CESG Logo
 
The National Technical Authority for Information Assurance
 
CESG Web logo
 
  ABOUT US   SERVICE CATALOGUE   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A .....
 
Service Catalogue Home

HMG IA Maturity Model (lAMM)
Introduction
HMG IA Maturity Model (IAMM) (pdf)
HMG IAMM Assessment Tool (zip)
Self Assessment Guide (pdf)
2011 Supported Self-Assessment Guide (pdf)
CESG IAMM Assessment Services
IAMM Review Process Diagram - interim (pdf)
Whats New Archive

A to Z

 
General Enquiries image
 
HMG IA Maturity Model

What's New Archive

12.00hrs Tuesday 28th June 2011: Some users were having problems with running the tool in compatibility mode in Excel 2010 causing it to hang, making it appear that the tool had crashed. Excel 2010 users should use the .xlsm version of the tool and Excel 2007 and earlier users should use the .xls version. As there weren't any changes to the format of the question or answer files the new version of the HMG IAMM Assessment Tool (zip) version 3.5 is backwards compatible with all previous versions.


16.00hrs Monday 6th June 2011: Some users were having problems with running the tool in compatibility mode in Excel 2010, causing it to hang making it appearing that the tool had crashed. Excel 2010 users should use the .xlsm version of the tool and Excel 2007 and earlier users should use the .xls version. The new version of the HMG IAMM Assessment Tool (zip) version 3.4 contains both.

09.00hrs Thursday 14th April 2011: The 2011 - IAMM Supported Self-Assessment Guide - For those organisations opting to carry out the IA Maturity Model assessment for themselves this year, with limited (maybe no) use of CESG resources, although using the assessment tool, may find this document useful.

09.00hrs Thursday 14th April 2011: The IAMM Self-Assessment Guide - For those organisations opting to carry out the IA Maturity Model assessment for themselves this year, without using CESG resources, and who have not specifically decided to use the assessment tool, may find this document useful.

13.00hrs Tuesday 15th March 2011: A new version of The HMG IAMM Assessment Tool (zip) version 3.3 is now available.

10.00hrs Friday 4th March 2011: A new version of The HMG IAMM Assessment Tool (zip) version 3.2 is now available.

15.00hrs Wednesday 9th February 2011: CESG Supplier IA Assessment Framework - Issue No: 1.0 - January 2011 (pdf). Provides guidance on how the Supplier Information Assurance Tool (SIAT) (pdf) question sets and tool specification can be used by suppliers of key business services to HMG.

09.30hrs Thursday 13th January 2011: A new version of The HMG IAMM Assessment Tool (zip) version 3.1 is now available.

09.30hrs Friday 10th December 2010: The CO IRR Tool was produced by CESG and used during 2009 and 2010 CO reporting rounds. It was the subject of a number of functional errors and failures, and was finally published in 2010 at version 1.8.3. This has now been replaced by a very much more robust and user friendly edition. To reflect CO changes to the information reporting regime for the coming year, the revised version of the Tool is entitled The HMG IAMM Assessment Tool (zip), and is available now. The Tool is available to departments to conduct their own Self-Assessments, and CESG will continue to provide a Supported Self-Assessment service on request, where the new HMG IAMM Assessment Tool will be used. The CO IRR Tool will no longer be supported by CESG.

Additionally, an update to Version 4.0 of the HMG Information Assurance Maturity Model and Assessment Framework dated 27 May 2010, will henceforth be published in the form of a new GPG No. 40 in the New year.

16.00hrs Thursday 28th May 2010: Version 4.0 of the HMG Information Assurance Maturity Model and Assessment Framework dated 27 May 2010 is now available, and replaces version 3.0 dated 14 October 2009. Annex C contains a list of the changes implemented in this new version. Please note that the current CO IRR Tool will not be impacted by this update, and will continue to use version 3.0 material for the duration of this CO reporting period.

09.00hrs Monday 10th May 2010:An upgrade to v1.8 of the Cabinet Office Risk Reporting Tool is now available, correcting some minor errors in the mapping to the dashboard sheets. This is now available as detailed below.

09.00hrs Friday 23rd April 2010: The latest version of the Cabinet Office Information Risk Reporting Tool is now at v1.8, and is available from www.cesg.gsi.gov.uk. For those without access to the GSI, please contact CESG enquiries, who will provide a copy via email.
This version includes an Import capability so that for those who have already completed either v1.6 or v1.7 of the tool, it is a simple task to Import the scores into v1.8, rather than having to re-enter all the scores.

15.30hrs Wednesday 14th April 2010: The latest version of the Cabinet Office Information Risk Reporting Tool is now at v1.8, and is available from www.cesg.gsi.gov.uk. For those without access to the GSI, please contact CESG enquiries, who will provide a copy via email. This version includes an Import capability so that for those who have already completed either v1.6 or v1.7 of the tool, it is a simple task to Import the scores into v1.8, rather than having to re-enter all the scores.

