Loading...
Improving Resilience at Northern College
07Nov
Improving Resilience at Northern College

Background

Northern College (the College) is an adult residential college based in a magnificent building in the grounds of Wentworth Castle.  The College is dedicated to the education and training of individuals who are without formal qualifications, but who want to return to learning. Northern College also offers training for those who are active in community and voluntary groups as well as in trade unions. Although it is a relatively small college, it has over 6,000 student registrations a year comprising of individuals of varying age, from a wide range of socio-economic backgrounds and demographics. The College's educational programmes provide a direct route from basic education through to higher education.  With the exception of a one year access to Higher Education course, most courses are short, intensive residential courses of three to five days running both during the week and at weekends. The College operates from a single location, the major part of which is Grade 1 listed.  

The Challenge

Continuity of business operations is vital for the College and their stakeholders.  Senior staff were worried that there was no up-to-date understanding of where operational priorities should lie, or what resources would be required to enable a recovery in the event of an emergency at the College. Denise Pozorski, Vice Principal, asked Jermyn Consulting to complete a business impact analysis as a first step to understanding the contingency planning priorities for the College. With staff time at a premium, Jermyn Consulting needed to develop an approach that would minimise time commitment whilst maximising the quality of information gathered. We responded to the brief by designing and delivering a business continuity planning workshop.  Having unrivalled experience in the education sector enabled us to develop a tailored approach that fit the College’s requirements exactly.  

The Jermyn Consulting Solution

We began the assignment by agreeing scope, required outcomes, data collection templates, system parameters and delivery timeframes. Then we ran the workshop which comprised of a bespoke data gathering tool and project support from experienced consultants to delegates.  By specifying response parameters throughout, we were able to validate responses and ensure a robust information gathering process. Once delegates had identified their business continuity priorities and recovery needs, we objectively analysed the results. Having completed similar workshops for multiple customers across several sectors in the past, we were able to assess responses, analyse impacts and recommend recovery strategies. Uniquely, our method also enabled us to derive recovery time objectives for IT services, based upon dependent business processes.  

The Outcome

The feedback following our analysis recommended the most suitable approach to business continuity planning for the College. This comprised of recovery strategies, recovery objectives, resource requirements, IT recovery needs and importantly, an implementation action plan. The College is now in an excellent position to prepare workable business continuity plans and we have recently agreed a new phase of work where we will assist Northern College in the implementation of business continuity.  

Testimonial

‘’Northern College has been delighted to work with Jermyn Consulting. Jermyn has unrivalled experience and knowledge of business continuity in the education sector and we have found this to be invaluable.  Their consultants are extremely approachable and can engage particularly well at all levels of the College.  We were delighted that Jermyn Consulting completed the project to time and budget – they have always delivered on their promises’’.   If you'd like further information on the importance of business continuity for your organisation, please don't hesitate to contact us. To download the case study click here

read more

Managing the Response to Cybercrime
01Sep
Managing the Response to Cybercrime

Background

The need for an effective response to cybercrime is becoming more urgent. No organisation is immune from failure in information security controls - from telecoms to tea shops, from supermarkets to software and game companies. Senior managers realise the implications of a cyberattack: The Information Commissioners Office (ICO) imposing fines, loss of customer confidence and damage to reputation. These things can take many years to recover from if not managed effectively. For organisations and institutions that work with highly sensitive data (such as banks and building societies), an information security breach would arguably cause even greater damage. Whilst there is no guaranteed defence against cyberattacks, organisations need to be prepared for such an eventuality.  

The Challenge

Although physical security and hardware and software solutions can work effectively, persistent cyber criminals are able to circumvent such controls. A well-known building society (referred to as ‘our customer’ because they would prefer to remain anonymous) realised that despite all of their controls there remains a potential vulnerability to cyberattacks. The requirement for a coherent and effective response to a cyberattack, is arguably of the utmost importance. To adequately fulfil their requirements, our customer sought the expertise of Jermyn Consulting. Our brief was to set up a realistic scenario exercise for the senior management team which simulated the events of a cyberattack.  

