assure, secure, advise

cantref housing association

About
Cantref Housing Association came into existence in 1981 and manages and maintains over 1,300 properties with the main headquarters in Newcastle Emlyn and a smaller office in Aberystwyth.

Challenge
Good Information management is now seen as an essential component of running a forward thinking organisation. The impact of legislation such as the Data Protection Act 1998, combined with developments in technology and communication, means that all organisations need to manage their information in a formal manner particularly when it may be of a sensitive nature such as tenant information.

The Association has recognised the need to proactively manage information, from tenant records through to shared registers and has consequently focused on both data protection and information security as specific projects.

The introduction of the Data Protection Act 1998 in March 2000 impacted on all organisations processing personal data. Risks of non-compliance including criminal prosecution with a maximum of £5,000 fine per offence (or unlimited in higher court), personal liability for a ‘director, manager, secretary or similar officer’ and the risk of embarrassment seriously damaging the reputation of an organisation have been major drivers for good approaches to governance.

The act prompted Cantref to assess its compliance, particularly due to its considerable interaction with the public and tenants, with good management of personal data viewed as a high business priority. Staff data is also considered with the same high level of care.

Solution
NCC Group was asked to conduct a DPA 1998 review which included considering the supporting processes, level of awareness, documentation, and technical and organisational measures designed to ensure security of personal data.

The Association was shown to have a proactive approach to Data Protection and there were many good examples of processes in place to work towards compliance. Working closely with the Manager of the Information and Communication Systems Department and the Senior Management team, NCC Group produced documentation to reinforce the processes within the association and enable it to maintain good compliance with the act.

A separate project on Information Security in line with ISO 27001, the international standard for information security management has also been undertaken in recognition that Cantref, like many housing associations, is increasingly involved in partnerships from shared registers through to repairs and work with support providers, sometimes in different sectors. Working towards this standard will benefit the Association greatly in demonstrating the importance of information security to potential partners or suppliers and reassuring all individuals that this important area is taken seriously.

Results
NCC Group provided expertise to enable the Association to work towards certification covering documentation, risk assessment and implementation of controls. It is impressive to note that whilst the Association may be considered comparatively small, the processes being implemented are of a very high level and the standard is internationally recognised.

By acknowledging that information management is a key business issue, the Association has reacted proactively to ensure it will be well prepared for managing information requests and the ongoing management and security of personal information in the future, providing it with an excellent platform for future changes in legislation or technology or simply demonstrating that this is an important business area.

=========================================================

NCC Group is a leading global provider of independent IT assurance, security and consultancy services. As a trusted advisor, we help over 15,000 public, private and not for profit sector organisations, including 92 of the FTSE 100, to make the most efficient use of information and technology and to manage the associated risks.

 

Challenge


The impact of legislation such as the Data Protection Act 1998, combined with developments in technology and communication, means that all organisations need to manage their information in a formal manner particularly when it may be of a sensitive nature such as tenant information

The act prompted Cantref to assess its compliance, particularly due to its considerable interaction with the public and tenants, with good management of personal data viewed as a high business priority

Solution


NCC Group conducted a DPA 1998 review which included considering the supporting processes, level of awareness, documentation, and technical and organisational measures designed to ensure security of personal data

Result


NCC Group provided expertise to enable the Association to work towards certification covering documentation, risk assessment and implementation of controls

By acknowledging that information management is a key business issue, the Association has reacted proactively to ensure it will be well prepared for managing information requests and the ongoing management and security of personal information in the future

top of page

Website © Copyright 2006-2008 NCC Services Ltd - all rights reserved

NCC Group - Software Escrow Services, Verification Testing, Assurance Testing, Penetration Testing, & Consultancy