Data Safe Haven - Achieving ISO 27001
  1. Home
  2. Projects
  3. Data Safe Haven - Achieving ISO 27001
  4. Status
  5. ISO27001 Centification for DSH has completed the Initial Risk Analysis and planning is under way.

ISO27001 Centification for DSH has completed the Initial Risk Analysis and planning is under way.

Report Date
December 2018

Report For December 2018

 

Achievements in the last Period.

  • Data Safe Haven – Status.

     

    Technical Controls

    SIEM - Splunk

  • We have bought the licence
  • On-Site Splunk Workshop with Consultant 23/1/19
  • Publish 1st cut Scope and Plan – 31/1/19
  • Need to clarify Security team additional requirements.

  • Cage.

  • This has hit a blocker with the 50k procurement limit and needs an NCA (Non Competitive Action) letter comepleted.
  • Hopefully we’ll be able to progress on that basis.

  • IDS / IPS

  • We have had initial scoping discussion with a consultant from Soft Cat.
  • This is with a view to giving us some options that’s will hopefully satisfy both technical and ISO27001 requirements.
  • We will get initial feedback on Tuesday 15th.
  • I would hope to have selected a solution and have an initial plan by 31st Jan.

  •  

    Governance

  • First Security Working Group is scheduled for next week.
  • Agenda will be agreed and circulated beforehand.
  • Project Board will be reinitialised two weeks later.
  • ToRs have been created and distributed for both meetings.

  •  

    Roles and Responsibilities

  • These have pretty much been documented and agreed.
  • We will target completing and signing off this task by 31st Jan 2019.

 

Policy and Procedures.

  • We have received the bulk of the standards.
  • These are at varying levels of completion and some are still outstanding but there is more than enough for us to progress with Procedures.
  • We are going through the standards and identifying high level procedures. These will in turn be assigned to individuals for completion.
  • Initial target is to complete this by end of March. 19.

This represents the progress we have made on the components we have started.

 

Key Tasks For Next Period

  • As above.

Issues

  • The Technical have been pretty well pulled into other non DSH work that is currently deemed higher priority. This will have significant impact potentially until the end of the year.

 

Milestones

Stage Milestone Due Date  
Analyse Clarify Dependency for Incident Management. 31-Jan-2019

view
Plan Agree Plan for SIEM (Splunk) 31-Jan-2019

view
Plan Agree Scope For IDS / IPS 31-Jan-2019

view
Plan Agree Initial Plans for All Other Components 31-Jan-2019

view
Plan Complete Plan. 28-Feb-2019

view
Deliver Complete Policy and Procedures. 31-Mar-2019

view
Close Close Project 31-Dec-2019

view
Project Status
RAG Status
Time
GREEN
Cost
AMBER
Scope
AMBER
Overall
AMBER
RAG Commentary
Lack of resource in the Technical area is holding up our ability to clarify technical requirements and move forward.
Change Status
Time
Within Tolerance
Cost
Within Tolerance
Scope
Within Tolerance
Overall
Within Tolerance
Has formal escalation taken place?
No
Activity
Approved budget
0.0 days
Activity this month
0.0 days
Activity this year
0.0 days
Activity to date
0.0 days
Estimate to complete current year
0.0 days
Estimate to complete future years
0.0 days
This article was published on

Project Info

Project
Data Safe Haven - Achieving ISO 27001
Code
RSS042
Programme
ITI - Research Services (RSS)
Management Office
ISG PMO
Project Manager
Andy Todd
Project Sponsor
Anthony Weir
Current Stage
Deliver
Status
In Progress
Project Classification
Transform
Start Date
08-Oct-2018
Planning Date
31-Jan-2019
Delivery Date
29-Nov-2019
Close Date
31-Dec-2019
Overall Priority
Higher
Category
Compliance

Documentation