The Jermyn Consulting Solution

Jermyn Consulting are experts in scenario-based management exercises. We have designed and delivered over 200 realistic scenario exercises for customers, including bespoke cybercrime response exercises for banks and building societies. For our customer we developed a scenario based on an extortion attempt by a hacking group that threatened to publish stolen customer data online unless a ransom was paid. By taking part in a cybercrime scenario exercise facilitated by Jermyn Consulting, our customer’s management team was able to look closely at their response mechanisms in the event of such an incident. Technical strategies were already in place so the emphasis was on developing the most effective measures to safeguard organisational reputation and customer retention. In doing so, the senior management team gained an understanding of the key stages of a response; such as detection, escalation, invocation, containment, response and recovery. These were all completed in a safe and supportive (yet realistic) environment. Jermyn Consulting worked with key personnel within the organisation to develop the scenario to ensure it fitted the organisation’s needs, taking in to account their existing response mechanisms.  Using our experience of other such exercises, we ensured pinch points were appropriately challenged.    

The Outcome

The exercise enabled the management team to: · Identify the key personnel and set up a response team with the necessary skills and knowledge. · Confirm the response protocols and further develop their response plans. · Identify pre-requisite actions to improve information security in general, and embed the response process. Among the issues identified by delegates as needing attention were: · A better understanding of the third party support services available (e.g. insurance and technical specialists). · The need for a clear strategy of engagement with key stakeholder groups. · The impact of social media on the organisation. · More robust interfaces between contingency funding and major incident responses. · Clearer decision-making powers. Our customer now has a comprehensive action plan for fast, effective incident response in the event of a cyberattack. The future focus is on continuing to build and maintain competency within the management team to work alongside their existing effective technology solutions. To download the case study click here.

read more

CSI achieves ISO 27001
03Jun
CSI achieves ISO 27001

Background

CSI Leasing and CSI Lifecycle are separate companies operating under the global CSI brand. Sheffield based CSI Lifecycle manages the procurement, disposal and remarketing of computer equipment, and also has in-house and mobile data destruction capability, operating across the UK and in Europe. CSI Leasing has offices in Sheffield and London, and provides IT equipment leasing services.  

The Challenge

Although the two companies operate in different sectors they have one issue in common: the handling of a large volume of confidential and sensitive information – both their own and their customer's. Best practice and recognised standards are key drivers and achieving registration to ISO 27001:2013 was identified by senior management as a pivotal part of this. CSI recognised it did not have all of the skills needed to develop the information security management system (ISMS) and brought Jermyn Consulting on board to help them achieve this.  

The Jermyn Consulting Solution

Jermyn Consulting understands the importance of developing user-friendly systems and procedures in keeping with the customer’s operational requirements. Working closely with CSI’s project manager and her team, Jermyn Consulting agreed key milestones and deadlines, including dates for external certification audits. The next stage was to complete the information risk assessment and identify the information handled by both organisations, its importance and the potential impact in the event of a loss of confidentiality, integrity or availability. From this Jermyn Consulting and CSI were able to draw up a list of risk control measures, develop solutions and document the relevant policies and procedures. CSI was then able to undertake the difficult task of improving or implementing the risk control measures. After completion of the relevant documentation Jermyn Consulting carried out an internal audit to confirm the status of the ISMS prior to the external certification audits. In order to ensure senior management understood the key risks and issues a Management Review was carried out by the CSI executive team.  

The Outcome

In line with the original timetable of the project plan, the Stage 1 external audit was completed in November 2015 and Stage 2 a month later with no non-conformances identified.  

