. However, treating it seriously early on can put you in a stronger position. As you enter the delivery phase, a well-defined and budgeted approach can save you money as there will be no risk of you having to fund resources from your contingency.
It’s also worth remembering that delayed or failed certification can lead to late payment of invoices and, potentially, contractual conflict – another reason to make sure you are well-prepared and resourced.
Ascentor brings information security supply resources and an independent perspective to your project. Our CESG Certified Professional (CCP) consultants have worked on complex and highly sensitive defence, security and government projects, so they have the necessary skills and experience.
As information security advisors to your project, we can help at the bid or delivery stage. You may be required to submit a Security Management Plan with your proposal; we can create this for you and help define the high-level security design. We can manage your certification activities during delivery and help you design and build a secure solution. This will include activities and deliverables such as an information assurance development plan; a threat and vulnerability assessment; a technical risk assessment; technical security requirements; technical security design or build; attendance at PDR and CDR; and the Security Aspects of the Design document.
We will work with your team, located on- and/or off-site as appropriate, using workshops and interviews to determine the requirements and optimum approach. We will deliver appropriate and timely certification documentation and architectures or designs in accordance with relevant policies and requirements (for example, JSP440 and JSP604 for MOD).
We leverage years of experience in cyber security to deliver comprehensive solutions tailored to your needs.
We're certified in ISO 9001:2015, Cyber Essentials Plus, IASME Gold and are a Crown Commercial Service Supplier.
NCSC (CESG) Certified Professionals CCP and Certified Information System Security Professional CISSP certified.
We're Certified Information Security Managers (CISM).
We're members of the Chartered Institute of Information Security (CIISec). CREST and Cyber Scheme Registered Pentesters.
We stay ahead of the curve, consistently updating our services to handle the rapidly evolving landscape of cyber threats.
We work closely with clients, fostering partnerships to better understand and address your cyber security needs.
We offer pragmatic, accessible solutions that balance security needs with the realities of your operational requirements.
