|
|||||||||
|
| You are here: CESG > Products and Services >IACS >CHECK > | ||||
 CHECKWhat is CHECK? IT health checks identify vulnerabilities in IT systems and networks which may compromise the confidentiality, integrity or availability of information held on that IT system. CESG has traditionally provided IT health check services for HMG and the wider public sector of systems handling protectively marked information. Demand for these services has grown. Therefore, in line with similar CESG initiatives, a special partnership with industry is the most appropriate way of meeting this demand. The IT Health Check Service, or CHECK, was developed to enhance the availability and quality of the IT health check services that are provided to government in line with HMG policy. Companies belonging to CHECK are measured against high standards set by CESG. Therefore, HMG and CNI customers can be assured that they will receive a high quality service if the work is carried out under the Terms & Conditions of CHECK. CHECK Service Providers are currently permitted to work on systems processing protectively marked information up to, and including, CONFIDENTIAL (and also SECRET with CESG approval – see S(E)N 2006/04 for details). For the more sensitive HMG or CNI systems, and occasionally other agreed requirements, the IT Health Check service will continue to be provided by CESG personnel. However, there may be occasions where it would be permissible for CHECK Service Providers to undertake tests on such systems. Potential customers of the CHECK Service should also note that if the information is not protectively marked then they do not need to specify membership of CHECK in their invitations to tender, and may be challenged if equally competent non-scheme members are prevented from bidding. In order to have access to protectively marked information, all members of a CHECK team hold at least Security Check (SC) clearance. However, you should be aware that CESG does not sponsor all of them. CESG endeavours to check all claims of a clearance, however, we are not able to do this on a regular basis. Therefore, it is most strongly advised that the customer confirms the security clearance status and review date with the issuing authority which the individual claims to have a clearance with. CESG cannot be held responsible for the clearance of those it does nor sponsor. The welcome emergence of the CREST and TIGER Schemes has allowed us to consider different ways of operating the scheme and presents an opportunity for CHECK to focus on that for which it was established: the provision of appropriately skilled staff to conduct IT Health Checks for Government. CESG will accept a pass from one of the following examinations when approving CHECK Team leader status. CESG's CHECK Service Assault CourseA pass in any one of these examinations merely demonstrates technical competence and does not replace the other requirements to attain CHECK Team Leader status. Only CESG may confer CHECK Team Leader status. Where a candidate has chosen to sit an examination not run by CESG, the examining organisation will pass all relevant information to CESG in order to progress the application. It is the responsibility of the CHECK Company to ensure that CESG are notified, but this notification will only be accepted if it is received directly from the examining organisation. Failure to do so before the expiry date will result in an existing CHECK Team Leader losing that status. Please note also that a fail in any one of the above examinations will result in the immediate loss of CHECK Team Leader status, regardless of expiry date. |
||||
 |
|||
|