Testimonial

Louise Dove, of CSI said: “Working with Jermyn Consulting was very straightforward. Their advice was clear and concise throughout the consultation and implementation phase, and project activities were completed within agreed timeframes. In addition to Jermyn’s knowledge and experience, one of their key selling points was their agreed-outcome / fixed-fee model. We knew from the outset what we expected to receive and crucially, we knew exactly how much it was going to cost.” Director of Jermyn Consulting, George Hall said information security was an ongoing challenge for organisations such as CSI. “Under constant scrutiny from customers and other stakeholders CSI must be able to guarantee information security and prove its systems are fit for purpose and resilient”, he added. Lauren Daykin, Jermyn’s project manager added: “It was a pleasure working with Louise and her team on this implementation project. Tasks were completed exactly as they should have been and with all the relevant points covered. In particular it was great to work on assignment where all milestones were achieved and not a single non-conformance identified”.     To download this case study, simply Click here

read more

Delivering emergency planning that is fit for purpose
18Jan
Delivering emergency planning that is fit for purpose

Background

The Open University (OU) is the largest academic institution in the UK and a world leader in flexible distance learning. Since it began in 1969, the OU has taught more than 1.8 million students and has almost 200,000 current students, including more than 15,000 overseas. The main operational centre is in Milton Keynes with national centres in Scotland, Wales and Northern Ireland. Approximately 4,000 staff are based at the OU's headquarters in Milton Keynes. Jermyn Consulting was given a brief to deliver an emergency planning approach that was fit for purpose given the scale at which the OU operates. The OU had a documented Emergency Management Plan and a designated Emergency Management Team. The remit was to ensure that those charged with delivering the Emergency Management Plan in a real disaster situation understood their roles and responsibilities. In particular, the OU wanted to ensure that members of the Emergency Management Team could respond effectively when working under the added pressure of a developing emergency situation.  

The Challenge

To ensure that the OU got the maximum benefit from the exercise, we proposed a progressive approach: We responded to the brief on the basis of designing and delivering an introductory scenario exercise for the Emergency Management Team. The approach was intended to present the concepts of emergency management and build confidence in the Plan and Team structures.  

Jermyn Consulting’s Solution

We began the assignment by working with the OU to understand the existing plans, procedures and systems for emergency management. This allowed us to understand the background as well as identifying initial areas for improvement. The next step was to identify a realistic scenario. Working with key staff with functional responsibilities from the OU, we short-listed some options before agreeing the final scenario. With the scenario agreed, we were in a position to develop the exercise story-board. The exercise was completed during an intensive half-day workshop, during which members of the Emergency Management Team were presented with a progressive scenario and tasked with developing an appropriate response. Observers kept track of the unfolding situation and identified any areas that might require attention in future. A debrief immediately following the exercise helped to further consolidate the exercise findings and outcomes. We summarised our findings together with recommendations for improvement in an Exercise Report that was subsequently presented to the OU’s management team.  

The outcome

Jermyn’s scenario exercise report enabled the OU to develop a formal action plan to build upon the existing emergency planning arrangements at the University. Improvements identified that have been subsequently implemented (again with assistance from Jermyn Consulting) include:
  • An introductory incident management exercise for the IT Department's Incident Management Team (which is a response team operating in support of the Emergency Management Team).
  • A redesign of the OU's Emergency Management Plan to a workbook format, orientated around a central agenda.
  • A redesign of the OU's Incident Response Plan to align with the Emergency Management Plan.
 

Testimonial

The Open University has been delighted to work with Jermyn Consulting over the years. We continue to work with them because they are constantly innovating and we can see real progress being made in our incident management and emergency management procedures and capabilities. Their exercises are always thought provoking, acting as a catalyst for change. In particular, Jermyn's consultants can engage at all levels of our organisation, and are adept at helping us to implement the pragmatic recommendations that they make. Peter Ling, Security Manager.     To download this case study, simply Click here

read more

Developing a proactive crisis escalation and resolution protocol
13Nov
Developing a proactive crisis escalation and resolution protocol

Background

TelecityGroup is a leading provider of European data centres headquartered in London. TelecityGroup’s data centre facilities are available in 11 European countries, and are enabling environments in which the separate networks that make up the internet meet and where bandwidth intensive applications, content and information are hosted. TelecityGroup is committed to excellence and setting the benchmark in their environmental strategy and quality standards. The business is registered to a range of ISO standards to provide the governance framework for the business. The standards show the business’s commitment to quality, integrity and a drive to improve.  

