Codes of Connection (CoCo) Consultancy
What are Codes of Connection (CoCo)?
A Code of Connection (CoCo) is used when a formally accredited information system wishes to connect to another “unknown” information system. There are a variety of reasons for wishing to connect information systems together, but they usually involve a requirement to exchange data and information.
How does CoCo work?
A code of connection works by the accredited system stipulating a baseline set of controls to be implemented, or commented on, by the connecting organisation.
These controls are usually selected from best practice (ISO 27002) or, more usually, various HMG Information Assurance requirements.
The controls can broadly be broken down into the following types:
- Technical - such as implementing an assured barrier between the two organisations or performing an IT Health Check.
- Procedural - such as ensuring that all security incidents are reported to the partner organisation.
- Physical - such as ensuring that the physical security of assets is adequate.
- People - such as ensuring that all staff involved have appropriate background and identity checks or appropriate education, training and awareness.
When the code of connection is completed, the accredited information system will assess the threat the connecting organisation poses. If it believes that the risks are acceptable, it will authorise the connection.
How stringent a code of connection is depends on the level of assurance required between the participant organisations.
What Specific Codes of Connection (CoCo) services are we likely to require?
- Gambling Commission - Our experienced consultants can help you map a route to compliance with the technical requirements of the Gambling Commission.
- GSI, xGSI, GSX, GCSX, GSE.
Speak to an expert
Whatever the nature or size of your problem, we are here to help. Get in touch today using one of the contact methods below.