The National Technical Authority for Information Assurance
 
  ABOUT US   PRODUCTS & SERVICES   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A .....
IAMM
Introduction
Whats New Archive
HMG IA Maturity Model (IAMM) (pdf)
Assisted Assessment Guide (pdf)
Self Assessment Guide (pdf)
2010 Supported Self-Assessment Guide v1.0 (pdf)
2010 CO IRR Tool v1.7 (zip)
IAMM Assessment services and Application Form (doc)
IAMM Review Process Diagram - interim (pdf)

 
 
HMG IA Maturity Model

What's New Archive

15.00hrs Monday 8th March 2010: Version 1.7 of the 2010 CO IRR Tool (zip) is now available. It is provided in password protected zip form in order to preserve the macro content only; there are no confidentiality requirements here.
The password is CESG
This upgrade does not include any changes to the textual content of the spreadsheet, amendments are exclusively to the spreadsheet functionality, and to the scoring computations. As a result, it is possible that assessments against v1.7 may reveal slightly different results than v1.6, and this reflects error correction from v1.6 to v1.7.
CESG is keenly aware of the potential impact on organisations who have already conducted an assessment against v1.6, and the potential work in re-keying inputs into v1.7. As a result, we have included an Import facility on the Instructions sheet. This will allow users to import all user input from an already populated v1.6, and automatically populate a new v1.7.

15.30hrs Wednesday 27th January 2010: V1.6 of the 2010 CO IRR Tool (xls) is now available. This upgrade does not include any amendments to the scoring arrangements, or the results sheets. The changes are exclusively within the SPF Details sheet, where COSPD have asked that composite scores be agreed for SPF Mandatory Requirements. Further guidance on this will be published from Cabinet Office separately.

11.30hrs Friday 22nd January 2010: V1.5 of the 2010 CO IRR Tool (xls) is now available to replace v1.4. This rectifies a further error that was introduced during the v1.4 upgrade, that affected the dashboard results display for Training Education & Awareness only.

13.00hrs Monday 18th January 2010: V1.4 of the 2010 CO IRR Tool (xls) is now available. This update rectifies an obscure error condition, and also fixes some cells where the text was not completely visible. No functional changes have been made.

14.00hrs Tuesday 5th January 2010: A fault has been reported in v1.2 of the 2010 CO IRR Tool. This has now been corrected, and 2010 CO IRR Tool v1.3 (xls) is now available. Please accept our apologies for any nugatory work that has already been done.

13.00hrs Tuesday 5th January 2010: There appears to be an error in the 2010 CO IRR Tool ver 1.2 (xls). This is currently being examined and a revision will be made available as soon as possible. In the meantime, any results from the use of v1.2 should be held in abeyance. More information will be made available as soon as we have a solution. Please accept our apologies for this problem.

10.00hrs Thursday 17th December 2009: Following the discovery that some of the cells intended to be editable in Version 1.1 of the 2010 CO IRR Tool were not in fact editable, 2010 CO IRR Tool ver 1.2 is now available. There are no other functional changes.

13.00hrs Thursday 10th December 2009: After the discovery that v1.0 of the 2010 CO IRR Tool did not include the macro to reflect the colours on the DHR & IAMM Dashboards sheet, a new version 2010 CO IRR Tool v1.1 is now available. There are no other functional changes with this upgrade.

09.00hrs Monday 7th December 2009: At popular demand, the HMG IA Maturity Model Independent Review Process diagram (pdf) is available. Please note this is provided on an interim basis pending the publication of full guidance in support of HMG IAMM Independent Reviews. It should not be considered definitive, and may be subject to change without notice. For further enquiries, please revert to CESG enquiries.

14.00hrs Monday 30th November 2009: A revised version of the Cabinet Office Information Risk Report Tool (xls) has been prepared for 2010 and is available for download. This is the version that will be used for CESG Supported Self-Assessments in support of the FY09/10 reporting round. It includes the capability for departments to explicitly score their Delivery Partners and 3rd Party Suppliers. Further guidance will be provided by IS&A early in 2010.

15.00hrs Friday 27th November 2009: A revised guidance document is now available entitled 2010 Cabinet Office Information Risk Report: HMG IA Maturity Model Supported Self Assessment v1.0 (pdf) dated 26 November 2009. The Aim of this document is to give details of how the Information Risk Report (IRR) Tool is to be used as part of the overall IRR to the Cabinet Office and provide guidance on the CESG IA Supported Self-Assessment Service, which is designed to provide support from CESG to assist the SIRO in making the assessments that the Tool is designed to record.

14.00hrs Thusday 15th October 2009: Version 3.0 of the HMG IA Maturity Model (pdf) is now available. This incorporates a number of changes in the IA Assessment Framework to reflect feedback received over the past year from practical use. This includes rationalisation of terms such as Delivery Partners and 3rd Party Suppliers, and removal of the term "arm's length body". The Maturity Model itself is unchanged apart from the revision of these terms. Work is now in progress to revise the CO IRR Tool to reflect this new version.

14.00hrs Wednesday 12th August 2009: A brief description of the Assessment Services (doc) offered by CESG in support of the IAMM is now available, complete with a revised application form in the guise of a Business Questionnaire.

15.30hrs Wednesday 15th April 2009: The Cabinet Office Information Risk Reporting tool is now available for download. This is the spreadsheet that will be used by the CESG Team member when conducting a Supported Self-Assessment. In the event of problems is using or interpreting this tool, please contact CESG via the enquiries desk in the first instance.

10.30hrs Friday 27th March 2009: The CO Information Risk Reporting Tool has now been completed and is available at version 3.0. This is the version that will be used during the forthcoming reporting period. For the present, requests for copies should be directed to the CESG enquiries desk.
The CO guidelines will be issued separately by close of play 1 April 2009.

The FY08/09 Annual Information Risk Report to Cabinet Office requirement strongly recommends the use of IA Supported Self Assessment. The Supported Self Assessment provides details of this procedure, and details of the service offered from CESG to assist departments in undertaking the assessment.

There is a Request Form (doc) available for customers to initiate the process of securing CESG support for this service.
 © Crown copyright, 2010. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk