|
SECTOR
|
TYPE OF SERVICE
|
PROJECT AREA
|
|
Public
|
Project Manager & CISO
Consultant
|
Government Connect Code
of Connection (CoCo)
|
|
Parachuted
in late in the day to assist
this Council with their CoCo
submission to GCSx and achieving
compliance by the required end
date of 30th
September 2009.
A
larger information security
improvement programme
underpinned the project
including the development and
delivery of information security
awareness briefings to over 500
staff in a 3 week period in
September 2009.
Rolled out to the wider council,
delivering briefings to 1500
staff during Feb 2010 and a
further 2000 planned March and
April; implementing and
Information Security Management
System as part of an Information
Governance Framework in line
with ISO27001 and the LGA Data
Handling Guidelines.
Project Management for a team of
10 cross ICT discipline
colleagues.
Budget £2m
|
|
Private
|
High level consultancy
|
Data Protection
Compliance review & ongoing
support
|
|
Returned to
this previous client to
establish the wider internal
data protection compliance and
provide advice and guidance as
to how best to bridge any gaps
identified – particularly with
regard to undertaking Privacy
Impact Assessments and
encouraging lesser collection
(and thus management) of
personal data in the future.
|
|
Public
|
High level consultancy
|
ISO27001 Scoping
|
|
Returned to advise this North
Wales Council how best to scope
their intended ISO27001
certification project – provided
a pragmatic view of appropriate
scope boundary in order to focus
the activities and ensure the
selected controls were risk
based.
|
|
Public
|
High level consultancy
|
Data Protection
Controller review
|
|
NDPB seeking a review of data
processors to ensure that they
were complying with data
controller stipulated
requirements and guidance.
Ensuring contractual agreements
were in place and appropriate as
well as on site review of the
third party processors.
|
|
Public
|
Training delivery
|
Role specific
Information Security awareness
sessions
|
|
Creation and delivery of role
specific information security
training sessions – delivered
40+ sessions to 1100 staff
across the country in a 2 month
time period.
Tight timescales.
Focussed content creation and
dynamic delivery required and
provided.
Addressed Business Security
Requirements, Information
Security Risk Assessment Summary
and RMADS process flows.
Part
of a team.
Significant budget.
|
|
Public
|
High level consultancy
|
PCI DSS Compliance
review
|
|
Local Council seeking a full
review of all outlying posts
that process credit card data to
ensure appropriate data handling
is taking place.
Risk
Assessment of the findings and
full report back to management.
Infrastructure and architecture
review.
|
|
Private
|
High level consultancy
|
Information Security
review
|
|
Law firm
requiring an ISO27001 ISMS to be
established – through
consultative process with
requirements review, policy and
procedure creation and risk
assessment of data flows etc.
Included review of European
offices and balance of
legislative requirements.
|
|
Private
|
High level consultancy
|
Data Protection
compliance review
|
|
Carried out
a data processor review for a
data controller in order to
provide reassurance that the
processing was happening in a
manner consistent with the
requirements of the service but
also in keeping with the nature
of the data.
Audited the data flows,
contracts etc..
Carried out a Privacy Impact
Assessment (PIA) to address
concerns raised with regard to
data exchanges.
|
|
Private
|
High level consultancy
|
Data Protection
compliance review
|
|
Delivered DPA compliance advice and
guidance in a Financial Services
context – including policy and
procedure creation and
development – in order to
synchronise existing governance
arrangements with the FSA Data
Security in Financial Services
requirements.
|
|
Public
|
High level consultancy
|
Information Security
Management & Data Protection
Compliance
|
|
Delivery of
appropriate management advice
for Information Security
compliance with a view to
ensuring the organisation
implements a robust programme to
include delivery of policies,
procedures, guidance and
awareness training – utilising
ISO27001 ISMS framework.
Further work on Data Protection
Compliance specifically is
currently being undertaken.
|
|
Private
|
High level consultancy
|
Information Security
Review
|
|
Culture and awareness review
with regard to information
security at a London law firm.
Risk Assessment against the
results and then assist with
information classification,
labelling and handling guidance.
|
|
Charity
|
High level
consultancy
|
Information Security Policy
|
|
Creation
and implementation of a robust
Information Security Policy to
provide surety to members,
stakeholders and the public with
regard to information management
and handling.
|
|
Public
|
High level
consultancy
|
ISO27001
certification project
|
|
Prepared
this public sector housing group
for ISO27001 c. November 2007.
Full range of professional
services being utilised – Gap
Analysis, Risk Assessment,
training delivery, policy and
procedure preparation etc.
|
|
Private
|
High level
consultancy
|
ISO27001
certification project
|
|
Prepared
this private sector secure
radios manufacturing for
ISO27001 c. March 2007.
