Evolve Secure Solutions, a CSI group company, is a Certified Cyber Security Consultancy of the National Cyber Security Centre (NCSC).

Their consultants help organisations build the right foundations so that they can go on to implement effective, well managed, information and cyber security controls.

From high-level strategy, through to detailed ISMS implementations aligned with industry frameworks such as ISO27001, Evolve Secure Solutions has the experience necessary to help you lead your organisation’s information security initiative with clarity and confidence.

Our client is a world-renowned UK top-10 ranked university. The University is one of the world’s leading research-intensive universities undertaking studies across medicine, science, engineering, the arts and humanities.

Challenge

The University works with a range of partners that provide original data that is the basis for research studies. Each partner has its own assurance requirements and specific compliance obligations, including DPA and Caldicott which relate specifically to clinical patient data. The University needed to identify a mechanism that would effectively communicate a security assurance profile for its new research environment to the satisfaction of all stakeholders. The research environment needed to be located and accessible via a much wider enterprise ICT arrangement that served the accessibility requirements of all University users.  This presented a security segregation challenge.

Solution

CSI’s advisory team was engaged to identify the most effective assurance mechanism to meet the security goals for the research environment. We identified ISO27001 as the most likely mechanism that would meet the requirements of the majority of research data stakeholders. Initial work commenced with a scoping study to determine the parameters of the ISO27001 project and to highlight key areas of security-related activity, such as identity and authentication, network separation, and security event monitoring. Our team was integrated with the University’s internal project team and was responsible for all aspects of the certification preparation process.

Outcomes

Following a work programme lasting almost a year, the new research environment was securely designed and implemented.  It was immediately subject to ISO27001 certification, which was achieved at the first attempt.

As a result of the successful ISO27001 certification, research data stakeholders immediately authorised the release of their data into the environment.

CSI’s advisory team is now engaged in a managed security service to ensure on-going compliance and continued certification to ISO27001.