Planning and Delivery are in Progress.

Report Date

January 2019

Report For December 2018

Achievements in the last Period.

Technical Controls

SIEM – Splunk Neil Kell has highlighted a standard, GPG13 (Good practice guide) that would satisfy our ISO27001 SIEM guidelines. Splunk has a plugin app for this standard. We discussed this with the Splunk service team who will look for the ‘right’ consultant to assist us with this. Splunk stated that they will give us an instructional pdf to enable us to integrate splunk with our Log Insight logs on the 4^th of Feb. Once Stephen has this he’ll try it out. Splunk were pretty non-committal as to when they would be able to give us the required consultant to support us.

Management Cluster Upgrade We have a quote for an R630. We need this requoted with more RAM. We need a quote for the VMWare required to run on this Hypervisor.

Cage. This is ordered and we should get a delivered date over the next week or two. Paul Hutton is aware.

IDS / IPS This isn’t going ahead. Stephen has document the reasons.

 Encryption. We have a meeting with Thales (through Softcat) on Wednesday. I would hope after that we will have an idea of direction. The disks to support the TSM Encryption have been ordered and Ian Wilkes is here from the 5^th Feb. I would hope to be able to publish a plan to complete for this by the end of Feb.

Governance Project Board and Security Working Group are defined and in place.

Policy and Procedures These are in progress. This is a large task that will need more resource than has been applied to it to date. Hard to do any level of detailed planning on this due to lack of resources. Very soft completion date of end of May.

Incident Management Meetings on-going trying to clarify the status of required standards and procedures from a Data Safe Haven Perspective.

Key Tasks For Next Period

• As above.

Issues

Lack of resource in both the Technical and Ops areas is holding up progress.

Milestones