All too often, cyber and information security are paid lip service or tacked on as an afterthought. In major public projects, especially ones that involve sensitive information, this is just not acceptable. Information Assurance (IA) must be built in from the start and must be maintained all the way through.
Specification Phase: if you are involved in defining requirements and writing specifications, you will need to identify information risks, so you can protect the information that will be handled in the new system. This is not simply a question of conformance to policy; it is good business practice.
Procurement Phase: if you are given a specification that contains IA requirements, you will need to give them focus and weight during the procurement phase. You want to avoid suppliers who will ignore or trade-off IA in favour of lower cost or take a “we’ll worry about it later if we win” attitude.
Tender Phase: buyers may be looking for you treat IA seriously and you may find that IA in formal procurement documentation is no longer implicit, hidden or missing. You will need to demonstrate a robust approach to IA not only to comply, but to put you in a strong position.
Delivery Phase: once you are awarded a contract and you start the project, you will need to deliver on your promise rather than go back to the drawing board.
IA Inside is a full lifecycle approach to building IA into the heart of your projects – it helps public sector buyers and suppliers make IA holistic, integrated and effective. IA Inside supports government initiatives to make systems Secure by Design.
Our consultants are IA experts and can work with you through any or all phases acting as Subject Matter Experts.
Specification Phase: we can help you to analyse and capture IA requirements, so you can embed them in the specification and lay the foundation for a robust approach to securing your information.
Procurement Phase: We can advise you how to shape your procurement documentation to include and assess IA. This can involve highlighting IA by setting scored questions seeking both the supplier’s IA approach to the project and the supplier’s corporate IA credentials.
Tender Phase: As IA increases in importance and starts to feature explicitly in procurement documentation, we can support you by writing compelling IA tender responses, and we can perform a gap analysis on your corporate IA capability or project IA approach.
Delivery Phase: We can guide your IA delivery, or even be your IA delivery partner if you don’t have the in-house skills or resources.
Building IA into the heart of your projects will save you money and reduce risk. Remember the principles of Total Quality Management and structured software engineering? Defects found early in the process are easier and quicker to fix, and therefore cheaper to fix, than those found later. It makes perfect sense, so why not do the same for IA?
IA superiority is starting to count. Having robust IA from both a business and project perspective should enable you to build competitive advantage. You may also save money as you will enter the delivery phase with IA well-defined and budgeted, so there will be no risk of you having to add functionality from your contingency fund.
“In over a decade of working with public sector buyers and suppliers, we have rarely seen a joined up approach to IA. At best it’s fragmented, at worst it’s missing altogether. Bolting IA on at the end just isn’t viable so we’ve come up with the IA Inside concept to help all the actors on the IA stage.”
Dave James, MD of Ascentor