Investing in cyber resilience to provide safe and secure homes
Formed in 2017, Thirteen are an industry leading organisation with some 1600 staff providing housing, care and support services to over 70,000 people in the North East and Yorkshire. With a wide range of personal and confidential data to protect, Thirteen recognised that achieving Cyber Essentials Plus (CE+) would demonstrate their commitment to cyber security and improve their business’s resilience to external threats.
Our pro-bono work with Durham Constabulary, sharing knowledge around security and cyber risks led to Thirteen Group choosing to embark on the Cyber Essentials Plus (CE+) journey.
CE+, alongside the less stringent Cyber Essentials (CE) accreditation, is a nationally-recognised, Government-backed scheme to help organisations mitigate the growing threats of cyber-attack and online security risks. It’s increasingly a pre-requisite for tenders in both public and private sectors. Both standards are broadly similar, but organisations achieving CE+ are independently assessed against the five security controls that form part of the ‘DIY’ CE standard, and are subject to a vulnerability scan as part of certification process.
Working alongside Thirteen’s IT team, our cyber team undertook an initial assessment and gap analysis. Thirteen’s information security practices and technology were mapped against CE+ standards, and then a full list of items to be reviewed was created ready for the second stage of the process.
We worked with Thirteen’s dedicated team to create a prioritised Security Improvement Plan. With our support and guidance, Thirteen worked through the plan step-by-step; safe in the knowledge that the most significant risks were identified and mitigated by the action plan. We provided Thirteen’s Cyber Security team with training on how to conduct varying types of vulnerability assessments with the same suite of tools our Cyber team employ, giving them greater control over security going forward.
Thirteen quickly identified the advantages of pushing forward quickly to achieve CE+ so a new, tighter timescale was put in place for the certification audit. The timespan from start to certification? Three months! No mean feat when dealing with more than a thousand IT users and the systems and infrastructure to support them.
With a strong and highly competent team focussed on delivery, both parties worked together to develop new, streamlined processes for application patching to simplify compliance with CE+ going forward. Thirteen worked through the improvement plan quickly, and were ready for certification on schedule.
“With so much personal and confidential data to protect, it was vital that we achieved Cyber Essentials Plus, and Waterstons’ help and guidance gave us all of the tools and confidence we needed to do so.”
Head of IT
As a certification body for the Cyber Essentials standard we undertook Thirteen Group’s CE+ evaluation and they were awarded their Cyber Essentials accreditation immediately, having surpassed the standard for certification.
With the engagement and commitment of their IT team and colleagues, Thirteen can now take advantage of their certification to support them in growth; meet pre-requisites when bidding for new business, and demonstrate their commitment to security to their customers, partners and suppliers. Not forgetting of course a reduced risk of cyber incidents impacting on their organisation. A provider committed to delivering the highest standards of service to their customers, Thirteen are well-placed not only to deliver new housing and support, but to build on the foundations put in place for their continuing cyber security journey.