Department for Work and Pensions chooses Auriga for its Risk-Led Security Assurance Services (SAS).
Auriga, specialists in cyber security, technology and risk management, today announced it has been awarded the contract to supply the Security Assurance Services (SAS) by the Department for Work and Pensions (DWP) for the next two years. The agreement will see Auriga continue as the trusted supplier of SAS but with a new method of implementation that will see risk, cyber risk management and accreditation services embedded within working practices. The move towards a risk managed cyber security structure will enable the DWP to focus resource and security spend where needed and will see the department move away from the more rigid approach traditionally associated with accreditation. Auriga will work collaboratively with the DWP team to implement the risk-led cyber security strategy.
Auriga originally won the contract to supply Security Assurance Services to the DWP two years ago but in accordance with the procurement conditions stipulated by the G-Cloud framework the consultancy was required to retender. In addition the DWP also has its own rigorous due diligence procedures which suppliers must go through as part of the selection process. Auriga faced stiff competition from rival suppliers in the final round but the consultancy’s innovative proposal to modernise SAS through the application of pragmatic cyber risk management and threat analysis, its track record as a previous supplier of CLAS services, and its reputation as an established G-Cloud supplier, all demonstrated the consultancy’s ability to deliver an innovative forward-looking solution.
A cyber-risk based security service, as opposed to an accreditation-based security service, seeks to identify and assess key areas of risk to the organisation and to use this information to help decide when and where security controls are needed. It is dynamic, enabling the organisation to increase or decrease controls in response to emerging threats, and uses threat analysis to anticipate and prepare for specific threat activity, making it proactive and agile in approach. In contrast, an accreditation-led security approach focuses primarily on the compliance requirements of sector-specific regulations. Such frameworks take time to adapt to changing circumstances, making the organisation reactive. By embracing a cyber-risk based accreditation approach, the DWP is committing to a more responsive security strategy that is threat-focused and aware.
The Department for Work and Pensions (DWP) is responsible for welfare, pensions and child maintenance policy. As the UK’s biggest public service department it administers the State Pension and a range of working age, disability and ill health benefits to over 22 million claimants and customers. The DWP encourages suppliers to compete for commercial contracts and this approach ensures the Ministerial Department has the opportunity to select suppliers that have met the criteria have the best solutions on offer and provide value for money.
“As a SME, it’s one thing to win a contract for a big government department but it’s another to retain it. G-Cloud might see you given a bite of the apple but few get invited to help plant and manage the orchard. Our reappointment as supplier for the Security Assurance Services (SAS) by the DWP was not an easy win but it does demonstrate there are some public sector departments that get it. They understand the potential G-Cloud represents in giving them access to innovative solutions that have the power to transform how the department operates while delivering value for the public purse. We’re now seeing the public sector no longer doing things the way they have always been done; there’s a hunger for change and excitement at the prospect of applying new dynamic strategies. And that’s precisely what we’ll be doing during the next two years by working with the DWP to embed a cyber risk-led SAS that looks to use security selectively,” said Louise T. Dunne, CEO, Auriga.