The UK Payments Administration(UKPA) was divested from the UK Payments Council to become a Service Company providing its service to the Payment Schemes under Service Level Agreements. To support their new model, the UKPA needed to implement a security framework that was appropriate to offer services to the Critical Nation Infrastructure. This would start with a Security Policy Framework aligned to ISO27001:2013.
We were engaged to produce the Security Policy framework to support this new securityrole and to ensure that the polices could be managed by the UKPA Security function going forward. As this was an enterprise security framework we decided to use the Sherwood Applied Business Security Architecture methodology to design the enterprise security architecture against which I would overlay the policies.
At the end of the engagement we had produced a policy framework and a set of subordinate documents that were compliant with ISO270001:2013 and a set of controls which could be evidenced and provide assurance of their effectiveness.
Contact Us