15.00hrs Monday 8th March 2010: Version 1.7 of the 2010 CO IRR Tool (zip) is now available. It is provided in password protected zip form in order to preserve the macro content only; there are no confidentiality requirements here.
The password is CESG
This upgrade does not include any changes to the textual content of the spreadsheet, amendments are exclusively to the spreadsheet functionality, and to the scoring computations. As a result, it is possible that assessments against v1.7 may reveal slightly different results than v1.6, and this reflects error correction from v1.6 to v1.7.
CESG is keenly aware of the potential impact on organisations who have already conducted an assessment against v1.6, and the potential work in re-keying inputs into v1.7. As a result, we have included an Import facility on the Instructions sheet. This will allow users to import all user input from an already populated v1.6, and automatically populate a new v1.7.

15.30hrs Wednesday 27th January 2010: V1.6 of the 2010 CO IRR Tool (xls) is now available. This upgrade does not include any amendments to the scoring arrangements, or the results sheets. The changes are exclusively within the SPF Details sheet, where COSPD have asked that composite scores be agreed for SPF Mandatory Requirements. Further guidance on this will be published from Cabinet Office separately.

11.30hrs Friday 22nd January 2010: V1.5 of the 2010 CO IRR Tool (xls) is now available to replace v1.4. This rectifies a further error that was introduced during the v1.4 upgrade, that affected the dashboard results display for Training Education & Awareness only.

13.00hrs Monday 18th January 2010: V1.4 of the 2010 CO IRR Tool (xls) is now available. This update rectifies an obscure error condition, and also fixes some cells where the text was not completely visible. No functional changes have been made.

14.00hrs Tuesday 5th January 2010: A fault has been reported in v1.2 of the 2010 CO IRR Tool. This has now been corrected, and 2010 CO IRR Tool v1.3 (xls) is now available. Please accept our apologies for any nugatory work that has already been done.

13.00hrs Tuesday 5th January 2010: There appears to be an error in the 2010 CO IRR Tool ver 1.2 (xls). This is currently being examined and a revision will be made available as soon as possible. In the meantime, any results from the use of v1.2 should be held in abeyance. More information will be made available as soon as we have a solution. Please accept our apologies for this problem.

10.00hrs Thursday 17th December 2009: Following the discovery that some of the cells intended to be editable in Version 1.1 of the 2010 CO IRR Tool were not in fact editable, 2010 CO IRR Tool ver 1.2 is now available. There are no other functional changes.

13.00hrs Thursday 10th December 2009: After the discovery that v1.0 of the 2010 CO IRR Tool did not include the macro to reflect the colours on the DHR & IAMM Dashboards sheet, a new version 2010 CO IRR Tool v1.1 is now available. There are no other functional changes with this upgrade.

09.00hrs Monday 7th December 2009: At popular demand, the HMG IA Maturity Model Independent Review Process diagram (pdf) is available. Please note this is provided on an interim basis pending the publication of full guidance in support of HMG IAMM Independent Reviews. It should not be considered definitive, and may be subject to change without notice. For further enquiries, please revert to CESG enquiries.

14.00hrs Monday 30th November 2009: A revised version of the Cabinet Office Information Risk Report Tool (xls) has been prepared for 2010 and is available for download. This is the version that will be used for CESG Supported Self-Assessments in support of the FY09/10 reporting round. It includes the capability for departments to explicitly score their Delivery Partners and 3rd Party Suppliers. Further guidance will be provided by IS&A early in 2010.

15.00hrs Friday 27th November 2009: A revised guidance document is now available entitled 2010 Cabinet Office Information Risk Report: HMG IA Maturity Model Supported Self Assessment v1.0 (pdf) dated 26 November 2009. The Aim of this document is to give details of how the Information Risk Report (IRR) Tool is to be used as part of the overall IRR to the Cabinet Office and provide guidance on the CESG IA Supported Self-Assessment Service, which is designed to provide support from CESG to assist the SIRO in making the assessments that the Tool is designed to record.

14.00hrs Thusday 15th October 2009: Version 3.0 of the HMG IA Maturity Model (pdf) is now available. This incorporates a number of changes in the IA Assessment Framework to reflect feedback received over the past year from practical use. This includes rationalisation of terms such as Delivery Partners and 3rd Party Suppliers, and removal of the term "arm's length body". The Maturity Model itself is unchanged apart from the revision of these terms. Work is now in progress to revise the CO IRR Tool to reflect this new version.

14.00hrs Wednesday 12th August 2009: A brief description of the Assessment Services (doc) offered by CESG in support of the IAMM is now available, complete with a revised application form in the guise of a Business Questionnaire.

15.30hrs Wednesday 15th April 2009: The Cabinet Office Information Risk Reporting tool is now available for download. This is the spreadsheet that will be used by the CESG Team member when conducting a Supported Self-Assessment. In the event of problems is using or interpreting this tool, please contact CESG via the enquiries desk in the first instance.

10.30hrs Friday 27th March 2009: The CO Information Risk Reporting Tool has now been completed and is available at version 3.0. This is the version that will be used during the forthcoming reporting period. For the present, requests for copies should be directed to the CESG enquiries desk.
The CO guidelines will be issued separately by close of play 1 April 2009.

The FY08/09 Annual Information Risk Report to Cabinet Office requirement strongly recommends the use of IA Supported Self Assessment. The Supported Self Assessment provides details of this procedure, and details of the service offered from CESG to assist departments in undertaking the assessment.

There is a Request Form (doc) available for customers to initiate the process of securing CESG support for this service.
Products Footer image
 © Crown Copyright, 2011. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk