-
·
Preparing for DCC Evidence Requirements
The Defence Cyber Certification (DCC) scheme, launched in 2025, represents a fundamental shift in how the MOD validates cyber security across its supply chain. Unlike the previous Supplier Assurance Questionnaire (SAQ) approach that relied on self-assessment, DCC introduces independent, third-party verification of controls outlined in DefStan 05-138. For defence suppliers, this transition from “we have…
-
·
CSMv4 – Building Cyber Security into the Defence Supply Chain
Preparing MOD Suppliers for CSMv4 Readiness This article reflects guidance as at 25 July 2025. For the latest updates, visit the MOD Cyber Security Model page on gov.uk. Back in January, we explored what CSMv4 means for the defence supply chain and why it represents a significant evolution from CSMv3. With the publication of Def…
-
·
SaaS or Self-Hosted: What’s the right ServiceNow strategy for your organisation?
ServiceNow has become the go-to platform for organisations seeking to streamline workflows, automate service delivery and drive digital transformation. With its extensive capabilities, the platform presents huge value opportunities but also requires a key consideration – the deployment strategy. Does the organisation and associated infrastructure require a conventional, vendor-hosted SaaS solution or a self-hosted instance?…
-
·
Defence Cyber Certification: Aligning Risk Profiles with Real Assurance
In a previous article, we explored the MOD’s Cyber Security Model version 4 (CSMv4), the framework that introduced structured risk profiles to assess the cyber requirements of defence contracts. Now, we turn our attention to what comes next: Defence Cyber Certification (DCC), the formal mechanism that ensures Defence Suppliers meet the resilience standards required across…
-
·
The True Cost of a Cyber Attack on the Defence Supply Chain
In early 2022, a well-regarded UK defence contractor found itself at the centre of a cyber security storm. The company, an SME and key supplier of engineering components for Ministry of Defence (MOD) projects, had built its reputation on precision, reliability, and discretion. But that reputation was shattered almost overnight when a cyber-attack exposed confidential…
-
·
How ServiceNow ITSM Transforms Defence Services
Managing IT services in the defence sector is an unique and often highly complex challenge. Unlike commercial enterprises, where IT disruptions might cause financial setbacks or inconvenience, in defence, an inefficient IT service can compromise national security and expose sensitive data to cyber threats. The ability to maintain seamless, secure and highly responsive IT services…
-
·
Simplifying Secure Collaboration for MOD Contractors
At a glance, defence projects may appear seamless; multiple organisations working together, each contributing their expertise to deliver advanced capabilities for the Ministry of Defence (MOD). The reality, however, is that collaboration in the defence sector is anything but simple. Consider; a small defence contractor preparing a bid submission for a high-value MOD contract. The…
-
·
Why Defence Needs Secure ITSM
Managing IT services in the defence sector comes with a unique set of challenges. Unlike in commercial businesses, where IT failures might result in financial loss or reputational damage, in defence, the stakes are far higher. Worst case scenario: disruption that jeopardises operations and ultimately risks lives. To keep these services and systems running efficiently…
-
·
Cyber Security Risk Management in the Public Sector
Cyber security within government organisations is fundamental to national resilience. The public sector handles vast amounts of highly sensitive information, ranging from personal data to classified intelligence, making it a prime target for cyber threats. Effectively managing cyber risks thus requires a socio-technical approach considering the people and processes, as well as the technology used.…
-
·
Why Defence Suppliers Need a Managed Security Service
When a mid-sized defence supplier landed its first direct contract with the Ministry of Defence (MOD), the leadership team knew security was a priority. They had an IT team in place, firewalls installed, and a cyber awareness programme for employees. On paper, they believed they were covered. Then came the hard truth. As part of…
Logiq completes acquisition of Savient Ltd, further strengthening its capability. Read the press release here.
