Page 2 – pam

Author: Mark Darby Posted this on: November 12, 2015

Is that a multi-tool in your pocket?

Tagged: information security, law enforcement, multi agency working, multi-tool, pam, policing, Probation

I’ve got something personal to share that triggered related work thoughts……As part of a campaign to get fitter, enjoy a healthier and more sustainable lifestyle, I’ve just started road cycling. Apart from those benefits, it has also helped me realise the parallels between bike multi-tools and our powerful pam cloud platform.

Initially I had separate old tools for keeping the bike going whilst out and about. Lugging them around when riding was a pain, but it became a real frustration when one of those old tools let me down in the pouring rain. It meant a crisis purchase to get me out of trouble and as you might expect that cost a bit more under those circumstances too.

So I took a step back, looking more at what I was really trying to achieve and how best to do that, for now and the future. In short I needed something I could trust at all times, was flexible and versatile to do a range of jobs, be able to share it with pals when required, and could fit in my little ‘under saddle’ bag.

Instead of buying lots of expensive heavy tools and spanners, I decided on a simple yet effective multi-tool from Topeak.

Like my bike multi-tool, pam enables me to achieve a range of work jobs from the one place, nice and easy, at lower total cost too. It’s a philosophy we have extended into our work with customers across the markets we serve too. Examples include:

Information Security Management – following our challenges in finding a solution for information security management we have just released a dedicated ‘multi-tool’ of our own. Check out ISMS.Online if you are looking at new and better ways to deliver your information security management system.
Policing and related law enforcement – pam adds value across operational policing and multi-agency working, management of policing, and information assurance. In fact, you can achieve over 50 jobs when the service is delivered over secure government networks.
Office of Police and Crime Commissioner working – We illustrated the many jobs being done by OPCC by looking through the lens of one of our customers here.
Probation Community Rehabilitation Companies – I previously wrote about how many jobs a probation CRC could get done with pam, and it is neatly summarised in this blog.

Is it time for you and your organisation to take a step back and think about putting a powerful ‘multi-tool’ like pam in your pocket too?

Author: Sam Peters Posted this on: November 9, 2015

ISMS Online sets forth to conquer the world of managing information security and compliance

Tagged: alliantist, information security management system, ISMS, ISO 27001

The Alliantist team has been hard at work preparing to set free its newly packaged ISMS service with its own identity: ISMS.online.

Achieving ISO accreditation is no mean feat and ISMS.online harnesses the power of the pam platform to deliver a secure online place to easily manage ISO 27001, and any other security standard or compliance.

Employees don’t have to be the weak link in your ISMS – give them the tools to understand and contribute to security. Provide them with a single, open space for evidence, policy, management reviews, and much more (you’ll also really impress an accreditor!).

Never start from square one again when dealing with multiple standards with the wide array of frameworks which ISMS.online offers. Then, eliminate bureaucracy and duplication by linking these altogether.

Cut through the noise and take charge of your supply chain with communication groups, contracts, contacts, and relationship management. Those of you familiar with pam would have expected us to build in tools which make communication easy.

Take your ISMS forward with a range of tools which strengthen your risk management – you can even handle applicable legislation risk management.

We’re incredibly proud of ISMS.online and you can now find more details on its’ dedicated website, www.isms.online

To follow ISMS.online and receive relevant information security management insights join our mailing list HERE

Author: Sam Peters Posted this on: October 26, 2015

Better Information Security Management reduces risks and saves money

Tagged: information security, information security management system, PEEL, police

A police force was fined £160k earlier this year by the Information Commissioner’s Office. Threat to life risks are also significant from inadequate security when partnering. Better information security management practices can save money, reduce risk and give confidence to staff and partners in delivery of their work.

Of course every penny counts and Information Security Management Systems (ISMS) must become ingrained into the work of the police at a low operational cost. The current poor state of police IT systems outlined by the recent PEEL report on police efficiency emphasises the dire need to update and improve systems.

Security breach risks and costs can be mitigated from advancing police technology, especially by encouraging the move toward a paperless environment and joined up systems. In fact, the Information Commissioner’s Office reported last week that the majority of breaches are still through paper and old fashioned ways of working.

So what can be done about this growing problem? Alliantist, the makers’ of pam, the powerful cloud software already in use across policing, has come up with one solution. It is launching an online information security management system that is already proven and UKAS accredited to ISO 27001: 2013. It is a fraction of the cost of existing management systems. There is also the potential to tie into existing operational work on the platform, lowering costs further and increasing benefits for users.

