Established in 1903, the Institute of Directors (IoD) is the Industry recognised professional membership organisation supporting business leaders to promote boardroom professionalism to more than 30,000 members through relevant training and recognised qualifications.
As the leader in setting standards and governance for business, the IoD had a clear vision of being the exemplar of security and data privacy. The starting point for meeting this objective was to obtain the industry recognised Cyber Essentials certification.
Cyber Essentials is a government-backed cyber security certification scheme created in 2012 which sets out a good baseline of cyber security suitable for all organisations in all sectors. The scheme addresses five key controls that, when implemented correctly, can prevent around 80% of cyber-attacks.
Equantiis’ first step in supporting IoD was to carry out a Cyber Security readiness assessment, which explored all the departments within the business, the current policies and processes, technical systems, and architecture.
The outcome of the assessment provided IoD with a clear fit gap analysis in a RAG format, providing valuable insight into;
| Configuration and change management|
| Home and mobile Working|
| Incident Management|
| Media Controls|
| Regulatory Requirements|
| Systems Architecture|
| Third Parties|
| User Awareness|
| User Privileges|
To support the report, Equantiis delivered a clear roadmap of the action that was required to be completed in order to ensure Cyber Essentials certification could be attainted along with budgets, resources and timescales and priorities.
As well as outlining the technical requirements, Equantiis assisted in developing the staff requirements for behavioural change and awareness to ensure the hearts and minds of the organisation embedded new processes and policies into their working environment.
The assessment undertaken by Equantiis gave the IoD a clear prospective on the current state of Cyber Secuity maturity within the organisation. This allowed for a clear remedial project to be undertaken in order to meet the requirements and for the IoD to lead as the exemplar to showcase how businesses should be thinking towards the threats and actions required within Cyber Security.
With insight into changing the user awareness, IoD were able to put in a robust training and communication plan that would equip staff appropriately to ensure the integrity of the organisation.