0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn

OUR SUCCESS STORIES.
MADE READABLE.

You are here:

Office of Rail Regulation.

"Aristi have become our trusted security advisor of choice, providing information security advice and guidance as and when we need it. We have built a strong working relationship with Aristi which has led to them having a good understanding of our organisation and it’s needs." Peter Fleming Accreditor, The Office of Rail Regulation

The Office of Rail Regulation (ORR) is the independent safety and economic regulator for Britain’s railways. It’s principal function is to secure the safe operation of the railway system, and to protect both those working on the system and members of the public from health and safety risks arising from the railways. As an independent regulator, ORR operates within the framework set by UK and EU legislation and is accountable through Parliament and the courts.

The challenge

The Cabinet Office’s Security Policy Framework (SPF) sets the mandatory standards by which government should comply with information and physical security. Government departments are required to submit an annual report showing compliance with the SPF, the first of which was submitted by ORR in June 2009. This annual report also includes an Information Risk Return section, which requires HMG’s Information Assurance Maturity Model (IAMM) to be completed. For the 2009 annual report, ORR as a non-ministerial government department was not required to complete the Information Risk Return section.

Cabinet Office informed ORR that it will be required to complete the Information Risk Return section for the 2010 annual report. A key requirement of the SPF involves the accreditation of a system that processes protectively marked data. This being a new area for ORR, a tender was issued to procure CLAS support to meet this requirement and provide ongoing advice and guidance over a three year period.

The solution

Aristi was selected as the trusted security partner and provided an experienced CLAS Consultant to help ORR through the accreditation process which involved a business impact assessment, a risk assessment in accordance with HMG IS1, production of a Risk Management and Accreditation Document Set (RMADS) and briefing the risk owner on the risks. To support the accreditation, Aristi was able to advise on secure architecture design, information security policies & procedures and security requirements for managed service providers.

Aristi continues to provide value to ORR by providing expert security advice on a number of business critical projects.

GET
IN TOUCH

Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.

CONNECT
WITH US

Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

Latest Tweets

Effective data governance in charities. https://t.co/N7dLq8eX0C #gdpr #cybersecurity
cloudThing, Aristi and Microsoft demonstrate how Dynamics 365 and AI can help Charities incrementally improve fundr… https://t.co/UScVmG0mPj
One of our cyber experts will be doing a live hacking demo at the Solihull Coffee & Natter Business Networking even… https://t.co/xWBktxcefQ

Subscribe to our Newsletter

Latest Blog Posts

  • Cyber Resilience for Charities

    A Round Table Event for Charities Charities are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. The recent government Charity Sector Threat Assessment indicates that losing access to this technology, having funds stolen or suffering a data breach through a cyber-attack can be devastating, both financially and […]

    Written on Thursday, 07 March 2019
  • 10 years of Aristi by its founder, Harj Singh

    What’s in a name? The word Aristi has three meanings – security, excellence and calm. Find out where we started and where we believe cyber security to be headed.

    Written on Thursday, 24 January 2019
  • 500 million customers can’t sleep easy with Marriott data breach

    The world’s largest hotel chain, Marriott Hotels, announced on Friday (November 30, 2018) that half a billion of its customers’ data had been breached dating as far back as 2014. Marriott owns more than 5,800 properties around the world with 1.1 million rooms spread across more than 110 countries[.  That makes this incident is a […]

    Written on Wednesday, 12 December 2018