“ The best implementation of an ISO 27001:2013 UKAS Accredited Information Security Management System”

UKAS Certified Accreditor, October 2014

Having packaged it for public service and private industry, Alliantist has coined the service ISMS.Online, and more information is available here. Existing pam customers and public service organisations can also get this solution through their pam platform. You might want to pass this onto your Senior Information Risk Owner (SIRO) or your Information Security Officer. Our team will be pleased to share more about the solution with them.

Author: Sam Peters Posted this on: October 26, 2015

Inefficiency: a thing of the past?

Tagged: austerity, collaboration, PEEL, police

The release of the PEEL report renews the long-standing pressures of austerity and the dangers undue cuts can cause to a service’s ability to meet demand. Mark Darby, Alliantist CEO, argues that what is needed is reform not continual salami slicing. The PEEL report is daunting with potentially significant repercussions. However it does come with an opportunity to improve efficiency in the day-to-day working of services in order to respond to evolving threats and help reduce future demand.

Threats posed to demand capacity mean that efficiency must improve for all. There is the need to meet increasingly complex demand despite reducing resources. For areas where further reductions in workforce are no longer possible, improvements to efficiency through transformation are all the more imperative.

“Necessity is the mother of invention”

Austerity and inefficiency is certainly a problem but one which can draw out the best in policing, and its partners, through more effective collaboration. What is needed, in order to overcome the issue, is a reform of daily routines and working practices. The solution lies in bringing multiple information and processes together into one place and making collaboration a part of everyday work, internally and externally.

A powerful cloud platform such as pam has the ability to help drive change in routines across a number of key areas and ensure the workforce are suitably equipped for the future. Examples include:

Improved use of resources – pam’s cloud infrastructure means less need to travel, or more effective engagement when working remotely or by mobile. It also cuts through bureaucracy to free up time by reducing and focusing meetings; efficiently coordinating work. Built in governance, audit and reporting to reduce admin and presentation effort to produce minutes, highlight reports and so on means a chance to concentrate time on what you are trying to achieve, not waste it on how.

Make better decisions – Working together from one place ensures everyone gets the same information. Less time spent chasing and administering also means more eyes on the work issues and wisdom of the crowd…..

Enhance connectivity throughout law enforcement – One of the 5C’s of policing is connectivity and with pam, it means automatic connectivity to all police forces, and their partners working over secure government networks. It means driving down the cost of collaboration and sharing resources across force boundaries quickly and easily.

Overcoming the constraints of austerity to produce an even better service is a difficult challenge but it can be done; indeed it has to happen. pam was built in collaboration with forces and their partners; bringing more forces and agencies into the platform will help drive out further inefficiency and can lead to even lower costs for all agencies. Contact the pam team for more information.

Author: Mark Darby Posted this on: October 24, 2015

Future proofing the Office of Police and Crime Commissioner

Tagged: dorset pcc, essex pcc, gloucestershire pcc, police and crime commissioners

How time flies. With Current Police and Crime Commissioners gearing up for the re-election campaign on the horizon, it is a good time to reconsider Office activity. Regardless of who is elected, or what structure is imposed, the work of the office will still need to get done. Ensuring it is prepared for the future is sensible for numerous reasons. These are highlighted nicely by a recent pam customer, The Gloucestershire Office of Police and Crime Commissioner:

“Connectivity, standards and information sharing are core to the OPCC’s work and pam is clearly becoming the standard for other OPCC’s and CJ agencies. pam enables us to do our critical work in a more agile way responding to the changes across policing and the needs of the communities we serve. We are delighted to be on this journey with the pam team.”

Paul Trott, Chief Executive of Gloucestershire OPCC
——————————————————————————————————————————–

The Essex Office of Police and Crime Commissioner has already experienced the benefits of adopting pam. Essex, like others, are seeing the advantages of better ways of working that a future Police and Crime Commissioner (or equivalent) would be excited about walking into:

“pam is helping us collaborate effectively across both the OPCC and with local and national partners so together we can commission the best outcomes for the people of Essex….we chose pam because of its comprehensive functionality and excellent value for money.”

“pam is an absolute god send…” particularly from the correspondence and audit trail perspective”

Susannah Hancock, Chief Executive of Essex OPCC
——————————————————————————————————————————–

We have been supporting the Office of Police and Crime Commissioner in Dorset longer than other offices. Both the PCC Martyn Underhill, and his Chief Executive, Dan Steadman, were passionate about giving Dorset the best value for money solution, not just for the Office but for their partners and the police force too:

“We have seen the power and potential of how it [pam] can join up the agencies to achieve great things together.”

