Our Work

Received from Adrian Sauter, De La Rue:

I am very happy to provide a reference for the ECA Group. We employed ECA from July 2009 to October 2010, in support of our bid for, and implementation of, the UK passport replacement and design project. This was a large and complex project involving security and risk management aspects that had national security implications and involved work in many different European and Asian countries.

Specifically ECA Group provided the following services:

Support and expert CLAS Consultancy advice in support of DLR UK Passport Project. Including but not limited to:

  • Produce/Modify RMADS in accordance with set format guidelines and pro forma template.
  • Provide systems security solutions advice and recommendations.
  • Provide support and advice in respect of security related Risk Management activities.
  • Provide systems and network infrastructure advice and recommendations to support the implementation of the technical solution.
  • Security survey of all De La Rue factories in UK and Europe
  • Specific advice on Security Documentation and RMADS.

ECA supported us on many occasions in front of our customer and partners. We were very happy with the quality of their work and their professionalism.

Received from Jason Burg, Avarto-Bertelsmann:

The ECA Group have been working with Avarto Bertelsmann since February 2012 as their sole security and accreditation advisors on the Department for Transport Shared Services bid.

The ECA Group provides the following services:

Procurement and Security Accreditation advice
In-depth support and advice on all HMG Security activities
Produced the draft ISMS and RMADS and all other security documentation, including support at customer bilateral meetings

The ECA team, with whom I have personally worked in the past (in the Cabinet Office and at T-Systems), are responsive, proactive and highly knowledgeable on all aspects of cyber defence measures and security. They continue to support us with ongoing bid support.

I would have no hesitation in recommending the ECA group.

Bank of England

ECA have completed an information assurance review and made actionable recommendations which will be included in the Bank’s IA strategy.

UK Trusted Borders Programme

Providing specialist Accreditation, and Security Architecture team services to Raytheon Systems Limited at very senior level.

ICTS Europe

Trusted Security Partner for the provision of air passenger data.

De La Rue

Advised DLR on Security issues in support of their successful bid to win the contract for passport production for the UK Identity and Passport Agency. Undertook subsequent Logical, Physical and Procedural Security deign for DLR sites including secure hosting and Risk Management and Accreditation reports (RMADS) for various sites and systems.

Centre for Protection of National Infrastructure (CPNI) and UK Clearing Banks

Authored the definitive guideline for the protection of the national Data Centre stock for CPNI security professionals.


Engaged as Security Partner advising across the complete spectrum from policies to RMADS. Work in support of contract bids, and engaged to provide an Enterprise Document Management and e-filing capability to the Ministry of Justice and SOCA.

Crown Prosecution Service

Reviewed several existing Data Management programmes, RMADS and conducted a Privacy Impact Assessment assuring conformance with the Hannigan Report.


Delivered a detailed technical review of the expansion capability on the Canary Wharf site for the FTSE.

Network Rail

Engaged to author the establishment paper for the then new Security Directorate. This included the scope, roles, responsibilities and job descriptions. Subsequently provided the detailed establishment and organisation for the Technical Design Authority. Network Rail implemented in full the recommendations made by ECA to mitigate the security and network vulnerabilities of the Information and Communication networks. The programme identified, documented, redesigned and rationalised the entire network, setting standards to be adopted for Network Rail computing and control centres. Subsequently the Network Rail Auditors directed ECA to undertake a major review of business continuity, disaster recovery, security vulnerabilities and contingency planning for the major London Stations.

International gaming company

Specified and supervised the construction of a highly resilient data and hosting centre in Gibraltar.

Application of Security and the Prevention of Fraud in Identity Management Home Office ID Card Programme

Achieved and delivered appropriate resilience, security, integrity, prevention of fraud measures and Government Security Accreditation for the UK National ID Card Scheme and the Identity and Passport Agency, both designated part of the Critical National Infrastructure. The remit was extremely high profile, wide ranging and demanding; and included setting and approval of completely new or radically updated and revised government - wide standards for Identity Management, pre-employment vetting and security clearance. ECA were the Lead IA and Security Architects, working closely with national security agencies and the technical team responsible for challenging designed levels of Assurance around Identity, Integrity and Availability with leading edge biometric and database technology. ECA also conducted a series of wide-ranging and very sensitive evaluations of secure hosting environments provided by IPS, DVLA, DWP and a number of commercial suppliers.

CNI Data Centre and Control Centre Resilience

Authored the detailed technical specification and evaluation criteria for UK Government’s CNI data centres following a comprehensive UK survey. Established the criteria for the selection of two exemplar Cabinet Office data centres and wrote the detailed Engineering, Security, Resilience and Accreditation specification for the National Fire Control Centres Programme.


Provided security and assurance advice for Europol. Delivered extensive technical recommendations which were fully implemented.

National Fire and Rescue Control Centres

Engaged to lead the security and resilience aspects of programme definition for the National Fire & Rescue Service, through site selection, design, build and commissioning plans of eight Regional Fire Control centres; all part of the UK Critical National Infrastructure (CNI), including their security accreditation planning. Lead technical, security and resilience architects working with commercial architects and other advisors to design and build the above control centres. Established detailed location selection criteria that were incorporated in the procurement. Core members of the design team and led the final Threat and Risk assessments for the 8 RCCs as due diligence prior to procurement.

In addition, ECA undertook a separate review of the existing London Fire Brigade Control Centres for security, resilience and vulnerability under CNI with recommendations to the Ministers. These recommendations will be implemented before the 2012 Olympics.

Cabinet Office - Critical National Infrastructure (CNI)

Engaged by the Cabinet Office as infrastructure and security architects within the Microsoft team constructing and delivering the Government Electronic Gateway. ECA were contracted to remain with the Cabinet Office as security and technical architects to deliver the UK-online infrastructure, security accredited to go live. Defined the operational processes and procedures for the delivery of the UK-online portal and ran Live Services delivery for the initial 6 months in service.

South Central Ambulance Service NHS Trust (SCAS)

ECA were engaged by SCAS to provide design services for the consolidation of 4 regional ambulance service control rooms into a centralised and re-designed service.

NYSE Liffe Euronext

Conducted a critical threat assessment of a proposed new site for Liffe Euronext UK operations. This report was delivered and instrumental in the purchase of a significant investment for NYSE in Europe.

ARK Continuity Ltd

Provided a broad range of security, design and assurance services for a 30-acre above and below ground ex MoD site for the construction and operation of a number of secure and resilient data and control centres.

Saudi Arabia Ministry of the Interior and Dell/Microsoft consortium

Advised both parties on the most effective method of achieving a proposed programme of modernisation for Saudi Interior Ministry, Data and Management Information project.

Microsoft Consulting Services, Scottish Power

Conducted an independent review of the Scottish Power eCommerce project - implementation of the recommendations brought the project back on target from a severe slippage.