Home Office signs £2 million contract with KPMG to enhance cyber risk management

The Home Office has embarked on a significant initiative to bolster its cyber risk management capabilities, signing a contract valued at over £2 million with consulting firm KPMG. This engagement, formalised last week, is aimed at enhancing the department’s governance, training, and utilisation of data in relation to cyber risk. Initially set for two years, the contract allows for two optional extensions of twelve months each, potentially leading to a total commitment of four years.

The contract outlines eight distinct workstreams that KPMG will focus on during this period. These areas include embedding cyber risk management and governance throughout the Home Office, establishing a baseline for personnel and training needs, and developing the overall capacity to manage cyber risks. Moreover, the agreement emphasises addressing the unique requirements of arm’s-length bodies and agencies within the Home Office's operational sphere.

A critical component of the initiative will involve automating risk management and controls to improve efficiency in the department’s existing processes. Specifically, the automation efforts will leverage the capabilities of the Home Office’s ServiceNow technology platform, as officials seek to enhance the functionality of this platform for effective cyber risk management.

Another noteworthy objective outlined in the contract is the development of a robust risk management framework. The Home Office aims to create a cohesive governance structure that is consistent across various projects, programmes, business areas, and portfolios. This effort is also designed to align disparate aspects of the Home Office's operations toward better management of cyber risk.

KPMG will be tasked with providing a comprehensive strategy for fostering a strong cyber risk culture within the Home Office. The department has identified challenges resulting from siloed working practices and the prioritisation of non-cyber objectives, which have led to fragmentation in its approach to risk management.

Additionally, the contract specifies the creation of a data model that will support effective communication with stakeholders involved in cyber risk management. This model is expected to furnish management with critical metrics to inform decision-making processes in line with identified business priorities, while also presenting threat-based information crucial to navigating the landscape of cyber threats.

The overall financial value of the contract, which includes VAT, stands at £2.4 million. With this strategic partnership with KPMG, the Home Office is positioning itself to enhance its cyber risk governance and effectively manage the increasingly complex challenges associated with cybersecurity in the context of public sector operations.

Source: Noah Wire Services