Beard chair computer 840996

Case study

The Kemnal Academies Trust

Case Study

The Kemnal Academies Trust

The Kemnal Academies Trust (TKAT) employs 3,300 staff and serves over 20,000 students and, with nearly 50 Primary and Secondary Academies, is one of the largest Multi-Academy Trusts in the South of England.

As custodians of so much important personal data, they aspire to the highest standards of cyber security and data protection.

The Brief

Cyber security risk is increasingly one of the key risks being considered at board level. In the last year alone, there has been increase of 24% in the number of data security incidents reported to the ICO [1]. As a result, there has been an increase of 38% in the number of enforcement actions taken by the ICO.

For one incident, the Blackpool Teaching Hospitals NHS Foundation Trust was fined £185,000 by the ICO for leaking the personal data of 6,574 members of staff. Fines are likely to increase due to the new GDPR legislation, and the maximum limit for fines under GDPR are €20m or 4% of annual global turnover.

Coordinating cyber security and data protection across more than 40 different schools and academies is difficult, especially since the IT infrastructure is managed by different individuals for each academy. How can consistent and effective security be maintained across all academies, especially when the technology and threats are both rapidly evolving?

[1] https://ico.org.uk/action-weve...

How we helped

Rizikon is a cyber risk assessment tool. This simple tool enables you to understand your cyber risk profile and can help you make the right investment into your defences – and so protects your clients and customers too.

TKAT used Rizikon to manage their information security risk across all their academies. Using Rizikon, they can centrally control the cyber risk assessment process, while still achieving detailed insight into the security posture of each academy.

Each academy receives a standardised set of questions and Rizikon creates an automated report based on algorithms derived from research by City University. The report highlights risks for each academy, as well as the solutions to mitigate those risks. It also covers Cyber Essentials and GDPR readiness.

This allows for a Cyber-risk strategy tailored to each individual academy, while still maintaining central visibility and control, without paying for expensive external consultants.

Cyber_132649094

Success Stories

"Cyber security risk is something that can be very difficult to assess for large and fragmented organisations. Particularly when budgets do not allow for the hiring of a large IT Security Team. Rizikon is a critical component of our overall cyber risk management strategy as it dramatically reduces the manpower required to audit our academies. The interface is intuitive, allowing our IT Managers to rapidly update their profiles, keeping them free to concentrate on their day-to-day work and reducing the need for site visits and external expertise. The net result of adapting Rizikon is improved security, it’s as simple as that. Faster assessment means risks are treated more quickly and the automated guidance means risk treatment can started immediately. Additionally, we operate with a largely devolved infrastructure so our visibility has improved dramatically, meaning that risks are not overlooked. This allows us to focus on implementing standards as opposed to mandating the infrastructure and allows our IT Managers a level of autonomy with acceptable risk levels. The Rizikon question set is regularly updated and maintained, meaning Rizikon can quickly adapt to emerging threats and changes in best practice. This was ideal for us as it means that Rizikon has become part of our regular compliance cycle, and we feel assured that we are continually monitoring for the latest threat trends. An added bonus is the automated assessment against Cyber Essentials standard provides a benchmark for compliance across the entire Trust."
  • Daryll Holland
  • IT Director