assure, secure, advise

caerphilly county borough council

Challenge

The BS7799 information security standard, issued in 2002, is the official, internationally recognised quality standard relating to information security. The standard was developed by BSI (British Standards Institute) to provide organisations with a framework to help them to manage their information and minimise both internal and external threats.

BS7799 has been adopted by many large organisations in the UK, including government bodies, and is increasingly being adopted by local authorities as a method of both implementing and demonstrating best practice.

Caerphilly County Borough Council is the fourth largest local authority in Wales, providing over 170,000 citizens with services such as education, social services, leisure services, highway maintenance and finance. The Council is the largest employer in the area, employing over 9,000 people.

As part of its regular continuous improvement reviews, the Council's ICT department identified a need to demonstrate rigorous information security controls and took the decision to implement the BS7799 standard.

Solution

Due to the specific and exacting requirements of the BS7799 accreditation process, the Council decided to engage the assistance of external consultants who had practical experience of implementing the standard in local authorities. NCC Group, an independent information security consultancy, was selected due to its experience in the field and its work on previous Council projects.

NCC Group was commissioned to work with the Council in order to implement BS7799 within the IT Services Department. The project commenced with a detailed gap analysis which identified how current security practices differed from those required under the standard.

Results

A detailed implementation plan was developed to enable a structured move to compliance with the standard and ongoing project assistance and quality assurance testing was provided to Council staff during the implementation phase.

The Council was certified to BS7799 by BSI in late 2004.

Roger Rawlinson, Director of Consultancy at NCC Group commented: "Using independent consultants such as NCC Group enables clients to benefit from their experience of similar projects. This often means they are able to agree and implement the necessary action and receive certification to BS7799 standard without duplication of effort, delay or supplier vested interest."

========================================================

NCC Group is a leading global provider of independent IT assurance, security and consultancy services. As a trusted advisor, we help over 15,000 public, private and not for profit sector organisations, including 92 of the FTSE 100, to make the most efficient use of information and technology and to manage the associated risks.

Challenge


As part of its regular continuous improvement reviews, the Caerphilly County Borough Council's ICT department identified a need to demonstrate rigorous information security controls and took the decision to implement the BS7799 standard.

Solution


NCC Group, an independent information security consultancy, was selected due to its experience in the field and its work on previous Council projects.

Results


A detailed implementation plan was developed to enable a structured move to compliance

The Council was certified to BS7799 by BSI in late 2004

top of page

Website © Copyright 2006-2008 NCC Services Ltd - all rights reserved

NCC Group - Software Escrow Services, Verification Testing, Assurance Testing, Penetration Testing, & Consultancy