Amethyst have worked with a Defence contractor to support security projects ranging from system accreditations, obtaining List X approval for pre-production and development environments, project security advice, and guidance on embedding security into new corporate governance structures.
The systems and environments under accreditation cover OFFICIAL to above SECRET and must host complex working arrangements for a mixture of UK and international personnel.
Amethyst consultants work closely with the Head of Security, the Security Controller and corporate IT management to support increased demands on their time and resources.
Amethyst consultants are managing several accreditations on their behalf including producing documentation required for submission as evidence supporting an accreditation verdict, scoping NCSC CHECK IT Health Checks and interfacing with the accreditor.
We have steered the contractor on the risks the accreditor will view as significant and how a security architecture for a sensitive network, in combination with a holistic approach to enterprise security, can satisfactorily mitigate those risks without unduly impacting upon their business goals.
Additionally, Amethyst are providing ad hoc advice and support on a range of tasks including obtaining an agreed security relevant Work Breakdown Structure for a major programme at pre-contract award, audit preparation for a crypto-custodian assessment and representing the contractor at project Security Working Groups.
The outline design presented by Amethyst to the accreditor provided confidence that risks were being considered at an early stage of the assurance process, and that the contractor would be able to proceed with their preferred way of working on project and programme deliverables.
The contractor faced a steep learning curve and a period of rapid expansion after winning several new projects, expanding their List X premises and recruiting new staff within a short time frame.
Amethyst are helping the contractor meet that challenge by being highly flexible and adaptable in how they provide support to the contractor, whether via remote working, face to face or responding quickly to requests for advice.