Public Sector Services

Information and Cyber Security Services for the Public Sector

In the event of an information or cyber security breach, the impact and consequences on a Central or Local Government body’s service delivery and reputation can be hugely damaging.

And the issue is not an IT one – it is a business one.  That’s why Aston’s information security consultants have assisted many Public Sector clients to understand their attack surface and to action 1st and 3rd party risk management services.

Our Public Sector First and Third-Party Risk Management (TPRM) Services

Aston’s First-Party Risk Management service involves auditing the information and cyber security of the Public Sector client and assessing the level of compliance against a number of global information standards such as ISO 27001, ISO 27002, ISO 27701, ISO 27018, NIST, NIS Regulations, PCI DSS, PSN.

We also provide on-going services to monitor the Cyber Security Rating of our clients and the attack surface.

Central and Local Government bodies are responsible for some of the most critical systems and data in the country. However, they also face unique cybersecurity challenges due to resource constraints and a heavy reliance on contractors and subcontractors.

The number of contractors and suppliers that a public body has to manage can run into the hundreds which increases the attack surface authorities are exposed to.  Often, carrying out the Pre-Contract Due Diligence and the Post-Contract monitoring, as well as on-going assurance, results in risks being accepted without full understanding of the impact.

This is why Third-Party Risk Management has become such an important asset to protect authorities with the ever-increasing speed and digitisation of business integration and reliance.

Third Party Risk Management (TPRM) consultancy

Authorities need to understand the attack surface their suppliers expose them to, which is why we provide Supplier Cyber Security Assurance services and consultancy.

Third-Party Risk Management (TPRM) provides high levels of information and cyber security experience and expertise, along with knowledge of Open Source Intelligence (OSInt) tools to understand and identify these unique risks and in turn communicate those to the business to help them understand the risk they are taking on.

Our service includes reviews to:

• Ensure that all business areas include proportionate and appropriate security requirements within all procurements.
• Ensure security due diligence is conducted on all bid applications as part of the procurement process.
• Identify physical, personnel and information security risks and/or vulnerabilities and report these prior to contract award.
• Work with businesses in order to provide suppliers with early insight into the mandatory minimums security requirements expected of them during the life of a contract.
• Supporting and ensuring consistency in approach for the delivery of Supplier Security Assurance across Commercial Directorate.
• Conduct on-going assurance activities post-contract award to ensure suppliers maintain compliance with minimum security requirements.
• Conduct on-site supplier security assessments.
• Ensure consistent and accurate reporting of Supplier Security findings to internal stakeholders including Contract Managers and Senior Leadership Team.
• Ensure risk-informed decisions regarding current and future security investments required to protect the Department’s assets and transform the Department’s security architecture.
• Work closely with security and other internal and external stakeholders, to ensure threats, vulnerabilities and opportunities with the potential to impact or improve the resilience of DWP IT Infrastructure, are identified, and / or reported appropriately.

Benefits of Third Party Supplier Cyber Security Assurance

Aston assists the Public Sector to manage their third-party supplier risks, continuously monitor their supplier threat landscape and improve the levels of their security from breaches in Confidentiality, Integrity and Availability.

Working with our Public Sector clients, we provide objective, unbiased security performance metrics which result in Cyber Security Ratings and attack surface monitoring, enabling Internal Security teams to continually track the cybersecurity risk landscape they are exposed to from their supply chain.  We help organisations ensure that the third-party risk management process is effective and efficient.