CLAS Consultancy is dead – long live the CCSC scheme?

Certified Cyber Security Consultancy







There is a new name in the information assurance (IA) consultancy world. It’s the Certified Cyber Security Consultancy (CCSC) scheme – launched in June 2015, and sponsored by CESG, with the first cohort of consultanciesrecently being announced.

What’s the objective of the new CCSC scheme?

CCSC has been developed to certify services provided by consultancies, rather than individual consultants. By introducing CCSC, CESG aims to establish the wider credentials of consultancy companies to deliver high-quality, tailored and expert cyber security advice.

In a similar objective to CLAS (CESG Listed Adviser Scheme), the new scheme has been designed to help government, the wider public sector and industry obtain the right cyber security consultancy services and by doing so help them protect their information and conduct business online safely.

Speaking at the launch of CCSC, Ciaran Martin, GCHQ’s Director General for Cyber Security said:

“The launch of this scheme is a big step forward for UK cyber security. There’s only so much an organisation like GCHQ can and should do directly. This new scheme will significantly enhance the pool of trusted cyber security advice available from private providers”. Ciaran Martin, GCHQ

Consultancies will be assessed and certified by CESG, as the Information Security Arm of GCHQ, and must meet CESG’s standards in order to achieve certification. The assessment tests that the company is of good standing, has practical experience and knowledge of the customer set and understands and maintains awareness of the cyber threat environment.

The first companies to achieveCESG cyber security certification

The first cohort of seven CESG Certified Cyber Security Consultancies was announced in mid-February 2016. Mainly SMEs, they will provide consultancy to government and industry under the Security Architecture, Risk Management and Risk Management service categories.

Our congratulations go to the successful applicants and we look forward to hearing of their continued success.

Why isn’t Ascentor listed yet?

We consistently keep abreast of new developments and participate in consultations to ensure our industry is professional and appropriately regulated. But we need to see real business benefit to our customers before signing up to a new scheme. Whilst CCSC continues to develop, we will be focusing our time and effort on delivering IA excellence to our clients.

Our approach is to confirm the real business risks, put them into context then design and implement the most appropriate controls to mitigate them. We are also busy sharing our IA Inside model and encouraging those involved in IA to think about it early in the project lifecycle rather than leaving it to the last minute. Rest assured, as and when CCSC is suitably mature and being requested by our customer base, we will take part.

For further information

If you have found this article of interest, the Ascentor blog regularly carries articles about cyber security and information assurance issues. You might also like to keep in touch with Ascentor by receiving our quarterly newsletter and following us on LinkedIn and Twitter.

If you’d like to discuss how ourconsultants could advise on any aspect of cyber security, please contact Dave James at Ascentor.

Email: [email protected]

Office: 01452 881712


Other posts you might like

Ten Top Tips for writing Information Risk Appetite Statements

What’s the Difference Between Cyber Security and Information Assurance (and does it matter?)

The Human Face of Information Risk Re-visited

You may also be interested in:

Work from home cyber security myths

Cyber security myths home workers fall for

Home workers are a growing gateway to your data and systems. If they believe any of these popular cyber security myths, your security is at serious risk.

Cyber security working from home

Managing good cyber security when working from home - what employers need to know

Home working carries increased security risks, but it doesn’t have to be open season for cyber criminals. These tips will help you put together a robust level of cyber security for your home based employees.

Cyber Essentials is changing - our overview

As the IASME Consortium takes over the management of the certification of Cyber Essentials (CE) Scheme, we look at what the changes will involve and why the scheme is still very much needed.