Andrea's availability can be viewed here SPS Year Planner 11.  SPS operates on a "first come, first served" basis, so book early to avoid disappointment.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SPS is not responsible

for the content of

external internet sites.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Professional Services

******************************************************************

Compliance/ Information Management/ Security/ Assurance/ Governance/ PCI DSS Consultancy services

Struggling with compliance?  Don't!  At SPS we view information governance in the context of the organisational objectives.  We understand the broader business, environmental, political and governmental concerns and, by working in partnership, provide a professional consultancy service, within the ISO27001 Information Security Management framework. SPS will work with you to understand your objectives and assist you in minimising your information governance risks.  Our experience and depth of knowledge enables us to provide pragmatic and effective solutions to meet our customer's needs.

We can also help with PCI compliance - ensuring you meet the Payment Card Industry Data Security Standard.

Information Governance services include:

  • ISO27001 Gap Analysis through to Statement of Applicability, prior to certification

  • ISO27001 Overview training – what’s it all about?

  • PCI DSS Compliance audits and action plan creation and implementation

  • Data Handling requirements implementation - including information classification and labelling a.k.a. Protective Marking

  • Security policies and procedures – creation, development, implementation

  • Information Security Awareness – programme development and overview training

  • Dependency Modelling/Risk Assessment relating to organisational information assurance issues

  • Creating and carrying out Privacy Impact Assessments (PIAs)

  • Assistance with meeting the requirements of the Government Connect Code of Connection (GCSx CoCo version 3.2 and 4.1)

  • Information Management Strategy reviews and creation

  • Business Continuity Management and Disaster Recovery reviews

  • Utilisation of the Local Government and NHS Information Governance Toolkit
  • Data Protection Act/Freedom of Information Act compliance reviews

Contact:

PSI

The Directive aims to achieve harmonisation across the European Union of the rules and administration on the re-use of public sector information. Where FOI ends (affording the public the right of access to information), PSI begins (granting the public - anyone - the facility to re-use information via licensing).  For more information, visit www.opsi.gov.uk/advice/psi-regulations/index.htm or contact us for consultative support.

The cultural shift from a "need to know" to a "right to know" that embodies the requirements of the Freedom of Information Act 2000 is challenging.  Contact us for consultative support and/or Training and Awareness Briefings for all levels of employees, including Members and Councillors.  There's lots to do with regards to template letters, procedure documents, workflows etc....... Visit http://www.dca.gov.uk/foi/index.htm for information on the Act itself.  Or visit http://foia.blogspot.com to keep up to date with day-to-day developments.

The world of information is constantly changing all around us. Second only to the asset value attributable to your staff, is the intrinsic and immeasurable value of your organisational information. With the current speed to market for new business developments and initiatives in the private sector and the focus on delivering Transformational Government through electronic media, the pressure is on to ensure "always on" availability of this information to both internal and external customers.

In so doing, you open yourself up to risk - risk of hackers, cyber vandals, fraudsters, terrorists, commercial rivals, disgruntled employees and the idly nosy and mischievous threatening the confidentiality, integrity and availability of that information. There is growing legal and reputational liability, both individual as well as organisational. For example, in the UK, any abuse of data could lead to a prosecution under the Data Protection Act. Customer and employee protection and privacy regulations will vary geographically but the Internet is no respecter of such physical boundaries. A progressive and inclusive view is required in order to provide the requisite amount of Information Assurance.

The management of these challenges is squarely placed at the Board - senior management supervision is required to establish an effective overview of the risks and take explicit, informed and documented strategic decisions to implement security controls. Security a mission critical corporate requirement, acting as a business enabler. The remit is to reflect the proper assessment of business risk associated with information assets. Senior management must be able to prove that they can adequately respond to and incorporate new risks, whilst ensuring compliance with legal obligations.

 

"All employees have some responsibility for internal control as part of their accountability for achieving objectives. They, collectively, should have the necessary knowledge, skills, information and authority to establish, operate and monitor the system of internal control. This will require an understanding of the company, its' objectives, the industries and markets in which it operates, and the risks it faces." Turnbull Report 2000

[ Back To Top ]

Freedom of Information introduces:

  • A general right of access to information held by public authorities in the course of carrying out their public functions, subject to certain conditions and exemptions;
  • A duty to disclose exempted information – in most cases – where it is in the public interest to do so; and
  • A new Information Tribunal with wide powers to enforce the rights created.

What does this mean you need to continue to do?

