0845 450 6120

Introduction to Accreditation

This one day 'Introduction to Accreditation' course is intended to provide delegates with the knowledge needed to understand the principles of accreditation and how an effective accreditation process can be implemented within an organisation. The course concentrates on generic accreditation requirements needed to deliver effective risk management and is not aimed at specific accreditation methodologies in any one government organization.

The course is related to the 'Foundations of Information Assurance for HMG' course and the 'Information Assurance Risk Management for HMG' course also provided by us. This courses contributes to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level.

The course is not designed to teach the foundations of Information Assurance or how to accredit specific systems or scenarios, although there are some real life examples provided with the opportunity to discuss other situations.

Target Audience

This is a one day course aimed at those wishing to gain an understanding of accreditation as part of an effective risk management function. The course will be useful for newly appointed Accreditors, for project managers delivering capabilities involving sensitive HMG data and risk managers seeking to gain further insights into the process.

Support for CESG Certified Professional

This course contribute to the attainment of the CESG Certified Professional Scheme (CCPS) and the following specific CCP roles at the Practitioner level:

Security and Information Risk Advisor, IA Auditor, Accreditor, IT Security Officer, Security Architect and Penetration Tester. The course supports CCP Level 1: Awareness (understands the skill and its application). It provides skills against the following competencies used in the CCP assessment process: A1: Governance, A2: Policy and Standards, B1: Risk Assessment, B2: Risk Management, D1: IA Methodologies, G1: Audit and Review.

IISP Skills Alignment

This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.

  •   A1, A2, A6, B1, B2, D1

Continuous Professional Development (CPD)

CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).


Course Content

Module 1 - Understanding Accreditation

The objective is to provide the delegates with an understanding of what accreditation is and what it is not. It will cover what is expected from the accreditation process and why it can be a crucial element of risk management within an organisation.

  •   The course will explain the benefits of accreditation covering areas of strength and weakness and the building blocks that an organisation needs to put in place to assist the accreditation process.
  •   Delegates will also learn about the role of an Accreditor and how this is linked to the risk management process.

Module 2 - Understanding Risk

The objective of this session is to ensure that the delegates have a common understanding of the risk management process covered in detail on the Information Assurance Risk Management course.

  •   The course will cover the risk management principles and terminology so that delegates understand how accreditation is a vital part of risk management.
  •   The risk management approach - including the role of the Board in setting risk levels that match the business requirements.
  •   The key components of risk (threat, vulnerability, impact, likelihood & asset value).
  •   Choosing a risk assessment approach that meets the organisation's needs.
  •   Defining security requirements.
  •   Treating and communicating residual risk.

Module 3 - Delivering Accreditation

The objective of this session is to provide delegates with an understanding of how the accreditation process can align with the project delivering process and the benefits of introducing assurance checks during the project lifecycle.

  •   The need for early engagement with the Accreditor to ensure that requirements are understood.
  •   Understanding the balance between business benefit and risk.
  •   The reasons for defining security requirements clearly.
  •   The importance of defining assurance mechanisms early in the system lifecycle to avoid greater costs.
  •   Documenting and communicating decisions.
  •   The reasons to maintain accreditation.

Module 4 - Accreditation Tips

The objective of this session is to introduce different techniques that have proved useful in delivering accreditation. Delegates will learn about setting accreditation boundaries and defining data flows to help determine vulnerable points in an architecture. The session also includes tips on making the most of internal processes and procedures and how to be an effective accreditor.

  •   The role of security models & data flow diagrams.
  •   How to make use of organisational internal processes and roles that can support the accreditation process.
  •   The different types of accreditation decisions and how they are arrived at. To include the role of the Security Case.
  •   What skills and attributes the Accreditor needs.
  •   What the requirements of the CCP Accreditor role are.
  •   Common mistakes in accreditation and how to avoid them.
One Month
Two Months
Three Months
More than Three Months
PRINCE2 Foundation & Practitioner
MSP Foundation & Practitioner
APMP Certificate
ITIL Foundation
Scrum in One Day
Certified ScrumMaster
ISTQB Software Test Foundation
Microsoft Project
BCS Business Analysis Practice
Other - Please Specify Below

Virtual Classroom

Virtual classrooms provide all the benefits of attending a classroom course without the need to arrange travel and accomodation. Please note that virtual courses are attended in real-time, commencing on a specified date.

Virtual Course Dates

Our Customers Include