|
|
The new CESG Assurance Model is a framework that takes a 'whole-life'
view of assurance. CESG believes it will help address some of the
challenges the Government community (and its partners) face in developing
ICT systems in today's increasingly complex and joined-up world.
The Model isn't
- a process, service or scheme
- something that's "done" to a system, service or product
- a risk management process in and of itself
- a shortcut to faster or cheaper solutions
- new
The Model will
- provide a consistent language and framework for people managing
the risks to Government business relating to information.
- help Information Risk Managers by stimulating questions
- help Information Risk Managers identify alternatives to one-off
evaluations
Experienced Accreditors and Information Risk Managers will recognise
the Model as what they already do. CESG hopes to develop and spread
this good practice by providing a consistent framework.
The Model is primarily intended for Information Risk Managers, but
will also help
- Accreditors identify evidence to base risk management decisions
on
- Accreditors balance and trade between risk mitigations to achieve
better value for money
- Give product developers or service providers an insight into
Accreditors' thinking
- Enable product developers collate evidence of risk management
from the earliest stages of design and development
- Delivery managers engage with the IA community and develop meaningful
and usable requirements across the lifecycle of the ICT solution,
building IA in from the very beginning of the delivery process.
The CESG Assurance Project developing and progressing the Model, is
due to complete in January 2008 and will release material through
this website when available.
More information is available on the Model in an article (published
in Public Service Review: Home Office, available from www.publicservice.co.uk)
and on the CESG Assurance Project via the linked web page. Further
queries about the Project or Model should be addressed to enquiries@cesg.gsi.gov.uk
or your CESG Customer Account Manager.
|
