This is a site designed to make it easier to take the core of large published reports and allow anyone to comment on them.


  • at IL3, product assurance to CC 2/3, service assurance under the Future Assurance Model and use of Low Tailored Assurance for system assurance should be used; a CHECK audit of the service may be required in some cases and Confidentiality IL3 services should be subject to formal accreditation (and an ISO 27001 audit where relevant). [Table 2 deleted] 38 Routine activities such as antivirus updates or security and bug patches are not expected to fall into this category, and should be documented within the supporting documentation for accreditation. However, a decision to reaccredit might be required fol owing a major patch (Windows XP SP2 is a good example of such a patch). 39 Calculated at the high-water mark of the impact levels attracted to confidentiality, integrity and availability. For example, a service attracting Confidentiality IL0, Integrity IL0 and Availability IL1 should consider the best-practice process at IL1.

Email this to a friend.
Previous itemNext item.


(You must give a valid email address, but it will not be displayed to the public.)

We only allow the following html tags em strong blockquote p br. After posting, there may be a short delay before your comment appears on the site