Identifying information risks and protecting your information should not simply be a question of conformance to policy; it is good business practice. The earlier you analyse your requirements, the better, so you can embed them in the specification and lay the foundation for a robust approach to securing your information.
Once the specification contains information security requirements, if you are outsourcing the design and build, you can give them focus and weight during the procurement phase. You may decide to include scored questions in your Invitation to Tender (ITT) about supplier approaches to information security on projects and within their business. During project implementation, you will need an information security point of contact to provide assurance that what has been requested is delivered.
Wherever you are in your project lifecycle, you will need specialist skills and experience to advise and guide you on how to implement appropriate information security – either in your team or from outside specialists.
Boosting the importance of information security – and cyber security in particular – makes sense in a time when risks are increasing. You need to reassure customers and citizens that you have taken strong measures to look after sensitive information.
Building information security into the heart of your projects from the beginning will increase your resilience and reduce your vulnerability. You will keep your suppliers on their toes and get the optimum performance from them.
You may also save money.
Just as with Total Quality Management and structured software engineering, defects found early in the process are easier and quicker, and therefore cheaper, to fix than those found later.
Ascentor can provide Security Assurance Coordinators (SACs) and security architects to join your team. Our CESG Certified Professional (CCP) consultants have worked on complex and highly sensitive defence, security and government projects, so have the necessary skills and experience.
As security advisors to your project, using classic waterfall or agile project methodologies, we will work with you to develop a coherent and cost-effective set of security requirements or outcomes for inclusion in the ITT, so the prime contractors can develop a costed security solution in their proposals. We can support you in assessing the tender responses.
After contract award, our consultants can continue to work with you on the technical security solution and to manage accreditation and the formal security deliverables.