METHODS
consulting
Helping you to plan, meet and audit
Information Assurance compliance
UK government relies heavily on information
systems to supply services to, and on behalf
of, its citizens.
It is the duty and responsibility of government
bodies to ensure that the systems
underpinning key public services are as
secure and reliable as possible.
Symantec and Methods Consulting
Working in partnership, our market leading solutions, expert
knowledge and deep industry insight help organisations to
cost-effectively achieve, maintain and report on Information
Assurance.
What is Information Assurance?
• It is ensuring the security and resilience of all of your
information systems.
• It is ensuring the integrity and availability of all of your
information.
Why is it so important?
• Your information systems are under constant risk from
being attacked or compromised by both external and
internal sources – either deliberately or accidentally.
• The Cabinet Office now requires each central government
department to appoint a senior “information risk owner”.
• Information Assurance establishes a proactive approach
in understanding and protecting information assets and
investments and in improving efficiency and processes.
Why do we need an IA audit?
• All departments are now required to complete an IA audit
and to submit it to The Cabinet Office on a regular basis
• You also now have a requirement to comply with specific
standards for Information Assurance i.e. ISO/IEC 17799
for all information systems.
• Every year the Central Sponsor for Information
Assurance (CSIA) reports directly to the Prime Minister
on departmental compliance/non-compliance with
ISO/IEC 17799.
This is a problem for the IT department isn t it?
No, the Cabinet Office requires that central government
departments appoint a senior information risk owner, at
board level, to take responsibility for ensuring that the
information security policies, tools and procedures
throughout their department are defined and managed
appropriately. Consequently responsibility for and
involvement in IA compliance reaches far wider than IT.
How can Symantec and Methods Consulting help
with an IA audit?
We understand the public sector - Symantec and
Methods Consulting have extremely strong track records
and experience in helping government and private sector
organisations to design, build and protect their
infrastructures and information.
Helping you plan, meet and audit Information Assurance compliance
What actually needs to be reviewed?
Information Assurance compliance encompasses the
processes, people and systems that interact with (and in)
your department.
Report
What is your approach?
Our expert consultants follow a proven methodology for
defining and classifying Information Assurance within your
department:
Release
Engage
“We are required to produce an annual report indicating
the status of Information Assurance in government
departments for the Prime Minister and senior
officials”. Central Sponsor for Information Assurance November 2005.
We will help you to identify the specific focus for analysis
and production of your audit. This may comprise a
number of business and technical areas in your
department including:
• Information systems (e.g. operating systems,
databases, applications, integration methods).
• Networks (e.g. access control, security, firewalls).
• People ( e.g. security access, user awareness and
training).
• Processes (e.g incident management, change
management, monitoring and reporting).
• Planning (e.g. security management plans, business
continuity and disaster recovery).
Reports are provided to the department indicating
compliance levels to IA policy and best practice as well as
any systems “health check” results.
Upon review with key stakeholders in the department we
will provide an Information Assurance audit report for
submission to Cabinet Office.
Discover
Key information is gathered in consultation and from
workshops with assigned departmental staff and
stakeholders.
Assess
Information is analysed and collated to produce
indications of awareness and compliance within the
department and may, if required include a systems
“healthcheck” analysis.
Methods Consulting is a UK top 20 Business and IS consultancy that provides a full range of high quality, value for money consultancy and
managed services, primarily to the public sector.
Symantec has 20+ years experience protecting public and private sector organisations from threats, system failures, user errors, and
disaster - protecting more people and more governments from online threats than any other company worldwide.
One of our Information Assurance experts will contact you shortly to arrange a preliminary discussion. In the meantime, should you require
further information please contact:
David McKenna ([email protected]) at Symantec-LIRIC Ltd, The Stables, Jericho Farm, Cassington, Oxford OX29 4SZ
+44 (0)1865 880366 www.symantec.com/publicsector
Howard Moodycliffe ([email protected]) at Methods Consulting 125 Shaftesbury Avenue London WC2H 8AD
+44 (0) 20 7240 1121 www.methods.co.uk
Symantec and the Symantec logo are registered trademarks of Symantec Corporation. Methods Consulting and the Methods Consulting
logo are registered trademarks of Methods Consulting Ltd. Other brands and products are trademarks of their respective holder/s.
Copyright 2007 Symantec Corporation and Methods Consulting. All rights reserved. All information provided is subject to change without
notice. Errors and omissions excepted.