The National Technical Authority for Information Assurance
 
  ABOUT US   PRODUCTS & SERVICES   PUBLICATIONS   POLICY & TECHNOLOGIES   FIND A .....
IAMM
Introduction
Whats New Archive
HMG IA Maturity Model (IAMM) (pdf)
Assisted Assessment Guide (pdf)
Self Assessment Guide (pdf)
2010 Supported Self-Assessment Guide v1.0 (pdf)
2010 CO IRR Tool v1.7 (zip)
IAMM Assessment services and Application Form (doc)
IAMM Review Process Diagram - interim (pdf)

 
 
HMG IA Maturity Model

This page provides a portal to information in support of the HMG IA Maturity Model (IAMM) (pdf) and supporting guidance.

As part of assisting organisations' boards to progress towards the broad outcomes of the National IA Strategy, and particularly the mandatory and other measures set out in the Data Handling Review, this IAMM has been created. It is supported by the Information Assurance Assessment Framework (IAAF), which is designed to assist an independent review of progress against the IAMM within an organisation. In its turn, this review will assist organisational boards to report ongoing improvements in their Information Assurance and Information Risk Management postures in their annual reports to Cabinet Office.

Additional guidance will be provided here over the coming months, noted under What's New below.

Enquiries from organisations interested in pursuing assessments using the IAMM and IAAF should contact the CESG enquiries line in the first instance.

What's New

15.00hrs Monday 8th March 2010: Version 1.7 of the 2010 CO IRR Tool (zip) is now available. It is provided in password protected zip form in order to preserve the macro content only; there are no confidentiality requirements here.
The password is CESG
This upgrade does not include any changes to the textual content of the spreadsheet, amendments are exclusively to the spreadsheet functionality, and to the scoring computations. As a result, it is possible that assessments against v1.7 may reveal slightly different results than v1.6, and this reflects error correction from v1.6 to v1.7.
CESG is keenly aware of the potential impact on organisations who have already conducted an assessment against v1.6, and the potential work in re-keying inputs into v1.7. As a result, we have included an Import facility on the Instructions sheet. This will allow users to import all user input from an already populated v1.6, and automatically populate a new v1.7.

15.30hrs Wednesday 27th January 2010: V1.6 of the 2010 CO IRR Tool (xls) is now available. This upgrade does not include any amendments to the scoring arrangements, or the results sheets. The changes are exclusively within the SPF Details sheet, where COSPD have asked that composite scores be agreed for SPF Mandatory Requirements. Further guidance on this will be published from Cabinet Office separately.

09.00hrs Monday 7th December 2009: At popular demand, the HMG IA Maturity Model Independent Review Process diagram (pdf) is available. Please note this is provided on an interim basis pending the publication of full guidance in support of HMG IAMM Independent Reviews. It should not be considered definitive, and may be subject to change without notice. For further enquiries, please revert to CESG enquiries.



The FY08/09 Annual Information Risk Report to Cabinet Office requirement strongly recommends the use of IA Supported Self Assessment. The Supported Self Assessment provides details of this procedure, and details of the service offered from CESG to assist departments in undertaking the assessment.

There is a Request Form (doc) available for customers to initiate the process of securing CESG support for this service.

For further information?

For all other enquiries please contact:
The Customer Support Office
CESG
Room A2j
Hubble Road
Cheltenham
Gloucestershire
GL51 0EX

General enquiries email: enquiries@cesg.gsi.gov.uk
Telephone: +44 (0) 1242 709141
Fax: +44 (0) 1242 709193
 © Crown copyright, 2010. This CESG Website is maintained for your personal use and viewing. Access and use by you of this site constitutes acceptance of our terms and conditions which take effect from the date of first use. Click here for our terms and conditions CESGweb@cesg.gsi.gov.uk