0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn Follow Aristi Ltd on Google Plus

OUR SUCCESS STORIES.
MADE READABLE.

You are here:

Office of Rail Regulation.

"Aristi have become our trusted security advisor of choice, providing information security advice and guidance as and when we need it. We have built a strong working relationship with Aristi which has led to them having a good understanding of our organisation and it’s needs." Peter Fleming Accreditor, The Office of Rail Regulation

The Office of Rail Regulation (ORR) is the independent safety and economic regulator for Britain’s railways. It’s principal function is to secure the safe operation of the railway system, and to protect both those working on the system and members of the public from health and safety risks arising from the railways. As an independent regulator, ORR operates within the framework set by UK and EU legislation and is accountable through Parliament and the courts.

The challenge

The Cabinet Office’s Security Policy Framework (SPF) sets the mandatory standards by which government should comply with information and physical security. Government departments are required to submit an annual report showing compliance with the SPF, the first of which was submitted by ORR in June 2009. This annual report also includes an Information Risk Return section, which requires HMG’s Information Assurance Maturity Model (IAMM) to be completed. For the 2009 annual report, ORR as a non-ministerial government department was not required to complete the Information Risk Return section.

Cabinet Office informed ORR that it will be required to complete the Information Risk Return section for the 2010 annual report. A key requirement of the SPF involves the accreditation of a system that processes protectively marked data. This being a new area for ORR, a tender was issued to procure CLAS support to meet this requirement and provide ongoing advice and guidance over a three year period.

The solution

Aristi was selected as the trusted security partner and provided an experienced CLAS Consultant to help ORR through the accreditation process which involved a business impact assessment, a risk assessment in accordance with HMG IS1, production of a Risk Management and Accreditation Document Set (RMADS) and briefing the risk owner on the risks. To support the accreditation, Aristi was able to advise on secure architecture design, information security policies & procedures and security requirements for managed service providers.

Aristi continues to provide value to ORR by providing expert security advice on a number of business critical projects.

GET
IN TOUCH

Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.

CONNECT
WITH US

Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

Latest Tweets

If Marriott Hotels couldn’t protect their data when they were subject to data breaches, how can your business?:… https://t.co/2DKYoum6zP
17 sleeps till #Christmas !
Getting into the #Halloween spirit! https://t.co/57jpAuer3m

Subscribe to our Newsletter

Latest Blog Posts

  • 500 million customers can’t sleep easy with Marriott data breach

    The world’s largest hotel chain, Marriott Hotels, announced on Friday (November 30, 2018) that half a billion of its customers’ data had been breached dating as far back as 2014. Marriott owns more than 5,800 properties around the world with 1.1 million rooms spread across more than 110 countries[.  That makes this incident is a […]

    Written on Wednesday, 12 December 2018
  • Virtual Data Protection Officer

    The GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority, or if you carry out certain types of processing activities. To support your on going GDPR compliance and management requirements, we can provide a Virtual Data Protection Officer (vDPO) service giving you access to independent […]

    Written on Thursday, 10 May 2018
  • Protecting Businesses with Cyber Essentials

    The lack of basic cyber security controls remains a significant factor in the vast majority of cyber attacks in the UK today. Businesses are left worried about hackers, data loss and security, and are not sure where to turn. The scale of the threat is nothing new.  The media now regularly covering stories of data […]

    Written on Monday, 05 March 2018