To change the appearance of the page, edit the styles of the corresponding elements (in most cases by using the "Main Frame" Style Zone).  
To change the menu’s links: edit, copy-paste, or delete the Link Elements within. 
To hide an element without deleting it, use its property Visible.
To "activate" displaying of an arrow, use its property "Visible"
CESG Assured Services (Telecoms)
CESG Assured Services (Telecommunications) or CAS(T) for short is a certifcation used by the UK Government to provide assurance to customers that its telecommunications systems and services conform to industry good practice aligned to HMG standards and requirements. The CAS(T) services that are accredited can be used to form part of the Public Services Network (PSN) used to carry classified information. 

It is based on the controls listed in ISO/IEC 27001 and 27002 but it is more prescriptive. In 27001 the application of a control is based on the risk appetite of the organization. However, CESG has set a level of risk that it is comfortable with and designed the implementation of those controls to suit it. The documentation defines a standard security level required for telecommunications services and systems provided to organisations bound by the HMG Security Policy Framework (reference [c]), as well as their suppliers and service providers. They define the mandatory security controls and other requirements that organizations must meet in order to achieve certification under CAS(T).

Not all the 114 ISO/IEC 27001 controls are mandatory and of those that are, not all have additional guidance from that which is in ISO/IEC 27002. Controls are designated Critical, Mandatory or Non-Mandatory. CESG has identified 12 Critical controls that must be assessed at the initial audit, along with ISO 27001 sections 4-10 (the management clauses). The 86 Mandatory controls must be audited at least once during the cycle of initial and surveillance audits for a CAS(T) certificate which lasts for 3 years. Also, CESG has added two Mandatory controls that do not appear in ISO/IEC 27001 relating to Business Continuity and so there are 88 Mandatory controls in CAS(T). 

In order to achieve CAS(T) certification you will have to engage the services of a company that has been accredited by CESG to perform the certification. These "CAS Companies" will take you through an assessment program. Timescales to complete the initial assessment will depend on several factors, but for a small to medium size organisation we would expect the following: 
  • Initial Questionnaire: 1-2 days (Approval by CESG: 4-6 weeks);
  • Assessment Plan: 1 week (Approval by CESG: 4-6 weeks);
  • Assessment Activities: 2-3 weeks;
  • Reporting & production of Assurance Maintenance Plan: 1 week (Approval by CESG: 4-6 weeks);
  • Issue certificate: 1-2 weeks after approval of report.
Certification expiry is 3 years after issue date during which there is an annual surviellance audit. After the 3 year it all starts again. It is a complex and costly process and so careful consideration needs to take place before embarking on it.

Contact us