Martyn Underhill, Police & Crime Commissioner for Dorset

“pam translates strategic vision into effective and efficient delivery……we simply could not do our work without using a platform that allows us to monitor our relationships, create new alliances, track correspondence, and generally oversee all the work in the office”

Dan Steadman Chief Executive of Dorset OPCC

Our blog in January 2015 told the story of Dorset and its high achieving PCC and OPCC.

Collaboration with Dorset PCC on an innovation fund bid which used Home Office money is delivering results in Dorset and beyond. What is more, pam is now packaged for the benefit of other Offices of Police and Crime Commissioners to use the service at even lower costs than was possible before. All of the new development is accessible for police forces and their partners at no additional cost.

To see how we can now help your OPCC please get in touch:

Author: Mark Darby Posted this on: October 23, 2015

Innovative solutions to fight serious and organised crime

Tagged: merseyside police, partnerships, serious organised crime

This is the second of two posts around how police and partners are coming together to combat serious and organised crime, and address the threat from Organised Crime Groups (OCGs).

Merseyside Police

Seen as one of the leading forces in the battle against serious and organised crime, Merseyside Police has been using pam for nearly 2 years and recently extended its use on the platform into a number of other areas. We are innovating with the force in an agile fashion, developing an integrated approach to how OCG’s are managed over their life.

This work includes using the Home Office standard 4P’s methodology (Pursue, Protect, Prevent and Prepare) for the operational work done digitally in pam. A new lifetime OCG management area links work together, to more easily understand the totality of the threat risk and harm, along with the work being done to address it.

“pam gives us a coordinated approach to deliver the 4Ps, and much more.”

Detective Chief Superintendent Paul Richardson, Merseyside Police

The force has also recently added Protecting Vulnerable People (PVP) into its pam way of working too – providing significant benefits for the force and those partners who use the platform. Reports of time savings for senior management include up to 25 hours per week on OCG management and PVP.

There is much more visibility and governance of work for better decision making. It is helping drive down future demand. Officers and partners are out in the field and can get access by mobile and have the benefit from preconfigured frameworks and tools to aid their work. Results have included positive successes for the force in disrupting the harm being done to the Chinese community.

We are unable to publically show the detail of the OCG work for obvious reasons, but the force also uses pam for other areas. One recent example is how they now run command meetings, moving to a paperless environment.

This paperless move is how other parts of Merseyside have gone, the local probation CRC are also exhibiting savings and benefits from digital working with pam:

@pampeople #shareit – uploading modelling spreadsheets for SROs to work on and then show in front of Committee – share information not paper

— Paul Gotts (@PaulGotts) May 18, 2015

We have permission from the force and others to share these best practices from pam with forces and specific law enforcement agencies. There are also other initiatives in development that complement this thematic area. If you would like to learn more about how pam your work can help please get in touch with pam team:

Author: Mark Darby Posted this on: October 22, 2015

Multi agency network unites to beat organised crime

Tagged: GAIN, government agency intelligence network, serious organised crime

Serious and organised crime costs the country more than £24bn per annum, and the threat is increasing from many different thematic areas by a large number of Organised Crime Groups (OCGs). Adjacent crime and protection issues increase this cost too – it is certainly a major area to seek solutions around.

It’s no wonder that the government, Police and Crime Commissioners and Police Chiefs are faced with difficult decisions on how to optimise limited and reducing resources.

It’s not all bad news though, there are reasons to be cheerful. Police and partners are responding to the threat from serious and organised crime. Our first example is from the Government Agency Intelligence Network (GAIN).

Government Agency Intelligence Network (GAIN)

“pam has brought it [information and process] into one place, made it portable and accessible, we can use it wherever we are and it means we’re not using many systems; I’m using one system now.”

Neil Fellingham, South East GAIN Coordinator

GAIN is into its second year of working on pam, growing its use over its time. This key government network embodies collaboration where potentially over 100 organisations can be connected together in future.

By employing pam, GAIN epitomises efficient and effective multi-agency working. Over 20 core partner agencies are being connected together to share intelligence and undertake joint operations. Results are thus driven up where time savings, improved partner coordination and increased intelligence are leading to better decisions.

There are a range of other operational areas that pam enables for GAIN too and you can see the public facing video here which illustrated how GAIN came about:

Partners are seeing the benefit too and some have even subscribed to pam for their wider organisational and other partner use:

“With GAIN, the partners have a unique opportunity to harness their collective knowledge in the pursuit of a common purpose. This (pam) is a formidable tool for dealing with problems created by serious and organised crime”

Andy Tillman, Head of National Trading Standard Intelligence Team & GAIN Partner

The second example is here about Merseyside Police.

*We are unable to share sensitive information over the public pages. So if you are a GAIN partner and want to get connected, or are involved in Law Enforcement and interested in learning more about GAIN and how it uses pam, please get in touch.

