“Ascentor very quickly understood the nature of our business and helped provide practical and pragmatic approaches to enable us to logically demonstrate our alignment to multiple domestic and international Information Security standards and requirements. Ascentor has proficiently advised us and served as trusted and reliable experts, helping to assure us of our effective security strategy and roadmap supporting Seebyte UK to achieve its business goals.”
Stuart Genet, Chief Operating Officer, SeeByte UK
The challenge
SeeByte UK provides clients in the military and oil and gas sectors around the world with the most advanced autonomous software to enhance the capabilities of their underwater sensors, vehicles and systems.
Based in the UK, the company needed to more simply demonstrate its existing alignment to a range of cyber and information security standards including National Institute of Standards and Technology (NIST), Organisation Conjointe de Coopération en matière d’Armement (OCCAR), Cyber Security Model (CSM), Ministry of Defence (MOD) accreditation and facility security clearance.
SeeByte UK engaged Ascentor to provide independent guidance to form a centralised approach to security that ensured operational efficiency while satisfying customer expectations in meeting multiple standards.
The solution
SeeByte UK and Ascentor worked together to develop a strategy to simplify and demonstrate its existing alignment with complex and varied cyber security and information assurance requirements.
The process began with a gap analysis to assess SeeByte UK’s physical security, cyber security and current information assurance arrangements against the required international security standards. The gap analysis concluded with recommendations, estimated costs and a suggested action plan built on risk-based, pragmatic, appropriate and cost-effective (PACE) principles.
The agreed approach was for SeeByte UK to align with ISO 27001 and map the applicable controls to the other standards expected by SeeByte UK’s clients. This enables SeeByte UK to focus its efforts on a single and widely recognised security standard while demonstrating adherence across multiple international standards. Ascentor supported SeeByte UK by mapping controls and assisting with the development of SeeByte UK’s ISO 27001 aligned Information Security Management System (ISMS).
Concurrently, Ascentor assisted SeeByte UK in undertaking tactical and technical activities to support the overarching strategic security initiative. These included:
- Reviewing and updating existing information security policies.
- Formalising technical information security risk assessments.
- Assessing and certifying SeeByte UK against the Cyber Essential Plus certification.
- Jointly designing, building and configuring a new IT system capable of meeting future requirements.
The result
With Ascentor’s experience and hands-on support, SeeByte UK saved considerable time and effort. Based on Ascentor’s advice and guidance, SeeByte UK was able to make informed decisions about the most pragmatic approach to take.
SeeByte UK’s strong security culture and proactive risk-based approach to security goes beyond simple compliance. SeeByte UK’s domestic and international clients can be assured that it can be trusted to risk manage, protect, handle, process and store sensitive information as required by relevant standards. Prime contractors and partners can also have confidence that SeeByte UK is a secure, trusted and resilient supply chain organisation.