The demands on government, non-governmental bodies and their third party commercial suppliers to prove information is appropriately secured are increasing. Any system carrying, storing or transmitting protectively marked data requires an appropriate technology and information risk management process to be carried out. This is to ensure that proportionate security controls have been applied to safeguard the system’s information assets and provide assurance to Accreditors and other key stakeholders.

In a changing Government security landscape, individuals who create and process data and documents must understand how that data should be marked and protected and implement agile, pragmatic and proportionate risk-managed controls throughout its lifecycle. Wherever there is a need for authoritative, expert advice on implementing risk management methodologies, policy or how to mark, process, handle and dispose of data in line with the GCS, our CESG Certified Professional (CCP) certified Consultants can help. Our deep industry experience and links within Government and Cabinet Office, NCSC and the wider IA community, combined with our full spectrum of independent Accreditation and Risk Management services offers you an unrivaled and compelling proposition for your cyber security needs.

As an established cyber security consultancy, we have years of experience in providing information assurance advice to government and third-party commercial suppliers in line with best practice, GovAssure, HMG Policy and Standards and the Security Policy Framework, and our CCP Consultants have a 100% record in successful system accreditations.

HMG Technology & Information Risk Management and Assurance Consultancy services include:

• Governance, Risk & Compliance
• Secure by Design (SbD)
• GovAssure
• Digital Transformation projects
• Specialists in System Assurance (from a CCP)
• Digital transformation assurance services
• Range of outsourced roles (contact us for details)
• Application of current and legacy IA Assurance Methodologies
• Risk Management, Risk Assessment & Risk Treatment following guidance including ISO27005, ISO31000, ISO27001/2 and IAS1&2 (where still used)
• Security Architecture System Designs and Reviews
• Digital and Cloud Security Services
• IA Audits and Reviews including RMADS (where still used), Security Policy Framework (SPF) Compliance
• IA Incident Management
• IA Policy & Standards Advice and Guidance, including policy development and reviews
• ISO 42001 Artificial Intelligence Management System
• Advice on Off-shoring Data
• System Decommissioning Services
• Codes of Connection Reviews e.g. PSN, PSN(P)
• Data Protection
• Privacy Impact Assessments
• Red Teaming

In addition to our core services, we can provide outsourced specialist individuals or teams to work on an ad-hoc or contractual basis, to see through your cyber and physical security projects on time.

Our outsourced specialist roles include, but are not limited to:

• Security Consultant / Risk Assessor
• Information Security Engineer
• Security Incident Responder
• Security SIEM Analyst
• Solutions Designer
• Software Developers
• IT Risk Analyst
• Threat Intelligence Analyst