Cyphra provided professional services expertise to a UK public sector organisation to review and update their security risk management documentation for key line-of-business systems.

Challenge:

This UK Public Sector organisation had a requirement to conduct a review of the security risk management documentation for a number of key line-of-business systems in preparation for their Accreditation. They required an independent NCSC Certified Cybersecurity Professional (Security & Information Risk Advisor) to perform the risk assessments and documentation reviews required to support this re-accreditation process.

Solution:

Cyphra was appointed to deliver this project and provided a suitably certified consultant to deliver this task. A project plan was agreed with the customer and their Accreditor to define the timelines and priorities. For each line-of-business system, the risk documentation needed to be updated to reflect changes in the system environments since the previous review. The Cyphra consultant conducted the following for each of the systems;

  • Reviewed changes to the system since the previous review, working with the client and any third parties.
  • Updated the risk management documentation to reflect any changes and to ensure it was in line with current NCSC guidance.
  • Performed technical risk assessments and documented the results.
  • Reviewed and updated the system risk register.
  • Update the system risk treatment plan.
  • Reviewed the security operating procedures relating to the system.
  • Provided a summary risk management overview.
  • Presented the documentation to the Accreditor.

Outcome:

All the line-of-business systems were successfully re-accredited by the Departmental accreditor.  Cyphra received direct positive feedback from the Accreditor for the quality of the documentation provided.

Secure your business

Let’s discuss how we can help you.