0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn


You are here:

Office of Rail Regulation.

"Aristi have become our trusted security advisor of choice, providing information security advice and guidance as and when we need it. We have built a strong working relationship with Aristi which has led to them having a good understanding of our organisation and it’s needs." Peter Fleming Accreditor, The Office of Rail Regulation

The Office of Rail Regulation (ORR) is the independent safety and economic regulator for Britain’s railways. It’s principal function is to secure the safe operation of the railway system, and to protect both those working on the system and members of the public from health and safety risks arising from the railways. As an independent regulator, ORR operates within the framework set by UK and EU legislation and is accountable through Parliament and the courts.

The challenge

The Cabinet Office’s Security Policy Framework (SPF) sets the mandatory standards by which government should comply with information and physical security. Government departments are required to submit an annual report showing compliance with the SPF, the first of which was submitted by ORR in June 2009. This annual report also includes an Information Risk Return section, which requires HMG’s Information Assurance Maturity Model (IAMM) to be completed. For the 2009 annual report, ORR as a non-ministerial government department was not required to complete the Information Risk Return section.

Cabinet Office informed ORR that it will be required to complete the Information Risk Return section for the 2010 annual report. A key requirement of the SPF involves the accreditation of a system that processes protectively marked data. This being a new area for ORR, a tender was issued to procure CLAS support to meet this requirement and provide ongoing advice and guidance over a three year period.

The solution

Aristi was selected as the trusted security partner and provided an experienced CLAS Consultant to help ORR through the accreditation process which involved a business impact assessment, a risk assessment in accordance with HMG IS1, production of a Risk Management and Accreditation Document Set (RMADS) and briefing the risk owner on the risks. To support the accreditation, Aristi was able to advise on secure architecture design, information security policies & procedures and security requirements for managed service providers.

Aristi continues to provide value to ORR by providing expert security advice on a number of business critical projects.


Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.


Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

Latest Tweets

Aristi consultant unwinding on our latest office toy. #spaceinvaders https://t.co/fijxBrgpfR
Continuous testing https://t.co/XmIzWuMZjH

Subscribe to our Newsletter

Latest Blog Posts

  • Testing as a Service

    Aristi has developed an innovative new cyber security service to give businesses and public sector organisations reassurance that they are doing all they can to defend against hackers. Many organisations conduct annual IT Health Checks to identify security weaknesses in their IT systems. However, a cyber-attack can occur at any time resulting in significant business […]

    Written on Monday, 24 February 2020
  • Would your business survive a cyber attack?

    A cyber-attack can have a huge impact on your organisation in terms of cost, productivity and reputational damage. Being prepared to detect and quickly respond to incidents will help to reduce the business impact and prevent the attacker from inflicting further damage. If the cyber-attack results in a personal data breach then you have a […]

    Written on Monday, 16 September 2019
  • Cyber Resilience for Charities

    A Round Table Event for Charities Charities are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. The recent government Charity Sector Threat Assessment indicates that losing access to this technology, having funds stolen or suffering a data breach through a cyber-attack can be devastating, both financially and […]

    Written on Thursday, 07 March 2019