assuranceESS Advisory helps organisations across private and in particular public sector develop a Risk Management & Accreditation Document Set (RMADS) that describes the security specific aspects of a system or service and is the key source of information an Accreditor will use to determine whether assurance requirements are met.  Through an in-house CLAS team, ESS Advisory Practice provides a pragmatic approach matched to risk and organisational risk appetite that offers engagement and communication with stakeholders throughout the project. In addition, skilled ESS trainers are able to deliver skills transfer and mentoring for internal staff to help organisations transition to in-house and ongoing documentation processes. RMADS and/or Assurance case services designed to support secure business operations include:

  • Development of Accreditation / Assurance Policy;
  • Preparation of full RMADS or tailored Security Case
  • Review of supplier produced documentation
  • Pragmatic application of HMG IAS 1 & 2 risk methodology, augmented as necessary by bespoke risk approaches such as scenario modelling
  • Delivery of Privacy Impact Assessments (PIAs)
  • Scoping and management of penetration testing
  • Stakeholder management including information source aggregation and consistency of presentation to ensure value for money