The National Technical Authority for Information Assurance
 
  ABOUT US   PRODUCTS & SERVICES   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A .....
IAMM
Introduction
Whats New Archive
HMG IA Maturity Model (IAMM) (pdf)
Assisted Assessment Guide (pdf)
Self Assessment Guide (pdf)
2010 Supported Self-Assessment Guide v1.0 (pdf)
2010 CO IRR Tool v1.6 (xls)
IAMM Assessment services and Application Form (doc)
IAMM Review Process Diagram - interim (pdf)

 
 
HMG IA Maturity Model

This page provides a portal to information in support of the HMG IA Maturity Model (IAMM) (pdf) and supporting guidance.

As part of assisting organisations' boards to progress towards the broad outcomes of the National IA Strategy, and particularly the mandatory and other measures set out in the Data Handling Review, this IAMM has been created. It is supported by the Information Assurance Assessment Framework (IAAF), which is designed to assist an independent review of progress against the IAMM within an organisation. In its turn, this review will assist organisational boards to report ongoing improvements in their Information Assurance and Information Risk Management postures in their annual reports to Cabinet Office.

Additional guidance will be provided here over the coming months, noted under What's New below.

Enquiries from organisations interested in pursuing assessments using the IAMM and IAAF should contact the CESG enquiries line in the first instance.

What's New

15.30hrs Wednesday 27th January 2010: V1.6 of the 2010 CO IRR Tool (xls) is now available. This upgrade does not include any amendments to the scoring arrangements, or the results sheets. The changes are exclusively within the SPF Details sheet, where COSPD have asked that composite scores be agreed for SPF Mandatory Requirements. Further guidance on this will be published from Cabinet Office separately.

11.30hrs Friday 22nd January 2010: V1.5 of the 2010 CO IRR Tool (xls) is now available to replace v1.4. This rectifies a further error that was introduced during the v1.4 upgrade, that affected the dashboard results display for Training Education & Awareness only.

13.00hrs Monday 18th January 2010: V1.4 of the 2010 CO IRR Tool (xls) is now available. This update rectifies an obscure error condition, and also fixes some cells where the text was not completely visible. No functional changes have been made.

14.00hrs Tuesday 5th January 2010: A fault has been reported in v1.2 of the 2010 CO IRR Tool. This has now been corrected, and 2010 CO IRR Tool v1.3 (xls) is now available. Please accept our apologies for any nugatory work that has already been done.

09.00hrs Monday 7th December 2009: At popular demand, the HMG IA Maturity Model Independent Review Process diagram (pdf) is available. Please note this is provided on an interim basis pending the publication of full guidance in support of HMG IAMM Independent Reviews. It should not be considered definitive, and may be subject to change without notice. For further enquiries, please revert to CESG enquiries.



The FY08/09 Annual Information Risk Report to Cabinet Office requirement strongly recommends the use of IA Supported Self Assessment. The Supported Self Assessment provides details of this procedure, and details of the service offered from CESG to assist departments in undertaking the assessment.

There is a Request Form (doc) available for customers to initiate the process of securing CESG support for this service.

For further information?

For all other enquiries please contact:
The Customer Support Office
CESG
Room A2j
Hubble Road
Cheltenham
Gloucestershire
GL51 0EX

General enquiries email: enquiries@cesg.gsi.gov.uk
Telephone: +44 (0) 1242 709141
Fax: +44 (0) 1242 709193
 © Crown copyright, 2008. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk