Reading, UK – 19th March 2021
Cyber security services company Bridewell Consulting has enhanced the security of the upcoming 2021 Census programme following a stringent review process. Bridewell was enlisted by the Office for National Statistics (ONS) and the Northern Ireland Statistics and Research Agency (NISRA) to perform the Independent Information Assurance Review (IIAR) which took place between September 2020 and January 2021.
The purpose of the assurance review was to identify any security risks to Census’ systems, services and information, and to present an independent view of security maturity to stakeholders. Bridewell also produced a public report to assure the nation adequate measures are in place and encourage members of the public to complete the Census.
The Census is a nationwide survey that takes place every 10 years and must be completed by every household. The data collected in the survey builds a picture of all the people and households across the UK to help organisations make decisions on planning and funding public services including transport, education and healthcare in each area. This year’s Census survey takes place on Sunday 21st March.
Bridewell previously delivered the assurance review for the Census rehearsal in 2019 and was selected to undertake the review of the 2021 Census following a formal tender process. Bridewell engaged with the ONS, NISRA and their trusted partners over three months to ensure that a thorough and robust review into every aspect of the programme was completed effectively. The assurance review took a three-phase approach, covering governance and management, operational security, process and design, and security assurance.
Andy Wall, Chief Security Officer at the Office for National Statistics comments: “The protection of citizen information collected in the Census is critical. ONS has developed strong security measures to safeguard submissions but we did not want citizens just to take our word on this. It was very important for us to test our approach and measures and so we wanted an independent view. A specialist organisation like Bridewell, which has the expertise to look under the bonnet of the Census and assess the detail of what we have built was very valuable.”
The assessment criteria comprised of a range of selected controls, outcomes and good practice from security industry recognised control frameworks to ensure the assessment was not confined by one singular framework. This included ISO27001, the Cyber Security Framework, the Open Web Application Security Project Software Assurance Maturity Model, the UK Security Policy Framework, NCSC principles and other guidance.
The scope of the review included systems, services and staff in ONS and NISRA supporting the Census, the Census supply chain, and physical and digital security. Bridewell also assessed how comprehensive and effective the assurance review itself was in improving the programme’s security. In total, Bridewell shared 21 findings in review which were rapidly addressed before the assessment concluded.
Scott Nicholson, Co-CEO at Bridewell adds: “The Census is vital to informing how organisations and public authorities effectively plan and fund critical services we all require. Whilst completion of the assessment is a legal requirement, members of the public need confidence that the data they provide will be processed fairly and lawfully with adequate protection in place. We’re proud to have played a key role in independently assessing the governance, design, implementation and operation of controls to ensure they are providing an appropriate level of protection.”
The full report from the IIAR can be found below:
Bridewell Consulting is a cyber security services company providing global, 24×7 managed detection and response services and cyber security consultancy.
With extensive experience in delivering large-scale transformational projects in highly regulated environments, Bridewell enables organisations to drive strategic change securely, providing a full breadth of end-to-end cyber security services. Its expert team comprises of a diverse range of highly skilled consultants, supported by industry leading technology, deep technical expertise, accredited methodologies and a client-centric business driven approach.
Bridewell delivers a vast number of services across critical national infrastructure, aviation, financial services, government and oil and gas. The company hold a number of industry accreditations including NCSC, CREST, ASSURE, IASME Consortium, Cyber Essentials Plus, ISO27001, ISO9001 and are PCI DSS QSA Company.