QT&C offer professional services and approved training courses into the following market sectors:
Predominantly dealing with concerns and best-practice issues regarding Information Security Management. Whilst this is ‘traditionally’ focused in and around technical and IT security, there is a growing realisation that a holistic management-led approach is the way forward.
We help organisations achieve international standards, best practice regulations and information based legal compliance.
Central Government benchmarks and measures improvement of their capabilities through the Information Assurance Maturity Model (IAMM), which incorporates the mandatory information related requirements of the HMG Security Policy Framework, the requirement to apply the 2008 Data Handling Review and is aligned with the ISO 27001 Standard and the broader outcomes sought by the National IA Strategy.
“The growing need for Departments to share information in response to the Transformational Government and Shared Services initiatives means that common standards need to be applied across Government.” CESG 2010
The IAMM is underpinned by an IA Assessment Framework (IAAF) which details the measures required to deliver the levels of maturity contained within the Model.
QT&C is supportive of this and can assist public bodies wishing to use the IAAF to conduct IA self-assessments in order to achieve progress through the 5 levels of the IAMM.
Local government’s vision and approach for IA is defined by a number of sources including: Local Government Association (LGA), Socitm, GCHQ and CESG to name but a few.
Their role is to develop and promote policies for local government around information assurance and the associated issues of information risk management, information security management, legal compliance and business continuity management.
In addition to National IA strategy, Local Government has its own sector specific reports such as the Local Government Data Handling Guidelines.
Overall initiatives such as the Government Connect Code of Connection have helped significantly with increasing compliance with good practice but more can be done. QT&C understands local government has its own specific IA needs, which is reflected in the way we approach service delivery and support of this highly inter-connected sector.
NHS and Social Care
The Information Governance Framework for our health and social care services are based on legislation, standards, policy and other guidance from which applicable Information Governance (IG) standards are derived.
In addition to setting policy on the use of information relating to patients and service users, a key focus is the application of robust Corporate Governance. This is reflected within the NHS IG Toolkit for which NHS organisations are required to complete regular assessments.
Part of completing IG Toolkit assessments (for NHS and private contractors working with the NHS) includes signing the Information Governance Statement of Compliance (IGSoC). This is to provide an assurance that key requirements are being met or that appropriate improvement plans are in place to remedy any shortcomings.
Through our long standing support of the healthcare sector QT&C can assist with IG Toolkit returns, submitting a Statement of Compliance as well training and motivating staff to behave in accordance with IG policy.
Our national police force follows the Police Service IA Strategy 2010 – 2013. The three year strategic direction aims to develop Information Assurance capabilities across the Police Service.
Outlining the requirements placed on the Police Service under the ACPO/ACPOS Community Security Policy, such as the HMG IA Maturity Model and Assessment Framework, the modular Code of Connection and Risk Managed Accreditation Document Sets for police systems. It also supports the implementation of the HMG National Information Assurance Strategy (NIAS) and Information Systems Improvement Strategy (ISIS) programme.
QT&C offers approved training and IA services in order to compliment this and further embed an IA culture within our Police forces.
MOD policy is heavily influenced by government policy, but naturally the primary focus here is on national information assurance strategy and cyber-security.