Amethyst supported a data hosting provider with the risk assessment and re-accreditation of a System provided to the MOD.
The system provided the MOD users and MOD authorised users with access to the RLI and a hosting environment for MOD authorised up to OFFICIAL-SENSITIVE within the RLI.
The IA support involved the reassessment of the risks and risk treatment required for the system and this was captured in a full RMADS using the CESG IS1&2 V4 risk assessment and treatment methodology.
The IA support also involved the assessment of the GPG13 protective monitoring controls and the production of a Code of Connection Statement of Compliance Conformity (SOCC) for the system to retains its connection to the RLI.
The risk assessment and RMADS production utilised the ISO 27001:2013 control set.