Risk Management and Accreditation

For public bodies, a key part of the government accreditation process is preparation of a Risk Management Accreditation Document Set (RMADS) - a formal analysis that demonstrates that a system delivers appropriate levels of information assurance. ECA’s team are highly experienced in preparing RMADS on behalf of clients as part of the accreditation strategy.

The first stage in the RMADS is to determine the sensitivity (Business Impact Level) of information stored or processed within the system. The team will then conduct a formal technical risk assessment in accordance with HMG IA Standard 1, and use this to produce a prioritised risk catalogue. Based upon the identified risks, the team can then select suitable control mechanisms, develop a risk treatment plan to confirm that the controls meet the requirements of both the organisation and the governing authorities, and design suitable security operating procedures to ensure that the system is maintained to the necessary level of security.

ECA’s team are accustomed to the accreditation process - and in fact include a number of government accreditors - and work closely with client staff to ensure that not only is the RMADS properly prepared, but also that the system is successful in obtaining and maintaining its accreditation status.

Back to main Information Assurance page