Why?
The Cabinet Office is forging ahead with the roll out of the Public Services Network (PSN). Information Assurance is vital to ensure the security of the network and trust amongst users.
If you are delivering a component of the PSN and you don’t have IA capability or previous PSN experience, you are running a risk that your solution may not pass muster when it is assessed by the external CAS(T) assessors or accreditation by the Pan Government Accreditor – the two requirements before your service can go ‘live’.
What?
Ascentor has a wealth of experience of the IA process for the PSN components and its predecessor the GSi. We recently acted as the independent verifier for a large systems integrator who built the first Direct Network Service Provider (DNSP) to achieve successful CESG certification (CAS(T)). We are now moving towards final accredition for the system.
Our independent assessors can work as part of the security team for your PSN project to de-risk the process. We have in depth knowledge and experience of accreditation and technical security, making your project more predictable and increase the likelihood of success, first time.
Ascentor can support your PSN project in two ways:
- As an independent verifier: There is now an endorsed accreditation process which includes an independent verifier to work with the supplier, arbitrating on security-related decisions until a Pan Government Accreditor (PGA) makes the final call. Funded by the project, an Ascentor independent verifier takes on a quasi-accreditor role to help the PGA.
- Technical Security Advisor (Security Lead): This is similar to our standard Security Lead offering for Government delivery projects. If you don’t have an in-house security team or experience of meeting Central government IA standards, we can work with you in the development of a PSN compliant solution. Use our knowledge and experience to de-risk your project.
How?
Ascentor works exclusively in a project-based environment from either a client location or from our own office space. We have many years of experience in managing the delivery of security related activities and the associated documentary products. In particular we will:
- Identify the scope
- Understand the Business Aims & Business Context
- Gain a thorough understanding of the proposed solution
- Produce the IA work package or plan identifying product activities and a time frame with milestones
- Identify, agree and document the operational information risks to the proposed system
- Identify, agree and document the operational controls to mitigate the risk
- Work with designers to implement technical controls
- Ensure stakeholder agreement throughout the project – Supplier, End user, In-service management, Accreditor etc
- Document the CAS(T) Security Target
- Act as your Security PoC for the CAS(T) evaluation
- Throughout the process, we iteratively document the risk management solution in the RMADS
Next Steps
Please contact Dave James to arrange an informal discussion with one of our Principal IA Consultants and resident expert in all things PSN.
Telephone: 01452 881712 or 07787 506889
Email: dave.james@ascentor.
