Introducing a new full lifecycle approach for suppliers and buyers
Information Assurance (IA) is now a well-established countermeasure to the growing cyber threat that all organisations and citizens face. The UK Government’s Cyber Security Strategy was, and still is, testament to the importance we should all afford the issue.
The fact that the Government will be insisting all its suppliers conform to the new Cyber Essentials Scheme (CES) from 1st October only adds fuel to the fire.
Schemes like CES and certification processes such as ISO27001 are a good start. In practice, however, IA isn’t always integral to our working practices and systems – often we pay lip service to it or add it as an afterthought. In major public projects, especially ones that involve sensitive information, this is just not acceptable. IA must be built in all the way through.
IA Inside from Ascentor will help buyers and suppliers do exactly that – making IA holistic, integrated and effective throughout the lifecycle.
“In over a decade of working with public sector buyers and suppliers, we have rarely seen a joined up approach to IA. At best it’s fragmented, at worst it’s missing altogether. Bolting IA on at the end just isn’t viable so we’ve come up with the IA Inside concept to help all the actors on the IA stage.”
Dave James, Managing Director of Ascentor
IA Inside for Buyers
Identifying information risks and protecting your information should not simply be a question of conformance to policy; it is good business practice. The earlier you analyse your requirements the better, so you can embed them in the specification and lay the foundation for a robust approach to securing your information.
Once the specification contains IA requirements, it’s important to give them focus and weight during the procurement phase. The Invitation to Tender (ITT) could highlight IA by setting scored questions seeking both the supplier’s IA approach to the project and the supplier’s corporate IA credentials.
Building IA into the heart of your projects will save you money and reduce risk. Remember the principles of Total Quality Management and structured software engineering? Defects found early in the process are easier and quicker to fix, and therefore cheaper to fix, than those found later. It makes perfect sense, so why not do the same for IA?
IA Inside for Suppliers
As IA increases in importance and starts to feature explicitly in ITTs, suppliers treating IA seriously will be in a stronger position. When IA is implicit, hidden or missing altogether, suppliers can often treat it as something to ignore or trade-off in favour of lower cost, taking a “we’ll worry about it later if we win” attitude. With IA Inside, this won’t work any longer.
By the time delivery commences on an IA Inside project, the IA elements will be built in to the approach. Suppliers will need to deliver on their promise rather than go back to the drawing board when IA is mentioned.
IA superiority is starting to count. Having robust IA from both a business and project perspective should enable you to build competitive advantage. You may also save money as you will enter the delivery phase with IA well-defined and budgeted, so there will be no risk of you having to add functionality from your contingency fund.
How can Ascentor help?
We understand how to build IA Inside. Our consultants can work with you through any or all phases acting as Subject Matter Experts.
For example, we can:
- Analyse and capture IA requirements in specifications
- Advise how to shape ITTs to include and assess IA
- Perform a gap analysis on your corporate IA capability or project IA approach
- Write compelling IA tender responses
- Guide your IA delivery, or even be your IA delivery partner if you don’t have the in-house skills or resources
For further information
If you have found this article of interest, the Ascentor blog regularly carries articles about cyber security and information assurance issues. You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.
If you’d like to discuss how ourconsultants could advise on any aspect of cyber security, please contact Dave Jamesat Ascentor.
Email: [email protected]
Office: 01452 881712
Other posts you might like: