0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn


You are here:

Office of Rail Regulation.

"Aristi have become our trusted security advisor of choice, providing information security advice and guidance as and when we need it. We have built a strong working relationship with Aristi which has led to them having a good understanding of our organisation and it’s needs." Peter Fleming Accreditor, The Office of Rail Regulation

The Office of Rail Regulation (ORR) is the independent safety and economic regulator for Britain’s railways. It’s principal function is to secure the safe operation of the railway system, and to protect both those working on the system and members of the public from health and safety risks arising from the railways. As an independent regulator, ORR operates within the framework set by UK and EU legislation and is accountable through Parliament and the courts.

The challenge

The Cabinet Office’s Security Policy Framework (SPF) sets the mandatory standards by which government should comply with information and physical security. Government departments are required to submit an annual report showing compliance with the SPF, the first of which was submitted by ORR in June 2009. This annual report also includes an Information Risk Return section, which requires HMG’s Information Assurance Maturity Model (IAMM) to be completed. For the 2009 annual report, ORR as a non-ministerial government department was not required to complete the Information Risk Return section.

Cabinet Office informed ORR that it will be required to complete the Information Risk Return section for the 2010 annual report. A key requirement of the SPF involves the accreditation of a system that processes protectively marked data. This being a new area for ORR, a tender was issued to procure CLAS support to meet this requirement and provide ongoing advice and guidance over a three year period.

The solution

Aristi was selected as the trusted security partner and provided an experienced CLAS Consultant to help ORR through the accreditation process which involved a business impact assessment, a risk assessment in accordance with HMG IS1, production of a Risk Management and Accreditation Document Set (RMADS) and briefing the risk owner on the risks. To support the accreditation, Aristi was able to advise on secure architecture design, information security policies & procedures and security requirements for managed service providers.

Aristi continues to provide value to ORR by providing expert security advice on a number of business critical projects.


Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.


Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

Latest Tweets

Merry Christmas and a Happy New Year from the team at Aristi! Have fun and stay safe over the festive season. https://t.co/ySXp9RcG40
Good discussion and knowledge sharing at the Aristi Cyber Resilience event this morning. #cyberresilience… https://t.co/DkT0iBlejj
Aristi CEO Harj Singh interview on BBC television. https://t.co/8rWzAKMkYk https://t.co/ilRGiUuYsp

Subscribe to our Newsletter

Latest Blog Posts

  • Would your business survive a cyber attack?

    A cyber-attack can have a huge impact on your organisation in terms of cost, productivity and reputational damage. Being prepared to detect and quickly respond to incidents will help to reduce the business impact and prevent the attacker from inflicting further damage. If the cyber-attack results in a personal data breach then you have a […]

    Written on Monday, 16 September 2019
  • Cyber Resilience for Charities

    A Round Table Event for Charities Charities are increasingly reliant on IT and technology and are falling victim to a range of malicious cyber activity. The recent government Charity Sector Threat Assessment indicates that losing access to this technology, having funds stolen or suffering a data breach through a cyber-attack can be devastating, both financially and […]

    Written on Thursday, 07 March 2019
  • 10 years of Aristi by its founder, Harj Singh

    What’s in a name? The word Aristi has three meanings – security, excellence and calm. Find out where we started and where we believe cyber security to be headed.

    Written on Thursday, 24 January 2019