Call us on +44 (0) 1752 724 000



Security accreditation


Accreditation is the recognition of adherence and application of a particular standard.

“Certification of competence in a specified subject or areas of expertise, and of the integrity of an agency, firm, group, or person, awarded by a duly recognized and respected accrediting organization.”

Accreditation usually follows certification (or qualification) in a particular topic. It is also loosely regarded as the application of a set of skills or knowledge in practice within a business or organisation.

why accreditation?

Accreditation is usually required for contractual reassurance with your customers. For example; contracting to work with defence departments around the world requires accreditation with the relevant national or international bodies.

The assurance given by accreditation often speeds up the negotiation and initial stages of contract proposals by ensuring the commonality of language, technologies, and standards applied across both organisations.

Once the contract is in place any changes and modifications are more easily completed by knowing the structures and methods used by each group within each organisation.

Security accreditation has immediate benefits for the organisation:

  • Reduced cost and time in conducting individual process audits
  • Means fewer individual operator or process inspections
  • Delivers a ‘to standard’ security review of operations
  • Creates a consistent approach to security audits

WHAT accreditation is available?

There are a number of accreditation bodies that focus on Information security.

These vary by country, region, or government department and will have a different emphasis depending on the specific requirements of the standard. Examples include: Department of Defence (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP) of USA, the Department of Defence Information Assurance Certification and Accreditation Process (DIACAP) of USA, the German IT baseline protection, ISMS of Japan, ISMS of Korea, and Information Security Check Service (ISCS) of Korea.

An example of a required accreditation;Cyber Essentials is mandatory for central government contracts advertised after 1 October 2014 which involve handling personal information and providing certain ICT products and services”.    

The international standard for Information Security Management is ISO 27001:2013. This provides the structure for developing an Information Security Management System (ISMS) which includes people, processes, and technology.

what is the accreditation process?

An initial overview of the business processes against the set criteria of iso 27001 will allow a gap analysis, current state to future state, to be established.

The lead implementer will work with departments to develop and document processes to ensure the gaps are addressed and there is a coherent path through the system that ensures security.

Once the processes and documentation is reviewed and agreed an internal audit of the organisation is carried out. At this stage there should be only a few minor adjustments to refine the status from “compliant” to “excellent”.

An externally accredited auditor will then audit the system and award the accreditation. It is important to have an auditor who is entirely independent of the organisation to avoid any potential bias or conflict of interest.

How can we get accredited?

BluescreenIT will help your organisation become accredited to ISO27001:2013 standards. This is through interviewing, understanding, and modelling your business processes and documentation followed by the application of tried and tested methods that will ensure your people, processes, and technology are fully compliant, pass the audit, and become accredited.

The additional bonus of this approach is that the process helps clarify the lines of communication and work flow patterns through the business leading to greater efficiency and consistency of output. 

BluescreenIT have developed models that encompass a variety of accreditations to allow information gathered for one to be utilised in another, reducing the work needed should regulations, legislation, or markets change.