top of page

Offploy gains government-standard certification for essential cyber security

If you’d have asked me what TLS, PEN Testing, 2FA and patch updates meant a year ago I would likely have curled up into a ball out of being so overwhelmed by the use of acronyms and something that sounded like quilting techniques.

However, I recognised the need for better use of technology in Offploy to remove the human element and time investment of recurring admin tasks and inputting accurate data. I believe the human element of our service should be elevated to the most important part of what we do, such as how we mentor candidates and how we lead our team. The human element of our service should not be wasted on building reports or sending appointment reminders. This is why we chose to develop a bespoke candidate and commissioner management system which has helped us support three times as many candidates per colleague versus our previous system.

The human element of our service should be elevated to the most important part of what we do

Before we had our system developed we were like too many other organisations handling our sensitive data in password protected excel spreadsheets with codenames for candidates and another sheet with the cypher to get the names. We were forever sharing copies between colleagues, version control would often go out of the window and producing reports for commissioners was a nightmare.

In understanding how our system could be constantly improved I took a keen interest in the security of our data and how we could become the beacon of ‘technology for good’ in the social sector. I honestly believe that all social services can be improved by empowering colleagues with easy-to-use tech giving them more time on their hands to offer exceptional support to the people they are there to help. This interest, which became an obsession, led me down many a dead-end until I came up with a security map of how we will access our systems and manage our data.

Like any good treasure map, some of our data has been cropped at the top as this contains commercially sensitive information, but it still gives you an idea.

In the last few months I have been questioned a couple of times to see if we are Cyber Essentials Plus Certified and after hearing about it from bigger organisations, it seemed like a huge mountain to climb. However, after a quick read of the website I realised that best practice in data and IT management actually meets most of their certification criteria.

Cyber Essentials Certification does not mean your IT is impenetrable; with advances in technology and human error this is an ambition just out of any organisation’s grasp. However, it does mean you’ve got the equivalent of a secure home with the proper locks, double glazed windows (which you lock when you’re not home) and an alarm which, when an attempt is made, will put off most opportunistic thieves who would rather go for an easier target down the road.

You will notice many Government contracts are now requesting organisations have their Cyber Essential approval in time for beginning delivery. You can do the self-assessed version or the certified version which both vary in cost. We chose to go for the certified version as we are keen to hold ourselves to the highest of standards.

We are a small team, yet have invested thousands in the building of our IT

The little security keys that colleagues must plug in to prove their presence, new equipment, and even paying professional organisations to try and break into our system – commonly known as a penetration or PEN testing. Our costs are higher than you’d need to invest to become Cyber Essentials Certified but I urge you to get in touch if your social organisation wants to understand what is needed.

Ensuring the social sector has the right kit, security and candidate management systems has become a passion of mine. Neither a drug rehabilitation charity or a cleaning service that recruits socially excluded people alike should have to worry about poor data management, nor should they have to invest hundreds of wasted hours into replicating case notes and producing reports for commissioners. I truly believe every hour spent away from tasks like this can instead be invested into supporting the individuals we care so much about, and will make for a stronger social sector and a healthier society.

If your social organisation needs any advice on improving their candidate management system or in achieving their Cyber Essentials Certificate, please get in touch.


bottom of page