CLAS

What is CLAS?

CLAS is the CESG Listed Adviser Scheme, which links the Information Assurance knowledge of CESG with the expertise and resources of the private sector.

CESG is the Information Assurance (IA) arm of Government Communications Headquarters (GCHQ) and is based in Cheltenham, Gloucestershire. It is also the UK government’s National Technical Authority for Information Assurance.

As a result of an increasing awareness of the threats and vulnerabilities that information systems are likely to face in our ever-changing world, CESG recognises that there is an increasing demand for authoritative Information Assurance advice and guidance.

What is Information Assurance?

Information Assurance (IA) is the confidence that information systems will protect the information they carry and will function as they need to, when they need to, under the control of legitimate users.

  • Information Assurance is the management of information-related risks.
  • IA practitioners seek to protect and defend information and information systems by ensuring confidentiality, integrity, authentication, availability, and non-repudiation.
  • These goals are relevant whether the information is in storage, processing, or transit, and whether threatened by malice or accident.

Information Assurance standards are defined by CESG, published by the Cabinet Office and delivered to HMG departments by CLAS.

What is involved?

The process of IA accreditation involves a number of stages as described in HMG IA Standard No2 Risk Management & Accreditation of Information Systems. In brief, these are:

  • To understand the Risks to the Data – who, how, why, deliberate, accidental, natural.
  • To understand the Business Impact Level Assessment.
  • To understand the Department’s appetite for Risk – high, low, cautious.
  • Produce the Risk Assessment documents in line with HMG IA Standard No1 Part 1.
  • Define the Risk Treatment for every Identified Risk in line with HMG IA Standard No1 Part 2.
  • Ensure that all required documents are adhered to.
    • IA documents – 15 in total.
    • Technology Good Practice Guidelines – numerous.
    • Memos – more than 30.
    • Information Assurance Maturity Model.

Each stage of the process must be agreed by the Senior Information Risk Owner (SIRO) and the IA Accreditor.

To find out more about Boxing Orange’s Scanning Services, please:

Call: 0113 232 2330

Email: enquiries@boxingorange.com