The Challenge

TelecityGroup has developed (with Jermyn Consulting’s support), an ISO 22301:2012 accredited business continuity management system (BCMS) for its primary operating regions. Existing operating procedures ensured that regional managers were adept at dealing with service interruptions at a regional level. However, there was no proactive escalation or resolution protocol to the Group’s executive management, in the event of a crisis affecting multiple regions or the Group’s Head Office itself. The Group’s Head Office wanted to ensure that they could provide the necessary strategic and tactical support to its operating regions in the event of a business continuity incident arising at any of its locations. Given the Group’s pan-European operations, members of the executive management team are often away from the operating base in London. As such, it was important to build crisis response capability rapidly and effectively.  

Jermyn Consulting’s Solution

Jermyn Consulting worked closely with the Group’s Head of Operational Standards to develop a workable Crisis Response Team structure, clear escalation route, a scaled definition of a crisis and a workbook-based Crisis Response Plan. To fully educate the Group’s executive management in their roles and responsibilities as the Crisis Response Team Jermyn Consulting designed and facilitated a scenario-based training and exercise workshop. The workshop discussed broad crisis response concepts, reviewed the Crisis Response Plan content and tested the effectiveness of the Team through a progressive scenario. Using a combination of bespoke injects, images, discussion points and mocked up news and social media content, Jermyn Consulting ensured that the protocol was fit for purpose.  

The benefits

Jermyn Consulting ensured that the scenario was designed to truly exercise the effectiveness of the Group’s crisis response plans and team. The scenario touched on issues that affected the business as a whole, and was based soundly upon realistic and TelecityGroup specific material. Having facilitated over 150 exercises of this type, Jermyn Consulting has a large pool of resources to call upon to make any scenario exercise effective, enjoyable and memorable.  

Testimonial

We are delighted with the way that Jermyn Consulting works with us. They are equally able to engage with our executive management or operational staff with a friendly and approachable manner. They always demonstrate subject matter expertise, enthusiasm and professional integrity and I have no hesitation in recommending them. We continue to work with Jermyn Consulting to assist us with specific components where their expertise and efficient delivery saves us time and money Daniel Watts, Head of Operational Standards, TelecityGroup International.       To download this case study, simply Click here

read more

Techgate achieves ISO 22301
19Oct
Techgate achieves ISO 22301

The Challenge

Techgate is an industry renowned provider of highly available, secure and flexible ΙΤ infrastructure services. The company delivers highly resilient IT production systems and state of the art disaster recovery solutions. Techgate has been providing managed hosting and business continuity services for more than ten years. During that time, Techgate has evolved into a fully fledged managed service provider, supplying enterprise-class levels of availability, security and compliance. All of Techgate’s solutions are delivered from UK based Tier 3 Data Centres and their wholly owned, highly resilient network infrastructure. Techgate plc developed its own business continuity management system (BCMS) and was accredited to BS 25999:2007. This meant they had to convert to ISO 22301 when this replaced the older standard. Techgate turned to Jermyn Consulting as industry leading Business Continuity experts to provide expertise and guidance to aid the transition. Jermyn had previously developed a scenario-based management exercise and reviewed the content of the BCMS. Because of the success of previous work, there was a high degree of trust in Jermyn’s ability to engage with Techgate’s staff and to provide clear, pertinent advice and guidance.  

The Jermyn Consulting Solution

Jermyn Consulting conducted a system audit and gap analysis, specifying where components of the BCMS would need to be changed to align with the requirements of ISO 22301. In conjunction with this Jermyn Consulting was instrumental in training the new business continuity manager in the role, the requirements of ISO 22301 and the components of the BCMS. The new business continuity manager also took on responsibilities for information security, ahead of an ISO 27001 surveillance visit. Jermyn Consulting provided exclusive subject-matter training in ISO 27001 and the Information Security Management System (ISMS). Mentoring the new business continuity manager and providing assistance in implementing the changes, was required to ensure a successful transition.  

