Security accreditation on trial

Security accreditation on trial

The government is set to trial an IT security accreditation that it hopes will assure both the private and public sectors that software companies, which sell products such as antivirus software and firewalls, meet quality standards.

Link: Hack attacks and spam set to increase

The accreditation scheme – similar to the familiar kitemark – may allay fears over the increasing amount of spam that clogs email inboxes and malicious attacks against IT systems.

Accountancy Age’s sister publication, Computing, has been calling for such a programme for the past two years as part of its Trust campaign. The Cabinet Office’s central sponsor for information assurance (CSIA) group, which coordinates information security projects across government, will trail the ‘Claims Test Mark’ scheme before the end of the year.

‘What we are trying to replicate is the Ronseal test, where a product does exactly what it says on the tin,’ said Harvey Mattinson, head of accreditation at the CSIA.

The accreditation scheme will primarily be focused on helping government departments, agencies and local authorities select information security products such as anti-virus software, firewalls and disk encryption.

‘The accreditation process will take weeks, rather than months or years,’ CSIA director Dr Stephen Marsh said.

‘With certain products and services, you need to have this kind of pace, as threats can change so rapidly.’ Vendor products submitted for review will be measured for security, integrity and ease of use, with the CSIA hoping to measure against BS and ISO 7799 standards in the future.

The CSIA-led General Information Assurance Products and Services Initiative will run the scheme and hopes it will provide private sector businesses with a way of gauging the quality of the product they are buying.

The CSIA is working with the United Kingdom Accreditation Service and CESG, the GCHQ-run national technical authority for information assurance, to establish a number of independent test centres and assessment criteria.

‘In principle this is a good idea, as it gives people standards they can understand and suppliers something they can strive towards,’ said Beatrice Rogers, head of private sector at IT industry body Intellect. ‘But the government needs to make it clear what accreditation means.’

‘With the ABTA stamp, consumers know if an airline collapses they’re likely to be protected. ‘Likewise, the government needs to make clear what accreditation means for both the client and the vendor adopting it,’ she said.

Just last month, an Ernst & Young survey highlighted concerns about the level of awareness about information security among businesses across the globe.

Nearly three-quarters of the 1,200 organisations questioned failed to list training and raising employee awareness of information security issues a top priority.

One in three respondents that had outsourced their IT operations said that they had not conducted a regular check on their IT providers to monitor compliance with information security policies.

Share

Subscribe to get your daily business insights

Resources & Whitepapers

Why Professional Services Firms Should Ditch Folders and Embrace Metadata
Professional Services

Why Professional Services Firms Should Ditch Folders and Embrace Metadata

3y

Why Professional Services Firms Should Ditch Folde...

In the past decade, the professional services industry has transformed significantly. Digital disruptions, increased competition, and changing market ...

View resource
2 Vital keys to Remaining Competitive for Professional Services Firms

2 Vital keys to Remaining Competitive for Professional Services Firms

3y

2 Vital keys to Remaining Competitive for Professi...

In recent months, professional services firms are facing more pressure than ever to deliver value to clients. Often, clients look at the firms own inf...

View resource
Turn Accounts Payable into a value-engine
Accounting Firms

Turn Accounts Payable into a value-engine

3y

Turn Accounts Payable into a value-engine

In a world of instant results and automated workloads, the potential for AP to drive insights and transform results is enormous. But, if you’re still ...

View resource
Digital Links: A guide to MTD in 2021
Making Tax Digital

Digital Links: A guide to MTD in 2021

3y

Digital Links: A guide to MTD in 2021

The first phase of Making Tax Digital (MTD) saw the requirement for the digital submission of the VAT Return using compliant software. That’s now behi...

View resource