Security key for Capgemini’s Revenue deal

Link: Capgemini faces uphill struggle in tax merger

Processes such as appointment of subcontractors and staff accreditation programmes have been tightened at the department during the handover from previous supplier EDS.

All procedures implemented by Capgemini and partners Fujitsu Services and BT must also meet the BS7799 security standard, with the Revenue also planning to adopt the standard internally.

‘We now have in place a security governance structure, security accreditation processes and we approve subcontractors,’ said Dave Evans, head of security at the Inland Revenue, speaking at Gartner’s IT Security Summit last week.

‘At the start of the previous contract there was no effective security management process in place for the relationship,’ he said.

In one incident during the EDS contract, the Inland Revenue’s security department only discovered cost saving plans to shut a datacentre, and move information to a shared site, when an internal memo was circulated, said Evans.

The department has now built in a series of reviews to ensure that security procedures are adhered to at every stage on the outsourcing contract.

Related reading