Information Security Assessment using Savanti’s Cyber Security Controls Framework

Our client, a large UK based charity, were working to define and map their digital journey in support of their organisational strategy. They had an ongoing focus on strengthening infrastructure, improving capability and planning for the future, and wanted an initial cyber security assessment to understand their current maturity. They enlisted the support of Savanti to complete an assessment to benchmark their security posture and guide priority transformation activities.

As a charity which manages a stem cell registry, our client processes some of the most special categories of personal data.  From a security point of view, it was imperative for them to adequately handle the data of people who could, one day, donate stem cells to patients in need of lifesaving transplants.

Approach

We conducted a detailed information security assessment using our NCSC Aligned Cyber Security Maturity Model. This model enabled us to assess every aspect of the client’s information security posture and score these against a recommended target maturity level.

Results

We provided the client with a detailed breakdown of their current cyber security maturity level scored against our recommended target model. In collaboration with their internal teams, we then proceeded to define a security improvement strategy including priority activities and actionable recommendations which was presented to the executive team for funding and support.

Whilst the initial assessment provided a benchmark for the client’s security posture, we have subsequently completed a number of follow-up assessments to track and demonstrate the overall maturity uplift achieved by the improvement strategy.