CoCo Compliance Maintenance

Understanding the impact of the recently revised GSi CoCo 4.1 on your organisation, keeping abreast of evolving Government information security policy, and understanding how to best implement the most appropriate technology to evidence compliance, are just some of issues facing organisations that connect to secure government networks.

VEGA provides specialist expert advice to any organisation, large or small, that has a need to maintain its link to secure government networks and ensure Code of Connection (CoCo) compliance. The CoCo Compliance Maintenance service is a module of the VEGA CoCo Advisory Services. This tiered approach is designed to provide organisations with the technical expertise required to maintain and manage connection(s) to secure government networks (such as GCSX, GSX, GSE, and GSI).

The importance of maintenance

CoCo re-submissions are required on an annual basis. CESG and Buying Solutions have strongly recommended that government organisations conduct regular, scheduled security risk assessment reviews as a means of managing security risks associated with the CoCo controls. Buying Solutions, the authority responsible for managing and issuing GSi CoCos, will continue to raise the required level of compliance to promote continuous improvements to address the long-term goal of the confidentiality, integrity and availability of systems handling sensitive information.

In addition to responding to these evolving security standards and guidance, VEGA recognises that from time to time, a client will also need to modify their IT infrastructure due to changing operational requirements. Both situations have the potential to affect secure network connections, therefore prompting a requirement to update CoCos.

What does VEGA offer?

VEGA offers a simple solution to assist in all CoCo compliance issues. It is a subscription service based on provision of specialist security support needed for an organisation to ensure its continued CoCo compliance. The subscription service is only available to CoCo compliant clients, who are required to maintain a CoCo for existing connections to secure government networks and/or systems. Subscribing organisations will benefit by having access to a dedicated security consultancy via the three offered levels of subscription.

CoCo Compliance Maintenance Service Subscription Levels

Annual subscription can be obtained via any of the three service levels, which are:

  • Bronze:
    • Remote CoCo support via e-mail & telephone
    • Monthly newsletter highlighting evolving government information assurance issues
    • Notifications regarding new HMG & CESG guidance documents
    • Notifications regarding new security-related products
  • Silver:
    • As per Bronze, plus:
    • Annual delivery of the VEGA Express CoCo Review module (Note: refer to the CoCo Advisory Services marketing fact sheet for the module detail.)
  • Gold:
    • As per Silver, plus:
    • Annual IT Health check from VEGA CHECK consultants to confirm key aspects of internal network security to agreed annual scoping agreements

The benefits of VEGA’s CoCo Compliance maintenance service

The key benefits of our service are:

  1. It will be delivered to the highest standard due to VEGA’s extensive knowledge, experience and expertise in advising and assessing government Code of Connections, as evidenced by VEGA’s involvement in the Government Connect Programme.
  2. VEGA will, over time, build up a very good understanding of the client’s ICT and information management environment. This will reduce the ‘read-in’ and ‘discovery’ time required in order to conduct an effective gap analysis, providing a more cost-effective solution.
  3. Client questions throughout the year can be answered promptly through on-demand, remote access to VEGA’s security specialists. These can be regarding the organisation’s information assurance, the interpretation and implementation of government guidance, or any other related subjects.

Complete CoCo Advisory Services

VEGA offers complete CoCo Advisory Services. In addition to the maintenance module, our service comprises another three modules, all of which may be commissioned independently, as a combination of modules, or as a complete end-to-end offering, dependant on the client scenario:

  1. Express CoCo Compliance Review – a high-level review of current ICT infrastructure against CoCo requirements, identifying compliancy gaps and areas of concern
  2. Full CoCo Compliance Review – a full review of current ICT infrastructure, provision of a gap analysis of current vs. future compliancy state, identification of non-compliant areas, and formulation of an action plan to address these areas
  3. CoCo Compliance Delivery – following on from the second module, start-up and management of a project to deliver the required CoCo compliance, including additional support such as technical architecture reviews and CHECK IT Health Checks

VEGA is a registered “Green Light” CHECK service provider. This means we are accredited to work with clients to develop appropriate testing plans and ensure that they are conducted in a thorough and competent manner. VEGA is also a member of the CESG Listed Advisor Scheme, CLAS. Our CLAS consultants are approved to provide Information Assurance advice on systems processing which is protectively marked information up to and including SECRET.

Contact VEGA for more information about our CoCo Compliance Maintenance service