Groundwork - North East and Cumbria
Posted on: 9th January 2024
The Client
Part of the Groundwork UK federation of charities, the 150 staff of Groundwork North East and Cumbria are the people behind hundreds of projects, services and programmes that support individuals and communities to become greener, fairer and stronger.
We’ve been supporting Groundwork’s IT needs for over a decade, so when the business identified a need to re-certify to the Cyber Essentials standard and demonstrate its commitment to security as well as maintain a competitive edge in the endless race for project funding, they called us.
The Challenge
Security is a board-level issue for the business. Had the Cyber Essentials assessment been based on its legacy systems, it was highly likely to have achieved re-certification, but it had a number of IT infrastructure refresh projects going through, including a switch from on-premise to Microsoft Azure and Microsoft 365. These wide-ranging projects added another layer of security complexity, for instance around connecting hundreds of mobile devices used by staff in a variety of locations and circumstances.
Our Solution
Our security experts worked through the Cyber Essentials readiness toolkit alongside Groundwork’s in-house IT team, assessing the business against the five basic security controls and helping to identify potential gaps. We also provided guidance on interpreting the questions in some areas, which even the lead Cyber Essentials delivery body IASME says can be difficult to understand, particularly for organisations that have a complex business structure like Groundwork.
Once the readiness toolkit had been completed, we mapped it to the gap analysis to come up with a tailored action plan to help Groundwork get through re-certification.
Although commercial considerations meant an aggressive timescale, by working together we achieved success in just four weeks.
The Outcome
With the successful re-certification behind us, we are now working with Groundwork to take the business to the next level, which is likely to mean gaining Cyber Essentials Plus and other nationally-recognised security standards.
Mike Styan, IT Manager at Groundwork North East and Cumbria said:
“Cyber Essentials is a way of demonstrating our absolute commitment to security. Having that stamp of approval of our systems and processes not only helps us win more work and run more projects and services that benefit thousands of people, it’s also a building block towards achieving our aim to be a model organisation. We already knew ITPS understood our business and how it operates, so they were the obvious choice when we wanted a partner with not just the technical knowledge, but the ability to work with an organisation with a unique structure. They supported us with a clear-sighted analysis and a tailored plan of action to achieve re-certification, which we are already benefitting from. Following a very successful project we look forward to working with ITPS on the next stage of our plan.”
Interested?
As problem solvers, we work with all types and sizes of organisation, with a proven record of success across many sectors including public sector, healthcare, finance, manufacturing and not for profit. We look forward to finding out how we can help you too.