  • Review and update your Publication Scheme - particularly every time there is another disclosure.
  • Carry out an Information Audit – what do you have, where is it, who has access to it, should it be published/released to the public (is it in the "public interest"? Remembering to include all types of media used to record information – manual as well as electronic.
  • Implement a Records Management Policy and framework – to include life cycle information usage from first collection to final destruction.
  • Consider developing an Information Management Strategy and a Governance structure to implement it.
  • Ensure that you protect all the information appropriately and securely, maintaining confidentiality, integrity and availability.

Daunted? Don't be! Our consultants are here to help, assisting you with familiarisation of the requirements of the act, applying the principles of the Model Action Plans available from The National Archives (previously the Public Records Office), through to effective implementation of the various elements that will go a long way to ensuring your organisation is compliant with the Act.

Contact

[ Back To Top ]

Training Courses  

Re-use of Public Sector Information (PSI) Course

PSI – what's it about?

The November 2003 EU Directive on the Re-use of Public Sector Information (PSI) requires FoI authorities and other 'public bodies' to license re-use of their information. It also encourages development of the information publishing sector by harmonising different licensing regimes for public sector information across the EU.  It was implemented in the UK on 1 July 2005.

What are the main challenges?

The directive will require public bodies to define and list information assets suitable for re-use, grant licences and levy fees for the re-use of non-exempt information. Its aim is to make the process of accessing re-usable public sector documents open and transparent, and encourage the sharing of best practice.

The course will cover:

            Identifying our "public task"

           Information Asset Register (IAR) - identifying commercial and non-commercial information assets

           Information Fair Trading Scheme (IFTS) - ensuring fairness, openness and transparency into the culture

           Click User Licensing

           Revising Charging / Fees Regimes

           Revisiting Complaints Procedures

           Trading Funds vs Agency (partnership) approach

       Revisiting Publishing Procedures - information ownership and lifecycle management will be key.

Who should attend

  • Freedom of Information Officers
  • Corporate / Information Governance Managers/Officers
  • Compliance Officers/Managers
  • Information Managers
  • Records Managers
  • e-Delivery Teams
  • IT Managers

Tutor

Independent consultant Andrea Simmons' has been running public sector courses in information management for some time now.  All course content is fluid and as up to date as is possible in this fast paced information management arena.  The style of delivery is fast paced and entertaining, believe it or not!  Tailored course content is available for in-house workshop delivery on a flexible basis.

Contact

[ Back To Top ]

Information Governance Course

              This course looks at the "big picture" in terms of the Data Handling Review reporting requirements and their impact on information management in the round.

            The impact of legislation and security frameworks on structuring information governance are tackled - leading the attendee through the journey from IT Security through Information Security, to Information Assurance and finally to Information Governance.

              This course looks at these issues and many others in the context of supporting tools such as the Local Government Information Governance Toolkit and the HMG Security Policy Framework.

This course also covers ongoing maintenance requirements - template letters, procedures etc. to ensure ongoing compliance.

Who should attend

  • Freedom of Information Officers
  • Data Protection Officers
  • Compliance Officers/Managers
  • Information Security Officers/Managers
  • Records Managers
  • Those with departmental responsibilities for data protection

Tutor

Independent consultant Andrea Simmons' has been running this course via public sector service agencies nationwide.  It is continually being updated to reflect DCA and ICO Guidance.  Tailored course content is available for in-house workshop delivery on a flexible basis.  Andrea has passed both the ISEB Certificate in Freedom of Information and the ISEB Certification in Data Protection.

Contact

ISO27001 Overview Course

Does your organisation have a Security Officer and a Security Policy? Have you ever read and signed an Email Policy or an Acceptable Usage Policy?

The answer to any or all of the above may be "No" and this may be as a result of a lack of awareness of the issues and an understanding of why this subject should be of importance to you.

This training course is a natural progression from the Information Security Awareness day for organisations that wish to design and implement an information security management system in compliance with ISO27001.

As the government progresses with the UK Online programme, part of the methodology for assisting this delivery is for government organisations to adopt the best practices of the British Standard for Information Security - ISO27001. The health sector is already well advanced with its' programme and it is important that every user involved in providing services is aware of their legal and personal responsibilities with regard to the handling and processing of information.

This one-day course will provide you with a basic understanding of:

  • What ISO27001 is and how to implement it within your organisation
  • How to establish security requirements
  • Assessing security risks
  • Selecting controls
  • Critical success factors
  • The basic elements of a good information security management system.

All staff within an organisation who need a practical understanding of how to use and apply the guidance given in the Standard should be involved.

This course refers to both ISO27001 and ISO27002.

