To ensure customer systems gain accreditation first time, our accreditation services include:
- Scoping accreditation work, including liaison with system accreditors to ensure accreditation
- Carrying out Technical Risk Assessment, using HMG Information Assurance Standards 1&2
- Supporting the Customer Information Asset Owner in determining and agreeing the Business Impact Levels (BIL) and risk appetite the business is willing to accept
- Carrying out a Threat Assessment based on our in depth understanding of the technical and non-technical vulnerabilities that can be exploited
- Determining and agreeing the risks with the customer and developing a risk treatment plan, including those aspects of any service that is to be outsourced Advise on an implementation approach and develop an assurance plan
- Produce a final security case, including identification of residual risks and mitigations to support informed risk management decisions. As part of our accreditation service we can also have a proven track record of converting legacy Accreditation Document Sets (ADS) to RMADS
Security Gap Analysis
Our Security Gap Analysis service can be conducted as part of your system accreditation process or separately. A Security Gap Analysis is designed to assist your organisation in meeting compliance with relevant regulations, guidelines and security best practice. All our Gap Analysis results will be summarised in a report, which will highlighted to management the areas that will need addressing.
Our Security Gap Analysis will cover:
- Review of the scope of accreditation and dependant services, including those aspects that are or will be outsourced
- Review current organisations policies and procedures
- Conduct the Gap analysis against relevant regulations, guidelines and best practice, including those related to outsourcing
- Produce a written report, which will identify the gaps and provide recommendations on remedial actions
Cloud Data Assurance
With the emergence of the cloud to store information, Thales recognises the importance of having good Information Assurance measures in place to protect the Confidentiality, Integrity and Availability of your information while it is outsourced onto a cloud service provider. Our Cyber Practitioners offer a deep technical knowledge of cloud services, their vulnerabilities that can support the design and implementation of your cloud security plans.