Apr 28 2017

Why is ISO 27001 so important to our public-sector clients?

ISO 27001

What is ISO 27001?

ISO/IEC 27001 is the de facto international specification for managing information security.

Organisations that are ISO 27001 certified have a comprehensive management system that provides assurance of the confidentiality, integrity and availability of data and information they handle.

The policies, processes and procedures that make up this management system are scrutinised and tested annually by independent 3rd party auditors who have the power to withdraw the certification if things aren’t up to scratch.

S8080 have been ISO 27001 certified since 2015, but many of the security controls have been in place since 2001 when we first achieved the ISO 9001 quality standard.

Confidentiality, integrity and availability?

When we handle any type of data for our clients, which can range from paper based records through to immense databases of confidential information, there are three ways we need to care for it.

  • Confidentiality – we will keep the data secure and ensure only those who are supposed to access it, can access it
  • Integrity – we will make sure the data in our care is correct and accurate and does not become corrupted or contaminated
  • Availability – we will ensure that the data can be accessed when it needs to be accessed

Why is ISO 27001 so important?

This all sounds very simple when written down in three bullet points, but consider how things could go wrong with each one. We’ve all shuddered at the stories of data loss, ICO fines and the ensuing PR nightmare. It’s happened to the biggest organisations in the world.

We’ve helped organisations urgently unpick the mess of a compromised site… their previous agencies weren’t focused on security aspects and these poor clients had some very stressful days as a result. Enough said!

  • For example, if your website collects information using an online form, is it encrypted as it’s being sent to the webserver? What about when it’s stored? Or is it in a format that anyone can see?
  • When was your website built? Is your CMS up to date with the latest security patches or could rogue code be injected destroying your website and data? Has it ever been penetration tested to see if hackers could access the administration area, deface your site and download your confidential databases?
  • What happens if your hosting goes down? Is it back up in a matter of minutes or will it take hours or even days? If you site becomes unavailable at 10pm on a Sunday evening, who is going to fix it, and when?
  • What could a disgruntled ex-employee or contractor do to your systems? When was the last time you audited user access rights on your CMS? Or do you all share the same login?

How do our clients benefit from ISO 27001?

Each of these scenarios, and many, many more have considered and addressed in a detailed risk assessment and specific policies, procedures, checklists and guidelines have been written to protect against the issues identified.

Our public-sector clients are confident that the digital systems we design and build for them are secure and comply with legal and regulatory requirements.  They know that our approach to systems design and development follows international best practice, is up to date and is continuously improving.

They have seen our business continuity and disaster recovery plans that explain that even if our offices are razed to the ground, their systems will be unaffected, their project managers will be immediately available and our development team will be up and running within 3 hours.

They know their information assets are being well managed by people and processes that are regularly tested by the most stringent information security auditors in the country.

But at the end of the day, for most of S8080’s clients, it’s just one thing less they have to worry about.

Mar 6 2017

New website for the Parliamentary and Health Service Ombudsman (PHSO) goes live

PHSO

S8080 recently launched the new site for the Parliamentary and Health Service Ombudsman, delivered through the G-Cloud framework.

The redesign and development of the site will help people access PHSO services more easily by structuring the content more clearly through a reworking of their IA. The site also contains an interactive tool that allows users to quickly assess whether they are ready to take their complaint to the Ombudsman. This tool, placed on the homepage helps users understand the complaints process and signposts them to the correct information while helping PHSO filter enquiries that are not quite ready for the complaints procedure.

PHSO iPad Pro

The design had to be sensitive to the user’s emotional state, as at the time they first engage with the service they were likely to be unhappy. By presenting the content clearly and showing them the clear path the complaint process takes, they are immediately helped and given them confidence in the service.

During UX and development, the site has undergone extensive usability and accessibility testing with third party specialist testing agencies. The site was user tested under laboratory conditions and the findings of the usability report assisted the organisation in evolving the experience based on user’s needs and wants. Real-world accessibility testing was undertaken under a variety of conditions so the site and content can be accessed by all.

PHSO mobile website

The website was built with the newly released Drupal 8 content management system. This latest version of Drupal offers many benefits over previous versions including performance improvements, an enhanced administration user experience as well as more control and customisation from a development perspective. In addition to these front-end improvements, using the open-source Drupal 8 CMS also assures a more ‘future-proofed’ website and by extension a greater level of security and performance for both users and their data.

The feedback from the organisation and the site’s users has been overwhelming positive. It’s been a pleasure to work with PHSO, who were highly engaged throughout the UX, creative and development phases. Their enthusiasm and subject expertise helped us understand their objectives and assisted in delivering a site that will make a real difference to its users and the organisation.

Take a look at the new Drupal 8 PHSO website here.

Feb 4 2015

G-Cloud and open source for public sector

CCS logo

We are delighted to let our existing and potential public sector clients that S8080’s complete set of services is available via the new G-Cloud 6 framework, delivered by the Cabinet Office’s Crown Commercial Service.

The Crown Commercial Service (CCS) works with both departments and organisations across the whole of the public sector to ensure maximum value is extracted from every commercial relationship and improve the quality of service delivery. The CCS goal is to become the “go-to” place for expert commercial and procurement services.

Our G-Cloud services cover specialist public sector open source, Drupal, Umbraco and EPiServer web usability, web design and web development.

 

Working with public sector

We have a long history working with our public sector clients. Before G-Cloud, we spent over 10 years on the COI digital roster working with clients including No.10, Ministry of Justice, Cabinet Office and the Department of Energy and Climate Change.

Open source software like Drupal and Umbraco has become increasingly important for public sector organisations. Open source means the CMS software is free. This frees up budget for user experience, engaging design and robust, secure functionality.

Whatever features you need, chances are there’s already a free extension for it. Coupled with an agile and iterative development process, this is what makes Open Source systems such good value for public sector clients.

 

Our open source G-Cloud services

Open Source Content Management Systems

Open Source Responsive CMS website – mobile optimised

Open Source Website UX, design and development

Drupal for public sector

Umbraco for public sector  

We can also offer the enterprise level CMS, EPiServer, via G-Cloud

EPiServer for public sector

 

Public sector open source and Drupal case studies

If you would like to find out how open source content management systems like Drupal or Umbraco can help your public sector organisation, or would like to see our public sector open source and Drupal case studies, contact us or email info@s8080.com.

Jul 2 2009

Announcing oneplace

We have been itching to tell you about this, but it’s been under wraps.

The Audit Commission will give delegates at this week’s Local Government Association (LGA) conference their first look at the new ‘oneplace’ website we have been working on. To be launched in December this year, Oneplace replaces the working title of Comprehensive Area Assessment (CAA), giving independent information on the performance of local public services throughout England.

“Visitors to the site will be able to access jargon-free, easy-to-read summaries of how local public services are doing in their area and around the country. There will also be links to detailed information from the independent inspectorates behind CAA – the Audit Commission, Ofsted, Care Quality Commission and Her Majesty’s Inspectorates of Constabulary, Prisons and Probation.”