Client Requirement and Business Drivers
As a consequence of the Whitehall data handling review following the HMRC data loss, new mandatory data handling requirements were defined for government bodies.
Data handling is: the protection of sensitive personal information in accordance with specific measures covering access; removable media, controlled disposal, authentication, audit, forensic readiness and citizen-facing work.
The client therefore decided that it was essential to engage with an independent, expert information assurance consultancy provider to ensure they comply with government requirements in this area.
Additionally in order to ensure appropriate control of the organisation’s operational risk the client also requested assistance with Business Continuity Planning and Management and the ISO27000 Information Security Management framework.
Recognising the importance of the right specialist expertise, together with the need for objectivity and independence Commissum was engaged to meet the strategic, business and technical security and continuity related objectives of the client.
Commissum has considerable expertise and experience in addressing both government, i.e. IS6 and SPF, and commercial e.g. Data Protection Act and Financial Services Authority requirements in this area.
The business drivers for this engagement can be summarised as follows:
- Compliance with Cabinet Office mandates regarding data handling
- Secondary benefits for agency in terms of managing their operational risk by improving their organisation’s information security and business continuity to recognised industry standards
- The client recognised the sensitivity of any potential data leaks in the current political context