Full range of professional
services being utilised – Gap
Analysis, Risk Assessment,
training delivery, policy and
procedure preparation etc.
|
|
Private
|
High level
consultancy
|
ISMS
implementation project
|
|
Preparation of all necessary
ISO27001 certification
documentation from Gap Analysis,
through Risk Assessment to
policy and procedure development
for this screening services
company, offering key services
to government agencies.
|
|
Public
|
High level
consultancy
|
Information Governance
|
|
Delivery
of appropriate management advice
to a Borough Council for
Information Governance with a
view to ensuring the implements
a robust programme to include
delivery of policies,
procedures, guidance and
awareness training, with a view
to enhancing compliance across
multiple regimes / disciplines,
through the utilisation of an
appropriate Information
Management Strategy and
Information Security Management
System.
|
|
Private
|
High level
consultancy
|
ISO27001
certification project
|
|
Prepared
this private sector managed
services provider for ISO27001
c. December 2006. Full
range of professional services
being utilised – Gap Analysis,
Risk Assessment, training
delivery, policy and procedure
preparation etc.
|
|
Private
|
High level
consultancy
|
BS7799
certification project
|
|
Preparing
this private sector managed
services provider delivers
high-performance mail security
solutions. As part of
their determination to be market
leaders in service provision,
bst are seeking BS7799
certification in order to
support customer requirements
for improved transparency of
their security arrangements.
|
|
Public
sector
|
High level
consultancy: interim
management
|
DP/FOI
compliance programme
|
|
Delivery
of appropriate management advice
for DP/FOI compliance with a
view to ensuring this Regional
Development Agency implements a
robust programme to include
delivery of policies,
procedures, guidance and
awareness training, with a view
to ultimately enabling
Information Governance.
Preparation for implementation
of the Directive on the Re-use
of Public Sector Information
(PSI). Assistance with
records management
implementation.
|
|
Public
|
High level
consultancy
|
Freedom of
Information Implementation
|
|
Data
Protection Audit for central
government agency, based on Risk
Matrix approach followed by
development of appropriate
supporting policies, procedures
and guidance documents.
Delivery of DPA and
FOI training to all
employees during Summer 2004.
|
|
Private
|
Corporate
consultancy/ facilitation
|
Data
Protection compliance change
programme
|
|
Household
name brands owned by this large
national organisation.
Involved in Data Protection
Audit interviewing as well as
policy, procedure and guideline
creation in order to ensure this
organisation complies with the
requirements of the DPA. A
risk based approach was applied.
Covered DMA, HRA, RIPA, ECA,
Telecommunications Regulations
etc.
|
|
Public
|
Consultancy / facilitation
|
BS7799 Gap
Analysis
|
|
This
health sector client was seeking
a BS7799 Gap Analysis in order
to assess their level of
compliance with NHS requirements
in this area. They provide
IT, Finance, HR & Facilities
services to 8 NHS partners.
It was important to establish
the scope of the review, to
assess the understanding of
security amongst the employees
and to work out an appropriate
plan to achieve compliance.
Interviews with employees were
required with a view to
collating responses and
producing reports. This
assignment was about ensuring
that all NHS, Caldicott and data
handling guidelines were borne
in mind whilst reviewing the
wider implications of BS7799
compliance for HI as they
provide services to 7 NHS
Healthcare Trust clients.
Some focus on Data Protection
and FOI issues.
|
|
Public
|
Management
review
|
Information security &
legislation compliance
|
|
The review objectives for this City Council were:
·
To understand the current set up and problems and shortcomings.
·
To consider what information management (IM) organisation structure
(reporting, responsibilities)
should be set up to ensure that
the Council is able to comply
and maintain its compliance.
This IM organisation structure
recognises the impact of the
current delivery restructuring
and that the resulting new
delivery structures will equally
need to comply.
·
To identify what actions are needed to manage Freedom of Information
(FOI) implementation.
|
|
Public
|
Management
review
|
Information security &
legislation compliance
|
|
|
The review objectives for this large
metropolitan City Council were to:
·
To understand the current set up and problems and shortcomings.
·
To consider what information management (IM) organisation structure
(reporting, responsibilities)
should be set up to ensure that
the Council is able to comply
and maintain its compliance.
This IM organisation structure
recognises the impact of the
current delivery restructuring
and that the resulting new
delivery structures will equally
need to comply.
·
To identify what actions are needed to set up the new IM organisation
structure.
·
To summarise the key actions which the new IM organisation structure
must take to achieve compliance.
This included for example
identifying at high level what
procedures should be embedded in
new project inception and
delivery to ensure compliance.
|
|
Socitm
Learning
|
Training /
facilitation
|
FOI / DP /
BS7799 / Information Security
Overview training delivery
|
|
Provision
of one day training on each
subject area in order to assist
Local Government SOCITM members
to have a better understanding
of the requirements of each area
and their relationship.
Information security is
essential for successful local
e-Government.
|
|
Public
|
Consultancy / facilitation
|
BS7799 Gap
Analysis
|
|
The Health
Informatics (HI) section of this
NHS client was seeking a BS7799
Gap Analysis in order to assess
their level of compliance with
NHS requirements in this area.
It was important to establish
the scope of the review, to
assess the understanding of
security amongst the employees
and to work out an appropriate
plan to achieve compliance.
Interviews with employees were
required with a view to
collating responses and
producing reports. This
assignment was about ensuring
that all NHS, Caldicott and data
handling guidelines were borne
in mind whilst reviewing the
wider implications of BS7799
compliance for HI as they
provide services to 7 NHS
Healthcare Trust clients.
Some focus on DP issues.
|
