» Expressions of Interest Notice – CESG Standard Security Certification Scheme

15 February, 2010

The UK National Technical Authority for Information Assurance in HMG (CESG) is planning a certification scheme for telecommunication service providers, the CESG Standard Security Certification Scheme (the “Scheme”). This is part of the development of the Security Standards for the Public Sector Network (PSN).

The Scheme is intended to provide assurance of security to meet HMG defined business impact level 224 (level 2 for confidentially, 2 for integrity and level 4 for availability). The scheme will be based on Information Security Management System (ISMS) certification to ISO 27001, and will add requirements specific to the telecommunications sector.

Draft details of the Scheme are available from the CESG Project Manager, Patrick McAuliffe, E Mail : Patrick.McAuliffe@GCHQ.gsi.gov.uk for the specific purpose of considering whether to submit an EOI in response to this Notice.  

In anticipation of the launch of the scheme UKAS is inviting expressions of interest from UK based Certification Bodies (“CBs”) to participate in a limited pilot programme for accredited certification of specific services, systems or facilities of telecommunications companies against the requirements of the Scheme. The pilot is intended to enable successful CBs to provide accredited certification against the Scheme requirements.

CBs interested in taking part in the pilot programme will need to hold UKAS accreditation for ISMS; be prepared for their relevant Lead Auditor(s) to attend a CESG approved training course and for the Lead Auditor(s) to undergo security clearance at the Counter Terrorism level (CTC). Details of the Lead Auditor course are available from the CESG Project Manager, Patrick McAuliffe (contact details as above). Any CB interested in taking part in the pilot would also need to identify and submit details of customers’ services, systems or facilities for potential certification to the Scheme. These customers must be willing to have the audit of their relevant service, system or facility witnessed by a UKAS assessment team during the pilot programme.

Expressions of interest should be sent to info@ukas.com marked for the attention of Navnit Gill on Friday 19th March 2010. On receipt of expressions of interest, UKAS will provide further details to interested parties on the process for applying for inclusion in the pilot.

Further information can be obtained from David Hayward (david.hayward@ukas.com)