18 Northdown Road Nottingham NG8 3PF
Phone: +44-7971726521
Follow us:

Our Process

Our Development Process

The approach we use to deliver the services grounds on the specific understanding of Quality concept shared across the company. According to this concept Quality stands on the three foundations - Professionalism, Motivation and Communication.

1. Thinking And planing

During this first phase of the development life cycle, security considerations are key to diligent and early integration, thereby ensuring that threats, requirements, and potential constraints in functionality and integration are considered. At this point, security is looked at more in terms of business risks with input from the information security office. For example, an agency may identify a political risk resulting from a prominent website being modified or made unavailable during a critical business period, resulting in decreased trust by citizens. Key security activities for this phase include:

  • Initial delineation of business requirements in terms of confidentiality, integrity, and availability;
  • Determination of information categorization and identification of known special handling requirements to transmit, store, or create information such as personally identifiable information; and
  • Determination of any privacy requirements.

2. Designing & Develop

This section addresses security considerations unique to the second SDLC phase. Key security activities for this phase include:

  • Conduct the risk assessment and use the results to supplement the baseline security controls;
  • Analyze security requirements;
  • Perform functional and security testing;
  • Prepare initial documents for system certification and accreditation;

Although this section presents the information security components in a sequential top-down manner, the order of completion is not necessarily fixed. Security analysis of complex systems will need to be iterated until consistency and completeness is achieved.

During this phase of SDLC, the security architecture is designed.

Implementation

During this phase, the system will be installed and evaluated in the organization’s operational environment. Key security activities for this phase include:

  • Integrate the information system into its environment;
  • Plan and conduct system certification activities in synchronization with testing of security controls; and
  • Complete system accreditation activities.

3. Help & Support

In this phase, systems are in place and operating, enhancements and/or modifications to the system are developed and tested, and hardware and/or software is added or replaced. The system is monitored for continued performance in accordance with security requirements and needed system modifications are incorporated. The operational system is periodically assessed to determine how the system can be made more effective, secure, and efficient. Operations continue as long as the system can be effectively adapted to respond to an organization’s needs while maintaining an agreed-upon risk level. When necessary modifications or changes are identified, the system may reenter a previous phase of the SDLC. Key security activities for this phase include:

  • Conduct an operational readiness review;
  • Manage the configuration of the system ;
  • Institute processes and procedures for assured operations and continuous monitoring of the information system’s security controls; and
  • Perform reauthorization as required.