Testimonial

Graham Green, Techgate's Operations Director

“Having worked with Jermyn Consulting in the past, Techgate plc, a supplier of high availability cloud infrastructure and Business Continuity services, had no hesitation in asking them to help with the transition of their BS 25999 BCMS to the requirements of ISO 22301. “Jermyn have always worked extremely well with our people and have a thorough understanding of the subject matter as well as the challenges and pitfalls that can arise from implementing this Management System in a SME. During the transition process they provided a light touch approach that was very efficient, providing us with lots of value-add and the outcome that we wanted. “Techgate believes that its BCMS, along with its Information Security Management System (ISMS), underpins the management and technical approach to providing the resilience and security to all business practices that their customers are looking for and appreciate. Graham added that “Jermyn Consulting’s support through the transition from BS 25999 to ISO 22301 helped us ensure that we successfully negotiated the transition audit at the first attempt. We have no hesitation in recommending them to other business of a similar size. Having these accreditations allows Techgate to prove to its customers that we provide and maintain the highest levels of service deliver and management for its bespoke IT solutions.”     To download this case study, simply Click here

read more

Lockwell Electrical Distributors
23Sep
Lockwell Electrical Distributors

The Challenge

Established in 1975, Lockwell is a leading independent electrical wholesaler and distributor of electrical and maintenance products. From its network of 19 branches across England and Wales, the company supplies installation, industrial, contracting, maintenance, commercial and trade companies. With an expanding business winning significant commercial contracts and customers with deadlines to meet, it is essential that Lockwell can maintain service levels if operations are disrupted. Operations Director Ian Wright turned to business continuity specialists Jermyn Consulting to develop a practical approach to address the planning challenge.  

The Jermyn Consulting Solution

The Jermyn team developed a programme of activities to meet Lockwell’s goal of practical business continuity without creating a significant management burden. We agreed measurement criteria for risk and business impact analysis and met key stakeholders within the business to understand what a disruption would mean to Lockwell and its customers. After analysing the data, we developed appropriate business continuity strategy recommendations which were then presented to Ian Wright for consideration. The strategy components addressed the needs of the Coventry head office, a sample branch, IT and other elements of the business. A cornerstone of the strategy was a ‘branch in a box’ concept to allow rapid recovery of branch operations. Draft business continuity plans, including an incident management process were produced, approved and are being absorbed into the business. Some elements of the strategy require third party assistance and Jermyn Consulting were able to put Lockwell in touch with trusted vendors who can assist in this regard. Our action plan will help Lockwell further develop and maintain its business continuity into the future.  

The Benefits to Lockwell

As a very practical and agile business, Lockwell had elements of business continuity in place but they had not been formalised. The company now has a process, plans and maintenance schedule which mean there is real substance to their resilience. The business impact analysis has shown which are the most important functions to recover and the business is able to prioritise any recovery to minimise impact. As a consequence, customers have reassurance that Lockwell will make every effort to continue service levels even in the worst circumstances.  

Testimonial

Ian Wright, Operations Director, Lockwell Electrical Distributors Ltd.

"We needed a business continuity approach which was practical, sustainable and wouldn’t become a burden to us. Jermyn’s efficient approach and methods mean they didn’t take up a huge amount of our time but accessed all the information needed. As a result, we now have plans in place which are clear, concise and reflect the needs of our business. We will roll them out to all of our branches in the near future." "We now have a firm understanding of the process we need to follow in the event of a disruption and are putting the internal resources in place to make our business continuity come to life. I’ll happily recommend Jermyn Consulting to anybody who needs support in developing practical business continuity."     To download this case study, simply Click here

read more

We believe in working with our customers, not for them