You will need List N status if you handle Sensitive Nuclear Information (SNI) within the civil nuclear industry supply chain.
To be part of a civil nuclear supply chain, you must demonstrate compliance with a series of measures and be awarded List N status for the relevant part(s) of your business.
Ascentor ’s Gap Analysis can steer you through what is needed to become List N certified.
List N is a facilities security clearance for companies within the civil nuclear industry supply chain that handle Sensitive Nuclear Information (SNI). Such companies must protect the information in accordance with Regulation 22 of the Nuclear Industries Security Regulations (NISR) 2003.
Although ONR recommends you have one, you won’t always need a formal Security Plan, but you will need an appropriate information security governance programme. It should be aligned with the Government Functional Standard (GovS 007) by evidencing arrangements against five of the ten Fundamental Security Principles within the Office of Nuclear Regulation’s (ONR) guidance publication “Security Assessment Principles for the Civil Nuclear Industry”.
GovS 007 details outcomes that are required to achieve a proportionate and risk-managed approach to security. The ONR principles cover leadership and management for security; organisational culture; competence management; cyber security and Information Assurance; and workforce trustworthiness.
We’ve covered List N in more depth in two blog articles:
List N Explained and How to prepare your company for achieving List N.
To be part of a civil nuclear supply chain, you must demonstrate compliance to a series of measures and be awarded List N status for the relevant part(s) of your business.
Assessing that your information protection measures are appropriate is the responsibility of the relevant licensed operator to whom you are contracted. The ONR may also choose to conduct an inspection to assess your arrangements for the security of SNI.
As with all compliance initiatives, companies fear the time and effort involved, but business challenges often come with a silver lining. By fulfilling your industry obligations, you will also better protect your business by reducing the risks from the ever-increasing threat of harmful cyber attack.
Ascentor can steer you through what is needed to achieve List N status. We start with our tried and tested Gap Analysis, a four-step process that will arm you with the knowledge to make business decisions regarding improvements and related resources.
On completion of an Ascentor Gap Analysis, you will understand where you are today, what needs to be done and an outline plan of how to achieve it. We can then support identified remediation activities and provide ongoing support to maintain your status and continually improve your cyber security posture in accordance with your business objectives.
Why not read how Ascentor helped the Office for Nuclear Regulation (ONR) develop a risk-based assessment methodology for CS&IA inspections of List N facilities.
We leverage years of experience in cyber security to deliver comprehensive solutions tailored to your needs.
We're certified in ISO 9001:2015, Cyber Essentials Plus, IASME Gold and are a Crown Commercial Service Supplier.
NCSC (CESG) Certified Professionals CCP and Certified Information System Security Professional CISSP certified.
We're Certified Information Security Managers (CISM).
We're members of the Chartered Institute of Information Security (CIISec). CREST and Cyber Scheme Registered Pentesters.
We stay ahead of the curve, consistently updating our services to handle the rapidly evolving landscape of cyber threats.
We work closely with clients, fostering partnerships to better understand and address your cyber security needs.
We offer pragmatic, accessible solutions that balance security needs with the realities of your operational requirements.
