The CCP (CESG Certified Professional) Scheme is the UK Government’s approved standard of competence for cyber security and information assurance (IA) professionals. It provides an independent assessment and verification process for those working in the industry.
Ascentor’s consultants include CCP Accreditors, Senior Information Risk Officers (SIROs) and Information Assurance (IA) Architects. With backgrounds in high security government environments, they have first-hand experience of the implications and impact of inadequate information security. Their skills and knowledge can help bring a real understanding of your information risks and how to mitigate them in the most efficient way with suitable controls.
If you are delivering a technology-based system holding sensitive government information or a business focussed cyber risk management system (such as an Information Security Management System (ISMS)), you will almost certainly be required to ensure the system meets government IA standards. If you don’t address this up-front, the project can suffer delays and cost over-runs further down the road, reducing profitability and productivity and potentially damaging reputations too.
To achieve compliance with the required standards, you may need to boost your resources because you have a shortage of skill, experience or bandwidth on your team. Or you may want an expert third party to bring a fresh, independent perspective to your project.
Our consultants work at any stage of your project from bid through to design and implementation and, if IA has been overlooked, at project end. We will typically work as part of your team and our primary aim is to de-risk delivery from an IA perspective to give you more certainty of the outcome.
The IA service we provide differs between projects. In the early stages, we can help identify the scope and context. Then we identify the risks arising from the system architecture and designs and determine appropriate technical and non-technical controls.
We can support the implementation of the agreed controls and set up assurance processes to review the effectiveness of the controls and manage residual risks on an ongoing basis.