Developer of Innovative App, Apputee Achieves Cyber Essentials Plus Certification through the Funded Programme
In this case study, we explore how Lydia Carrick, founder of micro start-up, Apputee, with the guidance of Cyber Advisor, Remo Belisari, successfully obtained Cyber Essentials Plus certification through the National Cyber Security Centre’s Funded Programme.
It’s important to understand the scope of the Cyber Essentials and Cyber Essentials Plus certifications that Apputee achieved. These certifications focus on the organisation’s underlying IT infrastructure and its ability to defend against common cyber threats by implementing key security controls. While the certifications ensure that Apputee’s systems meet best-practice standards, they do not assess or certify the security of specific software applications, such as the Apputee App itself.
The story behind the Apputee App
After witnessing her father’s struggle following a motorcycle accident, Lydia embarked on a mission to create a transformative resource for amputees. “When we were going through the process of helping my Dad with his amputation, we just found that there weren’t enough tools and support,” Lydia explained. “We wanted to build something that gives the services and assistance that amputees need.
The Apputee App, set to launch this summer, offers amputees a comprehensive guide for recovery, connecting them to vital resources, specialised exercises, mindfulness techniques, and helpful tips for life post-amputation. It also incorporates AI to suggest the right resources at the right time, making it a comprehensive “amputee recovery in your pocket.”
“Amputation is a life changing event, and recovery can be scary, uncomfortable and overwhelming.” explains Lydia, “But, with access to expert resources and a community of like-minded people supporting you along the journey, recovery becomes faster and less stressful.”
Lydia tells us more about the development of the app, “We follow every advancement in amputee-related medical and technology fields to create an app that best serves the community. We also look to highlight the best in the community, from athletes to artists, inventors to interesting people. However, as an organisation that deals with the sensitive information of a healthcare app, it is clear that cyber security has to be a top priority.”
Building cyber security from the word go
Lydia’s background is in marketing, and while she had experience building websites, she admits, “I am certainly no tech genius.” Recognising the importance of cyber security for her start up business, she sought a solution that would not only protect sensitive data but also provide her with a foundational understanding of cyber security principles.
“When I looked into cyber security, I heard a lot of people saying that for a small business, Cyber Essentials was 100% where we should be starting and is a great certificate to have to prove that we’re serious about security.” said Lydia. While browsing the IASME website, she discovered the Funded Cyber Essentials Programme which at the time was targeting healthcare businesses that incorporate AI. She immediately applied and was excited to get a place.
The Funded Cyber Essentials Programme is a UK government scheme that was open to small organisations from specific sectors in the UK. The programme covered the cost of certification, as well as the fees for a Cyber Advisor to help them achieve Cyber Essentials Plus.
Cyber Advisor is the National Cyber Security Centre’s Industry Assurance scheme that aims to provide small and medium sized organisations with reliable and cost-effective cyber security advice and practical support.
Through IASME, Lydia was introduced to Remo Belisari, from RB Consultancy Ltd, a Cyber Advisor who would guide her through the certification process. “Remo has been phenomenal throughout, and I cannot thank him enough,” Lydia said.
Understanding the basics
The journey began with education. “It can be quite daunting to see all the Cyber Essentials assessment questions,” Remo admitted. “To make the process manageable, I focus on breaking it down into smaller, understandable steps. We talked about where Lydia was with the company and discussed what the requirements are all about— and why are they important” Remo explained. Together, they conducted a gap analysis, identifying areas where Lydia’s business was already compliant and areas that needed improvement.
“Remo has been able to talk it all through in a language that I can understand and get my head around,” Lydia said. “He would take one point at a time, go through all the documentation, translate anything I was struggling with, and be incredibly patient.”
Building a Strong Foundation
Once the gaps were identified, Lydia and Remo worked on creating an asset register. “This filled in quite a few of the missing bits and gave some structure to what we needed to do,” Remo explained.
Lydia appreciated the thoroughness of the process. “I think that was probably one of the best things about working with Remo. It was not about putting answers on a sheet or ticking boxes—it was about truly considering what was needed and checking whether it had been done correctly.”
With the foundational work complete, Lydia was ready to submit her Cyber Essentials assessment. “I wanted her to have confidence that everything she put down on her assessment was understood and correct,” Remo said. This milestone marked a significant achievement for Lydia.
After achieving Cyber Essentials, Lydia and Remo immediately began working on Cyber Essentials Plus, which involved a vulnerability scan. “We needed to get quite technical, understand the vulnerabilities, the risks, and how to fix them,” Remo explained.
Lydia acknowledged the challenges of this phase, particularly as someone with ADHD. “I find big projects very difficult, especially regarding maintaining the momentum to get to the end,” she said. However, with Remo’s guidance, the process was efficient and successful.
Empowerment through cyber security
Achieving Cyber Essentials Plus certification has not only secured the business, Apputee, but also empowered Lydia with a deeper understanding of cyber security. “I feel more comfortable with cyber security, which I think is the point of Cyber Essentials, isn’t it? You feel more comfortable with cyber and then you are ready for the next challenge.
In the future, I aspire to expand the Apputee App internationally, with the goal of making it accessible in disaster and war zones where individuals may face sudden amputations. My hope is that the Apputee App can provide vital support to help people navigate these life-changing events, no matter where they are in the world.
For anyone starting up a business, I strongly recommend prioritising cyber security from the outset. Explore Cyber Essentials certification and integrate the requirements into your startup’s foundation from the very beginning—it’s an invaluable step toward building a secure and trustworthy organisation.”
Cyber Essentials is an annually renewable certification scheme consisting of five controls that will protect any organisation from the majority of common internet-based cyber attacks.
Cyber Essentials Plus is based on the same five technical controls as Cyber Essentials but also includes a technical audit of the IT systems to verify that the controls are in place.