Tutor

Independent consultant Andrea Simmons' career includes 10 years in IT roles, more laterally with specific security responsibilities and projects.  Andrea has undertaken ISO27001 Gap Analysis and implementation work for both public and private sector clients during the past 5 years.

Contact

[ Back To Top ]

Information Security Awareness Overview Course

Does your organisation have a Security Policy? Have you ever read it? Did it mean anything to you?! The answer to any or all of the above may be "No" and this may be as a result of a lack of awareness of the issues and an understanding of why this subject should be of importance to you.

As the government progresses with the UK Online programme, it is important that every user involved in providing services is aware of their legal and personal responsibilities with regard to the handling and processing of information, in any form (i.e. hardware, software, paper records etc.)

This one-day course will provide you with a basic understanding of:

  • what Information Security is and why it matters
  • what the relevant Legal Issues are
  • what your personal and management responsibilities are
  • what the appropriate behaviour is

Other topics covered include:

  • Asset inventory & management
  • Risk assessment
  • Data Handling (review and requirements)
  • Clear desk policy
  • Exchanging information
  • Passwords
  • Virus control
  • Internet security
  • Using e-mail
  • Incident handling
  • Business continuity

This invaluable day will leave you with an Information Security Awareness handbook which can be updated regularly and issued to all employees in your organisation to ensure consistency of message and understanding. This will assist you to carry out your day to day work more effectively and efficiently and, in some cases, may assist you in avoiding litigation at a future date.

Tutor

Independent consultant Andrea Simmons' career includes 10 years in IT roles, more laterally with specific security and Data Protection responsibilities and projects.  Andrea has successfully undertaken the Certified Information Systems Security Professional (CISSP) qualification and is a BCS Registered Security Specialist.

Contact

[ Back To Top ]

Data Protection Act Overview Course

This one day overview of the Data Protection Act is designed to talk you through the basics about the legislation and how it affects the day-to-day running of your organisation.

Content
This one-day course will provide you with a basic understanding of:

  • What Data Protection actually means
  • Explanation of terms used in the Act
  • Explanation of the Principles
  • Notification
  • Dealing with DP and Subject Access Requests (SARs) on a day to day basis
  • Where security, records management and information management fit in

This course refers to both the 1984 and 1998 Acts.

Who should attend

  • Data Protection Officers
  • Compliance Managers
  • Information Security Managers
  • Those with departmental responsibilities for data protection
  • Ideal for those looking to move up to a full time DP Officer post

Tutor

Independent consultant Andrea Simmons' career includes 10 years in IT roles, more laterally with specific security and Data Protection responsibilities and projects.  Andrea has passed the ISEB Certificate in Data Protection.

Contact

[ Back To Top ]

Records Management/IM Course

Keep hearing about RM?

Records Management, in spite of having been around for a very long time, reached the top of the information management agenda during the run up to the implementation of the Freedom of Information Act in the public sector in the UK in January 2005. This is a good thing! However, it has turned the spotlight on administrative activities that have heretofore not been quite as transparent.

This course will take a fairly speedy romp through RM in general and its placement within information management and compliance more specifically – in order to provide appropriate focus and some "tools for action" to move forward strategically and proactively. 

The course will cover:

  • Information Audit/Information Assets
  • Information Lifecycle Management – active records management: records creation and record keeping
  • Information Owners – roles and responsibilities, training and awareness
  • Information Quality/Accuracy
  • Information Security
  • Records: Declaration, Maintenance Retention, Disposal, Destruction
  • Electronic Content Management (ECM)
  • Information legislation/standards/regulations
  • Information Compliance & Governance

Who should attend:

Information Managers, Records Managers, Data Protection Officers, Freedom of Information Officers, Compliance Officers, IT Managers

Contact

[ Back To Top ]

IT Network Security

Course based on ISO/IEC 18028-1:2006 - includes reference to the five parts:

  1. Network security management

  2. Network security architecture

  3. Securing communications between networks using security gateways

  4. Securing remote access

  5. Securing communications across networks using virtual private networks

A secure network should meet business requirements for confidentiality, integrity, non-repudiation and availability of information services.  The purpose of this standard is to provide guidance on the security aspects of the management, operation and use of information system networks and their interconnections.  This one day overview course will take you through the areas and prepare your understanding for utilisation of the standard.

Interested?? 

 

Contact:

[ Back To Top ]

IT Service Continuity Management

Course based on PAS 77 IT Service Continuity Management to review the creation of a framework for an IT service continuity programme within your organisation - leaning heavily on the requirements of compliance with the Civil Contingencies Act 2005.

Interested?? 

 

Contact:

[ Back To Top ]

Page last updated 4th January 2011