PORTFOLIO

Electronic information is critical to the successful operation of all types of organisation; Government, industry, finance and commerce, health services and even charities. Organisations must ensure that their information is safe and secure. If information is damaged (accidentally or deliberately), stolen, or even just not available when needed, then a business can be severely or terminally affected.

EDS and Government Information
Governments rightly expect high standards from those who are charged with designing and delivering information systems and networks. EDS has worked with Government Departments for many years on the development of major systems that meet the Government's stringent standards for IT security and assurance. Recent clients include the Ministry of Defence, the Department for Works and Pensions and the Ministry of Justice.

A Lifecycle Approach to Assurance
EDS Security and Privacy Services provide techniques, technologies and skills to ensure and support security throughout the life of an information system. Assessment Services include Security Audits; Risk Assessments; Disaster Recovery and Business Continuity checks. Risk Assessments are performed using the methodology preferred by individual Departments, for instance: CRAMM; or Infosec Standard 1.

Protection Services include Security Policy development; Security Architecture and Design; secure configuration of Operating Systems and Firewalls to Government requirements.

Security Accreditation Services include the development of Accreditation Document Sets and Risk Management Accreditation Document Sets. EDS has provided this service to many government departments.

Validation Services include formal and informal security evaluations; assessments of conformance to existing policies or to industry standards, such as ISO 17799.

Formal Security Evaluation: EDS in the UK operates a CommerciaL Evaluation Facility (CLEF) authorised by the UK Government to undertake evaluations of products and systems under the ITSEC and Common Criteria schemes.

The EDS CLEF has evaluated the security of many Government owned Information Systems. A separate brochure on the EDS CLEF is available from EDS, and further details of formal security evaluation are held on the UK Certification Body's Web site at www.itsec.gov.uk.

Training Services include security workshops; training for users, administrators and managers. Monitoring and Management Services include system and network monitoring; intrusion detection systems; incident response. EDS applies these services in the operation of major Government systems, such as those of the Prison Service, Department for Work and Pensions and Rolls Royce.

CLAS - INFOSEC Advice for HMG
EDS has consultants who are approved under the CESG Listed Adviser Scheme (CLAS) to provide Information Security (Infosec) advice to Government Departments on:

• Connectivity to the Government Secure Intranet (GSI) and xGSI
• Other connectivity issues flowing from the 'Government Direct' initiative.

IT Health Check
The IT Health Check service is a vulnerability assessment and penetration test service providing baseline assurance for Government Departments. EDS is an approved deliverer of the IT Health Check Service. Further details are held on the CESG website at www.cesg.gov.uk