MOD IPT

I am a Manager for an MOD IPT and I have had close oversight of the considerable information assurance work that has been undertaken for the IPT. Amethyst Risk Management was contracted to assist us in seeking accreditation from the Accreditor. They have undertaken considerable work for the IPT. Initially this was the production of a full Risk Management Accreditation Document Set (RMADS). Their consultants produced very comprehensive documents and identified that there were risks that required further investigation and discussion with both CESG and the Accreditor. The result of this was some excellent analysis work, which has now put us in the position of being able to clearly articulate all our risks and risk mitigation to seek endorsement. Follow on work has included the assessment of the risks and security impacts of further projects. We have been very impressed with their ability to quickly identify the issues and provide options for addressing or mitigating risk.

Amethyst Risk Management's consultants have proven to be very professional and knowledgeable. Due to their experience and work we are in a much better position for accreditation. Their consultants positive attitude to information security and knowledge about operational requirements has helped to ensure that information security input is sought as early as possible in our projects.

HMG Information Assurances (IA) policies and guidance

As an Application Projects Manager within Defence, I have had close oversight of the Information Assurance work that Amethyst Risk Management has been undertaking for the Department. Their accreditation expertise and knowledge of HMG Information Assurances (IA) policies and guidance has ensured that risks to the critical migration project of dozens of RESTRICTED and SECRET applications have, and are continuing to be, successfully mitigated. They have also successfully delivered and continues to draft RMADS and other business critical applications currently in development.

Amethyst Risk Management's consultants have developed a close and effective working relationship with the project managers and technical architects in the organisation. They have also, most importantly, developed a good working relationship with the Accreditor to ensure that the accreditation process is no longer a constraint.

Amethyst Risk Management consultants have proven to be highly professional and knowledgeable. Their positive attitude to IA and knowledge have ensured that the security accreditation project risks have been well managed.

National systems and projects accreditor

I am a Manager for a Police Agency and I have had oversight of the considerable Information Assurance (IA) work that Amethyst Risk Management have been undertaking for the department. Their primary focus has been as Accreditor for national systems and projects, a role that requires extensive experience, maturity, and technical expertise across the whole spectrum of IA policy and good practice. Many of the systems and projects for which they have responsibility are of critical national importance.

Amethyst Risk Management's consultants have throughout the last year, provided practical support and advice while at the same time undertaking a root and branch review of the status of each system and project. They have also been instrumental in the creation, development and maintenance of a key information asset within the IA team, namely a master accreditation matrix. The value of this reference material to the organisation cannot be overstated. In addition, Amethyst Risk Management have been a keen and active participant in the wider IA improvement activities within the Agency including implementation of recommendations, supporting the development of policies and procedures.

One of the most important aspects of their contribution to the Agency has been his success in engaging with key project and programme managers, always encouraging their active engagement and participation in the accreditation process. As a measure of success in this regard, many of them are now routinely to be found in the IA team office for the purpose of informal discussions with Amethyst Risk Management's consultants and other members of the team.