Sogeti is committed to offering a complete range of testing services to its customers, based upon the underlying principle of risk management and the end goal of achieving assurance in our clients’ service delivery. Information security is a key part in achieving this assurance - now more than ever.
Our security services are led by security testing; indeed, Sogeti has been in the vanguard of the move to integrate security skills with mainstream testing.
The cornerstone is our UK Government-approved software testing laboratory. The CESG Claims Tested Mark (CCTM) Scheme was originally created by the UK Cabinet Office as a means of ensuring the supply of proven security-based products into the UK public sector, including education, local government, healthcare and the criminal justice arena.
Working to strict standards and independently confirmed against ISO 17025, Sogeti’s Security Laboratory undertakes the testing of security-based products and services, which are then certified against the claims made for them.
We offer security consultancy across a range of skill sets:
Policy Formulation
- Our experienced consultants can develop security policies based on the business consideration of risk and not simply risk avoidance
- We can review and amend an existing policy in light of changed circumstances or new developments
- We provide policy review services based on standards such as ISO 27001/27002, to ensure you are following best practice.
Compliance Checks
- Information security is more than IT security. Our consultants have experience in conducting physical security reviews and procedural checks to ensure that the technical measures that you have invested in provide the expected protection
- To do this, we conduct a gap analysis, highlighting areas where there may be an unacceptable risk – for example for Government bodies, an assessment against the IA Maturity Model.
Technical Vulnerability Checks
- Together with our partners, we also offer skilled IT Health Check engineers who conduct a bespoke assessment of vulnerabilities such as critical patches, insecure configurations, etc
- We ensure that the assessment results are expressed in business and not primarily in technical terms - so an identified vulnerability is expressed in terms of cost and potential impact, rather than a simple statement of deficiency
Procurement Support
- We provide support for procuring or developing secure systems, by developing requirements, agreeing outline policies and assessing proposals
- We do this as part of an integrated team, so that security is handled seamlessly but not invisibly.
For Government customers, we offer CLAS registered security practitioners. CLAS is the Government scheme for ensuring a high level of quality in skills provided by security consultants acting for Government Departments, particularly those seeking to connect to the Government Secure Intranet (GSi).
We are accredited by the UK’s Accreditation Service (UKAS) for the provision of CESG Claims Tested Mark testing services.