Information Security Management ISO 27001:2013

DCUK FM specialise in challenging projects that require working in sensitive client environments. In addition to exemplary standards of health and safety, particular attention is made on ensuring that client information, property and security standards are assured. To support delivery of client requirements, DCUK FM have achieved ISO27001:2013 accreditation via UKAS accredited company NQA. The Information Security Management System (ISMS) requires control of documents, processes, people and physical security. ISO 27001 is the only auditable international standard that defines the requirements of an information security management system (ISMS). An ISMS is a set of policies, procedures, processes and systems that manage information risks, such as cyber attacks, hacks, data leaks or theft.

Certification to ISO/IEC 27001 demonstrates that an organisation has defined and put in place best-practice information security processes. Advantage to appointing a company with ISO27001 accreditation include;

Not only does ISO 27001 certification help DCUK FM demonstrate good security practices, thereby improving working relationships and retaining existing clients, it also enable us to;

• Avoid the financial penalties and losses associated with data breaches;
• Protect and enhance your reputation - Cyber attacks are increasing in volume and strength daily, and the financial and reputational damage caused by an ineffectual information security posture can be disastrous;
• Comply with business, legal, contractual and regulatory requirements;
• Ensures the selection of adequate and proportionate security controls that help to protect information in line with increasingly rigid regulatory requirements such as the EU General Data Protection Regulation (GDPR) and Directive on Security of Network and Information Systems (transposed into UK law as the NIS Regulations.)
• Improve structure and focus;
• Obtain an independent opinion about your security posture

All staff employed DCUK FM have DBS (Disclosure Barring Service) as a minimum, with additional security clearances implemented subject to the client environment;

Baseline Personnel Security Standard (BPSS)

The BPSS is the recognised standard for the pre-employment screening of individuals with access to government assets. It is not a formal security clearance but its rigorous and consistent application underpins the national security vetting process at CTC, SC and DV.

Counter Terrorist Check (CTC)

It is Cabinet Office policy that a CTC clearance must be formally reviewed after 10 years (5 years for non-List X contractors). The risk owner has the discretion to review a clearance at any time up to that point. They may adopt a policy of issuing shorter clearances to a particular category of employee (for example armed forces reservists; sub-contractors) as mitigation for a lower level of day-to-day personnel security oversight and/or carry out an early review in individual cases where a specific risk has been identified.

Security Check (SC)

It is Cabinet Office policy that an SC clearance must be formally reviewed after 10 years (5 years for non-List X contractors). The risk owner has the discretion to review a clearance at any time up to that point. They may adopt a policy of issuing shorter clearances to a particular category of employee (for example armed forces reservists; sub-contractors) as mitigation for a lower level of day-to-day personnel security oversight and/or carry out an early review in individual cases where a specific risk has been identified.

Enhanced Security Check (eSC)

An Enhanced Security Check allows regular uncontrolled access up to SECRET assets and occasional, controlled access to TOP SECRET assets. It is used for specific roles where an additional level of assurance is required over SC, but not to DV level.

Developed Vetting (DV)

It is Cabinet Office policy that a DV clearance must be formally reviewed after 7 years (3 years for non-List X contractors). The risk owner has the discretion to review a clearance at any time up to that point. They may adopt a policy of issuing shorter clearances to a particular category of employee (for example; armed forces reservists; sub-contractors) as mitigation for a lower level of day-to-day personnel security oversight and/or carry out an early review in individual cases where a specific risk has been identified.

Enhanced Developed Vetting (eDV)

Enhanced Developed Vetting is required for a very small number of posts where an additional level of assurance is required above DV. It can only be requested by a small number of Sponsors and only with prior agreement with UKSV and the Cabinet Office.

Experience working in government, MoD and high security environments.