Formed in 2017, Thirteen are an industry leading organisation with some 1600 staff providing housing, care and support services to over 70,000 people in the North East and Yorkshire. With a wide range of personal and confidential data to protect, Thirteen recognised that achieving Cyber Essentials Plus (CE+) would demonstrate their commitment to cyber security.
Waterstons’ pro-bono work with Durham Constabulary, sharing knowledge around security and cyber risks led to Thirteen Group choosing to embark on the Cyber Essentials Plus (CE+) journey. They readily engaged with our Cyber team to partner with them and provide support in achieving the standard.
CE+, alongside the less stringent Cyber Essentials (CE) accreditation, is a nationally-recognised, Government-backed scheme to help organisations mitigate the growing threats of cyber-attack and online security risks; it is increasingly a pre-requisite of responding to tenders in both public and private sectors. Both standards are broadly similar, but organisations achieving CE+ are independently assessed against the five security controls that form part of the ‘DIY’ CE standard, and are subject to a vulnerability scan as part of certification process.
Working alongside Thirteen’s IT team, in June 2019 Waterstons’ Cyber consultants undertook an initial assessment and gap analysis. Thirteen’s information security practices and technology were mapped against CE+ standards, then, with this completed, a full list of items to be reviewed was created ready for the second stage of the process.
A prioritised Security Improvement Plan was created for Thirteen. With Waterstons’ support and guidance, Thirteen worked through the plan step-by-step; safe in the knowledge that the most significant risks were identified and mitigated by the action plan. Waterstons provided Thirteen’s Cyber Security team with training on how to conduct varying types of vulnerability assessments with the same suite of tools our Cyber team employ, giving them greater control over security going forward.
The original timescale for achieving certification ran to March 2020, but Thirteen soon realised the advantages of pushing forward quickly to achieve CE+. A new, tighter timescale was put in place for the certification audit to take place before the end of September 2019; no mean feat when dealing with more than a thousand IT users and the systems and infrastructure to support them!
Waterstons’ Cyber team were impressed by the dedication of their team to achieving the new timescale. With a strong and highly competent team focussed on delivery, both parties worked together to develop new, streamlined processes for application patching to simplify compliance with CE+ going forward. Thirteen worked through the improvement plan quickly, and were ready for certification on schedule in September.
Waterstons are certified by IASME (Information Assurance for Small and Medium Enterprises) as an independent auditor, and undertook Thirteen Group’s CE+ evaluation soon after. Thirteen Group were awarded their Cyber Essentials accreditation immediately, having surpassed the standard for certification.
With the engagement and commitment of their IT team and colleagues, Thirteen can now take advantage of their certification to support them in growth; meeting pre-requisites when bidding for new business, and demonstrating their commitment to security to their customers, partners and suppliers; and benefiting from reduced risk of cyber incidents impacting on their organisation. A provider committed to delivering the highest standards of service to their customers, Thirteen are well-placed not only to deliver new housing and support, but to build on the foundations put in place for their continuing cyber security journey.
Ready to start your journey to cyber security? Why not give our team of specialists a call on 0345 094 0945 or email email@example.com and take the first step!
With so much personal and confidential data to protect, it was vital that we achieved Cyber Essentials Plus, and Waterstons’ help and guidance gave us all of the tools and confidence we needed to do so.Hassan Bahrani Senior Network Infrastructure and Mobile Service Improvement Manager