Closer collaboration between departments such as business continuity and information security could help raise the necessary staff...
It’s great to see that the government is doing more to increase business with small and medium sized enterprises (SMEs); initiatives such as ‘digital by default’ means there is an increasing window of opportunity for SMEs which they simply should not miss. However, there are some technical challenges which are currently creating barriers for many of these businesses when it comes to working with the government. Demonstrating that they have the correct credentials – or even getting the correct credentials – can be a big challenge.
More and more SMEs now need to become IL3 accredited if they are to work with the government, but this can be an incredibly daunting task. The SME in question would need to demonstrate that their application itself was IL3 accredited, as well as the supporting physical infrastructure. This involves producing key documentation for RMADs – which demonstrates that they meet the UK government’s very strict and specific accreditation requirements towards the governance of information systems.
Achieving IL3 with the right support
We’re currently in the process of taking a number of small businesses through the accreditation process, supporting them on the journey from application through to completion and greatly speeding up their IL3 accreditation.
FISH, for example, a digital forensics company, has been looking to increase its work with the police force, but was held back by the necessary security levels on which its application would need to meet. You can read more about our work with FISH here.
We’re also working with Facewatch, an online crime reporting and networking tool. Facewatch currently operates at IL2/ ISO 27001 which allows its main users – the businesses and monitoring stations – to upload content onto the system including images and CCTV video footage, directly through the internet. However this level of security, while already extremely high, does not meet the IL3 classification which requires enhanced security to protect sensitive personal information including addresses and criminal records on police databases.
Again, we have been able to take Facewatch through the entire accreditation processes, including a bridge between IL2 and IL3, which you can read more about in this Computerworld UK article.
What can seem like quite a daunting task for SMEs can turn into an exciting business opportunity if they have the right consultancy and support. I hope that other SMEs can see how technical hurdles can be overcome – being able to swiftly achieve this level of security without weeks of training and financial investment will enable them to reach a much wider market whilst also ensuring that the government has access to more innovative and secure services.