Author: Mark Darby Posted this on: August 10, 2015

Developing Trust, with safeguards in Information Security

Tagged: information security, information security management system, ISMS, ISO 27001

Another day and another loss of trust for customers with their personal information being breached. This time it is Carphone Warehouse who follow hot on the heels of other high profile data breaches. Imagine the cost both financially and reputationally for Carphone Warehouse now…..are you sweating because this could have been your organisation? Well there are ways to help mitigate and address the risk.

Fortunately Alliantist has a good reputation in the markets we have chosen to operate and our customers trust us. I’m very proud about that. It’s not just about who we are as people, although of course that is important. It is also about the safeguards and standards we put in place to give those stakeholders confidence in our overall services; the people, the processes, the systems and increasingly the supply chain too. I have no idea if the respectively breached businesses of Carphone Warehouse have ISO 27001 but they will no doubt be considering that, or improvements to its operation now.

Regardless of what business you are in, if you supply an important service to a customer it is likely you will be dealing with their information or other high value assets. This might be credit card information as is the case with consumer services like mobile phone websites, or even more sensitive details held in platforms such as pam.
Because their information is important to them, customers will value you more if you can demonstrate good strong safeguards and accreditation to standards such as ISO 27001. At a business to business level this really is becoming de rigueur, but also I also look for it in the providers of apps and website consumer transactions I undertake on line too – not just their data centre host. Caveat Emptor is still an important principle to have in mind even if your credit card provider will ultimately bear the brunt of the actual loss of cash!

In 2012 we decided to implement ISO 27001 and did so successfully very quickly to the 2005 variant. Two years later we migrated to the latest ISO 27001: 2013 standard, again to meet the exacting UKAS accreditors demands. It has helped us become an even better business.

ISO 27001 continues to be seen as the standard to achieve. Indeed smart customers are demanding it for the reasons above. Failure to demonstrate that safeguard may mean your business will not survive. If you are looking to build trust with clients and demonstrate that you are a responsible supplier as regards information security management, achieve an ISO 27001 accreditation as a good safeguard.

We achieved our Information Security Management System (ISMS) with pam. It is the cloud solution to implement, maintain and continually improve our system. To learn more about how we did it and see pam in action, get in touch. We can share our experiences of how to develop those safeguards that go a long way towards building trust with your customers and prospects.

Author: Mark Darby Posted this on: August 5, 2015

Improving the way to manage an existing Information Security Management System

Tagged: information security, information security management system, ISO 27001, ISO 27001: 2013, new ways of working

ISO 27001 has at its heart the continual improvement of the system. However I wonder how many people regularly improve the way they actually manage and control the ISMS itself? It’s easy to get into habits, or create systems that work for one or a few people but find they don’t scale or can’t easily be changed, and become a millstone as the business changes and evolves.

And of course business is evolving at the moment, large or small, public or private, there are threats and opportunities all over the place. Information security management is affected by almost everything. It might be about beefing up the system to deal with heightened risk of data loss through staff or suppliers as a business grows. Or it could be about driving down the total cost of managing the system because resources are more scarce. Is the way you manage your ISMS still fit for purpose?

Standards have been changing too. One of the goals for the ISO standards body in making the change from ISO 27001: 2005 to 2013 has been about improving the standard itself (which I’ll discuss another day). And most accredited organisations (like us) will have completed their migration by now.

It would be interesting to know how much there has been a ‘lift and shift’ of the way the system is managed, versus using that migration trigger as an opportunity to improve the way the system itself is managed. My guess is that the migration would have been the focus, developing then implementing the relevant new policies and controls. I suspect for most, the change will have been done by retaining the current way of managing the system. We did that, although were lucky to be using pam anyway. We also took the opportunity to review our approach to risk for the 2013 standard (it’s less about assets in 2013 and more about the information as you know), including enhancing supplier assurance with our relationship management and contract areas of the platform.

For those organisations that have subsequently identified an improvement and set a goal for transitioning to a new way of managing their ISMS too, take a look at what we have done with pam for our own accreditation to ISO 27001: 2013. Organisations primarily interested in ISO 27001 should watch the 2 min video here and perhaps public service providers watch a similar but slightly different video here (it includes integrating other compliance aspects like PSN CoCo and PCI DSS).

Our customers liked our approach so much that some have gone on to adopt pam for implementing or managing the ISMS themselves. As such we are now making our digitised cloud service for ISO 27001: 2013 available as a new pam solution.

Get in touch to see how we can help you improve the way you manage the ISMS and assist your organisation to achieve its wider business objectives.