Investing in cyber resilience to provide safe and secure homes 

Our pro-bono work with Durham Constabulary, sharing knowledge around security and cyber risks led to Thirteen Group choosing to embark on the Cyber Essentials Plus (CE+) journey. 

CE+, alongside the less stringent Cyber Essentials (CE) accreditation, is a nationally-recognised, Government-backed scheme to help organisations mitigate the growing threats of cyber-attack and online security risks. It’s increasingly a pre-requisite for tenders in both public and private sectors. Both standards are broadly similar, but organisations achieving CE+ are independently assessed against the five security controls that form part of the ‘DIY’ CE standard, and are subject to a vulnerability scan as part of certification process. 

Working alongside Thirteen’s IT team, our cyber team undertook an initial assessment and gap analysis. Thirteen’s information security practices and technology were mapped against CE+ standards, and then a full list of items to be reviewed was created ready for the second stage of the process. 

We worked with Thirteen’s dedicated team to create a prioritised Security Improvement Plan. With our support and guidance, Thirteen worked through the plan step-by-step; safe in the knowledge that the most significant risks were identified and mitigated by the action plan. We provided Thirteen’s Cyber Security team with training on how to conduct varying types of vulnerability assessments with the same suite of tools our Cyber team employ, giving them greater control over security going forward. 

Thirteen quickly identified the advantages of pushing forward quickly to achieve CE+ so a new, tighter timescale was put in place for the certification audit. The timespan from start to certification? Three months! No mean feat when dealing with more than a thousand IT users and the systems and infrastructure to support them. 

With a strong and highly competent team focussed on delivery, both parties worked together to develop new, streamlined processes for application patching to simplify compliance with CE+ going forward. Thirteen worked through the improvement plan quickly, and were ready for certification on schedule.  

As a certification body for the Cyber Essentials standard we undertook Thirteen Group’s CE+ evaluation and they were awarded their Cyber Essentials accreditation immediately, having surpassed the standard for certification. 

With the engagement and commitment of their IT team and colleagues, Thirteen can now take advantage of their certification to support them in growth; meet pre-requisites when bidding for new business, and demonstrate their commitment to security to their customers, partners and suppliers. Not forgetting of course a reduced risk of cyber incidents impacting on their organisation. A provider committed to delivering the highest standards of service to their customers, Thirteen are well-placed not only to deliver new housing and support, but to build on the foundations put in place for their continuing cyber security journey.