Working with BHSF to Secure Better Data Protection and Compliance Among Suppliers
As an organisation with a diverse supply chain, BHSF needed to tighten up data security and reduce supplier risk. Optimising IT was brought in to restructure their supplier review process, identify potential data security risks and make recommendations to promote better regulatory compliance.
The Organisation: BHSF
BHSF is a market-leading not-for-profit organisation that seeks to impact workplace wellbeing positively. Founded in 1873, BHSF has spent over a century developing industry-leading health and wellbeing products and services. Their ultimate goal is to provide innovative ways for employers to help care for their employees.
When BHSF approached Optimising IT, they were looking for assistance with key aspects of their already robust Information Security strategy. Our focus was on delivering security reviews across their supply chain.
The Challenge Faced by BHSF
With a new CIO (Chief Information Officer) joining BHSF focusing on information security, the non-profit organisation was looking to implement changes to its data protection policy and activities to shore up processes in line with ever-changing regulations and legislation.
Considering the nature of the data held by BHSF, the CIO turned to Optimising IT — a trusted and award-winning managed IT service provider — to design and carry out a comprehensive supplier review, seamlessly aligned with the requirements of the BHSF Information Security Management System.
The Results: What Did We Do?
Going into this project, we knew the importance of a strong cyber security review and how much value we could offer BHSF in terms of data safety and regulation compliance.
According to the Allianz 2021 Risk Barometer, one of the greatest threats to global organisations is cyber security incidents. They identified cyber security breaches as having the same potential for harm to organisations as the COVID-19 pandemic.
Working closely with the Chief Information Officer (CIO) and supplier management team, Optimising IT provided and continues to provide supplier review consultancy and advice. We also have a retained consultancy service to assist BHSF with crucial elements of their Information Security Management System as the organisation grows and changes.
Through our flourishing strategic partnership, we have:
- Reviewed the information security of over 20 key suppliers across IT, insurance, healthcare and employee benefits
- Identified that of these suppliers, many required improvements to their security approach before continuing work with BHSF
- Developed clear and detailed reports providing high-level executive summaries on each review item, including key recommendations, to help stakeholders and management teams make decisions about supply chain engagement.
The Approach: How Did We Do It?
With multiple suppliers to manage and monitor — from employee benefits providers and outsourced IT partners to clinical delivery services — BHSF must be careful that its supply chain does not fall prey to risk management concerns and non-compliance. Such a broad remit of suppliers — many of whom handle sensitive data, including medical information — presents plenty of opportunity for data security vulnerability.
Internally, BHSF already had a strong risk management approach with an ethical basis and wanted to conduct a thorough review process to understand levels of risk within their supply chain.
Our approach was to work with the supply base to make improvements that reduced risk for BHSF and the suppliers. We did this through reporting and detailed summaries.
The report output we produced for BHSF is highly detailed. We reviewed each supplier based on current industry best practices, considering relevant GDPR legislation, supplier size and duties as data handlers. Crucially, the reports also provide a high-level executive summary, including a conclusion of findings, and details on each review item within the report, why the area is relevant to BHSF and key recommended actions for improvement.
BHSF has also used the same reporting as part of their due diligence process for new suppliers and, at times, have ruled out suppliers based on the review results.
Highlights and Key Benefits for Bruton Knowles
Optimising IT continues to offer lasting value to the BHSF security process and data compliance activities. The key benefits of our work together include:
- Creating a bespoke review framework tailored to BHSF requirements and including current industry best practice
- Developing highly detailed supplier review reports, including recommended actions in context to the supplier and services
- Delivering all activities through our highly skilled CISSP and ISO27001 Lead Auditor consultants
- Ongoing retained Consultancy as part of our Virtual Information Security Management service