Case Studies —

Security Project Management

Overview

Our client employs more than 3,500 staff across 29 locations with significant national critical infrastructure.

The client required assistance in delivering security accreditation documentation and IRAP assessments for 26 systems.  north was engaged to provide technical leadership to the project, which Involved defining, planning, executing and reporting on the project.  The north consultant was responsible for assisting in the engagement of security teams from two specialist service providers who were then tasked with developing the required security documentation and carrying out IRAP assessments of each system.

north worked with both service providers to establish the terms of the engagement, agree templates and risk schemas, provided prioritisation of systems, reviewed deliverables for quality assurance and managed progress against the timelines of the project.  north further lead stakeholder management and negotiated solutions to resolve delivery Issues as they arose, including issues of timing and quality control.

The north way

north used the PRINCE2 methodology to systematically define, plan, execute and report on project progress for each of the 26 systems within the scope of the project.  The north consultant worked with a range of stakeholders to define the specific scoping for each of the systems identified within the original business case and worked with the service providers to ensure that resourcing was applied appropriately and within time and budget constraints.  north used their position as trusted advisor to ensure the client received the best possible outcomes within the timeframes and budget of the project, and successfully the full scope of the project within the planned timeframe despite difficulties with service provider performance.  north took a neutral position to ensure that all parties were dealt with pragmatically and fairly, to ensure that the project was driven to a successful conclusion and all required outcomes delivered.

Outcome

north provided management and advisory services that enabled the client to identify and document cyber security risks in relation to 26 of their critical systems, together with the security controls in place to manage those risks.

The engagement of north enabled The client to deliver a successful outcome for the second tranche of their Cyber Security Program, delivering full sets of security documentation for 26 systems that enabled The client to understand their key cyber security risks within the context of the wider organisation risk management framework, and providing the Independent assurance of IRAP assessment to validate the deliverables.