Early market engagement |
The specialist will work with the ‘Transfer Digital Records’ product team at The National Archives. The team are building a service which enables the secure transfer of digital records to The National Archives. The service offers tools for content upload, validation and transfer of ownership to the Archive. We have completed in-house discovery and Alpha prototyping phases to determine the scope of the proposed service; identify user, business and compliance requirements for access and security; and deliver a small-scale demonstration prototype and proof of concept for the service. We now require a specialist to review the security and assurance aspects of our proposed design, identify threats and gaps and develop a strategy for delivering and operating a securing the service as we move into a Beta delivery phase. |
Who the specialist will work with |
The specialist will work with the ‘Transfer Digital Records’ product team at The National Archives: Team roles include: Product manager, Delivery manager, Technical architect, Data analyst, Developers (front and back end), User experience researcher. There will be scope to engage with the Service Owner, Departmental Security Officer and IT Security Officer. The specialist will need to engage with stakeholders across the organisation to present work, demonstrate designs and seek feedback as the work progresses. |
What the specialist will work on |
Requirements: Review and understand user, business and compliance requirements for service security Risk discovery & analysis: Review relevant design decisions and assessment documentation from the Alpha phase; identify potential threats, weaknesses and gaps in our proposed approach Risk treatment: Develop a pragmatic, appropriate and cost-effective strategy for securing the service Assurance: Contribute to technical assessment and assurance processes Implementation and testing: Work with the team implementing the approved design to ensure that the Beta product release meets our security requirements. Documentation: Deliver appropriate documentation of requirements, design recommendations and risk assessments to support technical review and on-going service development. |