The Independent Review service involves an independent team of experienced CESG assessors conducting a detailed review of the Information Risk Management (IRM) arrangements within an organisation, as gauged against the HMG IA Maturity Model (IAMM). The IAMM Review is modelled on the Office of Government Commerce (OGC) Gateway Review process.
The Review team carries out a series of individual interviews with appropriate people, often at board level. At the end of the interview period, the team prepares a detailed report profiling the organisation against the IAMM business criteria, and making recommendations for improvements. The report is presented to the Senior Information Risk Officer (SIRO) or equivalent authority.
This service is offered at a firm price of £35k plus T&S costs (VATEX).
The Review team will be provided with documentary evidence of the IRM arrangements in advance of the interview period. The customer organisation will provide around 25 interviewees covering the whole range of criteria to be assessed within the IAMM. Each will be required for a 40-minute interview. The SIRO or equivalent will be available for a 15-minute debrief at the end of each interview day, and for a full hour at the end of the interview week.
Delivery timescales and lead time
The whole process will cover 7 days’ effort, 5 of which cover the interview and report presentation period. The elapsed time to complete this service is 3 months.
How to Secure this Service
Organisations should complete and submit the questionnaire in the downloads area or contact the CESG Enquiries