Client: (Housing Association)
A housing association were looking to develop an ICT strategy to take their business forward over the next five years in line with significant business changes. It was key for them to establish a future-proof data sharing protocol, allowing data to be made available to the relevant stakeholders when and where it was needed, whilst ensuring that its sensitivity was protected.
As a housing association, much of their data is of a delicate, personal nature, involving vulnerable individuals in society, so it was imperative that they embraced a new security strategy to protect themselves, their clients, and their stakeholders.
The National Computing Centre provided an integrated IT strategy which built in security. Drawing on its knowledge base, NCC provided the tools to create, govern and manage the security framework. We used our experience of this sector to deliver a programme of work that tackled each stage of the implementation of the security framework, from information gathering and project initiation through to management and quality assurance.
Our advisors detected vulnerabilities, and addressed these to comply with the best current standards of practice. The National Computing Centre provided a strategy that not only delivered compliant solutions now, but also ensured that the system is capable of meeting evolving, future requirements.
Our supplier-independent advice was completely impartial bringing a significant breadth and depth of knowledge and experience to ensure that best practices were met.
Client: (National Pension Fund Scheme)
A national pension fund scheme dealing with sensitive and personal information needed to review their security and governance policies to ensure that they had the most appropriate security policies and procedures.
The Actuary and Pension manager had some policies in place, some under development, and others that were being implemented or mandated by a parent company. It was necessary to put into practice a coherent set of information security policies, that were consistent in helping staff, at all levels across the organisation to properly manage sensitive information.
The National Computing Centre’s adviser reviewed the current and upcoming security policies and benchmarked these against the relevant areas of the ISO /IEC 27000/ BS 7799 standard series.
Our advisor used expertise gained in collaboration with the British Standards Institution, to initiate an audit and gap analysis of policy implementation and an assessment of a sample of activities from different business divisions. This review of what practices were in service led to working closely with the organisation’s staff – particularly significant stakeholders in the business. As a result, our advisor was able to recommend practical changes and improvements and create a policy manual which standardised procedures with pragmatic good practice.
The NCC methodology ensured that not only ICT staff were involved in updating the policies, but that business partners gained a full understanding, appreciation and ownership of what was required of them.
Client: (Construction Company)
A construction company approached the National Computing Centre because of a requirement to secure confidential information in their offices in the UK and on the many building sites under development for their customers.
Our approach to helping this client was to adapt The National Computing Centre’s security policy template that we established in consultation with our Member community of IT decision-makers in medium to large sized organisations.
The National Computing Centre’s advisor - Daniel Dresner - reviewed the security practices currently in place at various levels in the organisation and mapped these against the template.
Using knowledge of the IT-user community available through the Membership programme, Daniel was able to benchmark the construction company’s policies and procedures with other organisations in the sector. From this he compiled a compliance route-map for the company, outlining what practices were expected of them in securing their business information, and put in place procedures to develop their own security policies.
The National Computing Centre understands the importance of self sufficiency and promotes a culture of knowledge transfer with each assignment, helping to reduce the client’s reliance on external suppliers. This was realised through a series of informative and normative ‘real-work’ workshops where delegates from across the company were able to assure that the security process – from risk to treatment – met the cultural variance of on-site construction staff, roving surveyors, and office-based call centre staff. The construction company were so satisfied with the support and systems implemented by NCC that they continue seek our advice on other issues such as IT governance.
Client: (A multinational investment company)
A multinational Investment company which had used the National Computing Centre previously to ensure that effective data protection policies were in place, wished to bring their ICT continuity management policies in line with best practice. This organisation was seeking to achieve compliance to the established ICT continuity standard BS 25999.
The National Computing Centre was able to provide highly focused expertise from its experience in formulating the British Standard Code of Practice for IT continuity – BS 25777. Our methodology is founded on a core assessment from a thorough interview process involving members of the IT team. We gained an informed understanding of how the business was currently operating with a view to how innovative practices could be built from current resources.
The results of this review were then mapped against the standard and compliance gaps were identified. Using The National Computing Centre’s compliance template, our advisor developed a route-map to compliance for the company. At each stage of the process, The National Computing Centre kept in touch with the client to ensure that they agreed with and understood the recommendations identified in the route-map.
The National Computing Centre has been invited back on a regular basis since to ensure that the new policies and procedures are working effectively.
The National Computing Centre recognises that whilst many clients want their key processes to be benchmarked against best practice, not all wish to achieve formal certification or accreditation against external standards. We are happy to advise whatever your end-goal.