For Hope After Harm, a charity dedicated to supporting victim survivors and families impacted by justice issues, safeguarding their clients’ sensitive information is paramount. With the help of their Certification Body, RB Consultancy Ltd, Hope After Harm successfully achieved IASME Cyber Assurance Level Two, demonstrating their commitment to cyber resilience and data protection.
We spoke to Bron Jones, who manages the charity’s IT suite, and Remo Belisari (ChCSP) NCSC-assured Cyber Advisor and IASME Cyber Assurance Assessor.
Who is Hope After Harm?
Hope After Harm is a charity dedicated to empowering people to reclaim their futures. From offering trauma-informed care to victim-survivors of sexual violence, to mentoring at-risk young people, supporting families impacted by arrests, and addressing domestic abuse through practical tools like the Bright Sky app, the charity works tirelessly to help people to rebuild their lives. “The work we do is so transformative and ensuring that we safeguard our clients’ data effectively is a top priority for us”, explained Bron.
At its core, Hope After Harm strives to inspire safer, more inclusive communities where everyone has the opportunity to thrive. Their work often involves handling large volumes of sensitive client data, including special category information related to trauma and harm. This responsibility makes robust cyber security measures essential to their operations.
Cyber Security as a Priority
In order for Hope After Harm to bid for Ministry of Justice funding, the entry requirement was Cyber Essentials Plus; an annually renewable certification scheme centred around five technical controls proven to protect any organisation from the most common internet-based cyber security threats.
After receiving the funding, and as a subcontractor in a larger supply chain, at the time, they were also required to meet additional standards. Hope After Harm opted for IASME Cyber Assurance as an accessible and tailored alternative to ISO 27001.
Why IASME Cyber Assurance?
IASME Cyber Assurance provides a comprehensive roadmap to cyber resilience, addressing not just technical controls but also people, processes, incident response, and recovery. The standard offers a two-level certification process: Level One: A verified self-assessment and Level Two: An in-depth audit of your systems. It is designed to align with organisational size, making it a perfect fit for charities like Hope After Harm.
Bron highlights the benefit of achieving Level Two, “Once you’ve put in the effort to achieve Level One, the additional input required for the audit is minimal. It seems a cost-effective way to ensure we stay disciplined and aligned with our goals.”
Remo adds, “I’m a big advocate of IASME Cyber Assurance. It really helps organisations take clear practical steps beyond Cyber Essentials, it covers areas including risk management, UK GDPR, and business continuity. The controls are right-sized, making it accessible, practical and highly effective.”
Challenges and support
Achieving IASME Cyber Assurance wasn’t without its challenges. Budget constraints and time pressures were significant hurdles, as was translating technical requirements into practical actions for the charity’s operations.
This is where Remo’s support proved invaluable, “We went over all the documentation, processes, screenshots, linking it all back to those 14 themes. We were able to do that over the two days allocated for the assessment.”
This partnership ensured that Hope After Harm could navigate the certification process effectively, freeing up Bron’s headspace to focus on broader resilience and continuity planning.
For Hope After Harm, achieving IASME Cyber Assurance has been transformative. It has provided a structured framework for managing cyber risks, safeguarding sensitive data, and demonstrating their commitment to cyber resilience to funders and stakeholders.
Benefits of certification
Remo views the audit as a valuable opportunity for organisations to assess their current position and identify areas for improvement, emphasising that Certification Bodies are there to help. Remo explains that clients can “work with the Assessor to collaborate on the process”.
Bron highlights the importance of the discipline that certification installs, stating, “There’s nothing like having to provide evidence to really focus the mind. It keeps us accountable and ensures we consistently uphold the highest standards of cyber security.”