 |
Foehn conducted a programme of activities for its customer to help provide a solid foundation for St Andrew's push towards ISO27001 certification. |
About St Andrew's Healthcare
St Andrew's are the UK's largest not-for-profit mental health care charity which works independently and also partners with the NHS. They are a highly successful and rapidly growing organisation with year on year expansion of their world-class specialist services, utilising highly qualified and dedicated staff and state-of-the-art facilities.
Foehn were engaged by Comtact to accelerate St Andrew's existing security improvement initiative. Working in close conjunction with St Andrew's senior management, the activities encompassed top level policy development, vulnerability and infrastructure review and counter measure deployment.
The Challenge
As sometimes highlighted by breaches documented in the media, the Health Sector faces some of the gravest security issues due to the sensitive information they hold and the frequency of premises and systems access by non employees. When faced with such threats, the challenge is to show strong results at all levels of the organisation rapidly.
For most organisations security is an area that has distinct activity peaks across architecture, deployment engineering, assessors, ongoing management and governance. Furthermore a well crafted security policy itself dictates an 'independent perspective' is utilised from time to time. Whilst having a core of capability built around an Information Security Officer is vital for most organisation, having a full deck of security architects, specialist project engineers and qualified assessors employed all year round is therefore neither economic nor relevant.
For Foehn, the initial challenge was to cohesively fit within the customer's existing security initiative without introducing overlap placing unnecessary burden on counterparts and sponsors. To meet this end, Foehn are experts in working in complex relationships and finding the strengths of partnering with our customer's in-house resources and their existing third parties (such as Comtact) to provide a robust team solution.
Top Down Security
After a CISSP certified consultant analysed the customer's ongoing security initiative and overall status Foehn's provided St Andrew's with an Acceleration Framework consisting of:
- Security Policy development consolidating the organisation's existing security and governance documentation into a single Information Security Management System (ISMS) framework with a sistered policy audit document to compliment the organisations existing Risk Management Framework. This pairing of policy and audit documentation is a unique system that Foehn have developed to help our customers security initiatives advance rapidly by aligning the organisation and policy in a statistical fashion.
- Co-ordination of an External Vulnerability Assessment of the infrastructure utilising a CESG certified methodology.
- Performance of an in-depth Edge and Critical Infrastructure Security Review that analysed and provided recommendations on system's architecture, availability, health status and management practice. As Foehn is not a value added reseller or aligned to any particular manufacturer, its recommendations placed great emphasis on enhancing security with minimal additional capital investment and when capital investment was warranted the platform selections based on best of need.
- Full correlation of findings across the above areas to determine 80/20 rules (80% benefit for 20% effort) and overall management prioritisation.
- Technical engineering to tackle quick wins across specialist areas not within the skills set of in-house resources.
Results
As Foehn are an expert resource services organization that utilise leading forecasting and Project Management Office techniques we were able to move rapidly on the framework agreed with the customer. The end result was that the customer has over a short period of time been provided with stronger policy and a medium to long term roadmap for continuous improvement to help the company's shift to ISO27001 certification.
Share this:
