Amethyst have provided a Senior Consultant as the Security Assurance Coordinator (SAC) in the role of the Project Amethyst provided Security Assurance support to a Defence innovation project. This delivered innovative, cloud based, capabilities that are employed in the Firm Base, Overseas and on Operation.
For all of the project systems, our consultant is responsible for:
- Acting as the single point of contact for all security and assurance
- Accreditation evidence set generation
- Technical risk assessments (IS1&2, NIST plus other methodologies)
- ISO27001 audits of suppliers and systems
- Accreditor, service provider and project stakeholder liaison and management
- JSP604 compliance evidence generation
- CoCos/ISMS, SyOPs, BDAs, DPIAs, DCPP submissions and TSIs
- Reacting and coordinating responses to ISNs, DIANs and MODCERTs
- Chairing of SWGs and Security Surgeries
- Integration activities onto Defence Core Networks
- Compliance with relevant legislation
- Compliance with HMG and MOD policy such as JSPs 440, 441, 490, 604 and 740
- Creating and managing DART, IAR and DAR entries
- Supporting innovation test and trial activities to ensure all use is legal, compliant and does not present risk to the MOD’s information
- Maintenance of the project Security Risk Register
- Security training to system and service consumers
- Security and assurance advice for all aspects of wider work undertaken by the project.
The Amethyst consultant has been essential to this high-profile innovation project.
The very nature of innovation and new ways of working, such as public cloud hosting, AR and BYOD, introduce risk.
Having an experienced SAC with in-depth knowledge of HMG/MOD stakeholders and policies has ensured that this project has released a number of systems into live service with minimal residual risk.
The flexibility offered by the consultant to undertake work outside the normal TORs for a SAC has also greatly benefitted the project.
The Amethyst consultant has ensured the delivery of accreditation in accordance with MOD policy.
The result is the issuing of Full Accreditation for four TOAs, applications, monitors and innovative support systems.