X RAM © - Cross System Risk & Audit Method

Contact Information

The XRAM tool is conceived, designed and implemented by Peter Flack, director of Challenger Consulting Ltd. Further information about XRAM can be obtained from:


Peter has over 28 years practical IT security consultancy, risk assessment, security policy specification, security evaluation/audit and management experience. Peter has managed a variety of teams covering the entire development and project lifecycle. Peter has a UK Government SC security clearance.

Peter provided IT security consultancy for European Commission (EC) based systems in Brussels, including security risk analysis and production/review of subsequent ADS/ISMS material for two major DGs (Directorate Generals) and their systems, including:

Tasks included:

Peter also provided consultancy for the European Commission (EC) Joint Research Centre (JRC) for development of a risk assessment method, consistent with existing EC Security Policy and Standards, with reference to the ISO/IEC 27K family material. The JRC is the EC’s science and knowledge service, providing research and independent scientific advice and support to EU policy.

Peter has been a member of the CESG Listed Advisor Scheme (CLAS) until October 2015. CLAS consultants are approved by CESG to provide Information Assurance advice on systems processing protectively marked information up to, and including, SECRET.

Amongst Peter’s roles he has planned and documented ISO/IEC 27001 Information Security Management System (ISMS) material for 2012 Olympic services, and delivered information security management services for BT’s Capital Care Alliance Care Record Service, provided on behalf of the NHS as part of the National Programme for IT – the UK’s single largest secure development programme.

Peter has provided Common Criteria consultancy to customers of the BT CLEF, being a Qualified CLEF Evaluator, performing evaluations under both the Common Criteria and UK ITSEC Scheme.

Previously, Peter was the Programme Manager of Datacard Platform Seven’s Secure Products Group, responsible for the full project lifecycle of products from inception, through design and development and implementation, onto roll out into market. As well as managing the teams that developed the security critical financial systems, Peter provided the guidance and technical expertise in preparation for security evaluation (Common Criteria EAL4+ and the first ever ITSEC E6 evaluation, equivalent to EAL7).