Download original attachment
(PDF file)
This is an HTML version of an attachment to the Freedom of Information request 'Threatening words from torturer's solicitors'.
The importance of information security
“Confidentiality is the cornerstone of the Census and must not be 
compromised in any way”
“The overall security measures for the 2011 Census need to address direct 
and indirect security threats, risks to maintaining the confidentiality of 
Census data, issues of public perception and risks to the Authority’s 
reputation.”
The approach to deliver a secure solution:
•  Information risk-based
•  Best practice (ISO27001 Information Security Management System)
•  HMG policies and standards
Security requirements
•  A certified Information Security Management System (ISO27001)
Implementing and operating ISO27002 security controls
•  Compliance with applicable Census, HMG and CESG policies and standards
•  Security testing
Physical security/social engineering testing
Infrastructure testing (vulnerability scanning) 
Web application security assessment
•  Audits and compliance reviews
•  Information security awareness and training
Scope of security deliverables
•  Delivery of the Information Security Management System (ISMS) requirements 
for the defined scope
•  ISO27001 certification and maintenance of certification
•  Assessment of Census, HMG, CESG and other policies/standards and 
specification of requirements for compliance 
•  Reporting to GROS and/or the Information Security Forum on: ISMS status, risk 
assessment results, ISMS audit results, compliance monitoring results
•  Operational readiness testing: assurance checks, audit/compliance reviews, 
physical security assessment, penetration testing and web application security 
testing
•  Security awareness and training: training materials, induction, training sessions, 
awareness messages and compliance monitoring
Security through Dedication, Collaboration and Pragmatism
Dedication
Full-time Security Manager

Supported by dns professional services
Collaboration
With GROS and other Census contractors 

coordinated security approach
Pragmatism
Risk-based approach to identify and mitigate unacceptable risks

risk management consistent with GROS risk appetite
Public confidence and trust
•  Public and media awareness of 
data security and privacy issues 
has never been higher
•  Minimise the chances of negative 
publicity and damage to the public 
perception of Census data 
confidentiality
•  Engage with Scotland’s best and 
largest specialist information 
security company

Document Outline