Bromford.

"The key considerations for our team were all about the organisation, their approach and their business philosophy. We all know penetration testers can provide a level of service that discovers the vulnerabilities within an organisation, but what we wanted from our partners was something more than just a penetration testing service. We needed a partner who would go the extra mile to provide a personalised service, who could provide broader support in all areas of security and we wanted a very “hands on” approach to this level of service. More importantly to us here at Bromford is our DNA. It is what makes us different and drives us to deliver brilliant service to our customers at every opportunity. Aristi’s core values closely aligned to our DNA and we’re looking forward to building a close working relationship with them over the next three years. " Wayne Pownall Information Security Lead

Bromford is one of the biggest housing associations in the country, with 44,000 homes and plans to build a further 12,000 new homes by 2028. They believe in providing safe, secure and warm homes for people who can’t access market housing. But ultimately they are a people business, committed to building relationships with their 100,000 customers to enable them to thrive.

Bromford has well-established risk management processes and control frameworks, which guide and support how they work, behave and the decisions they make. Security plays a pivotal role in Bromford’s culture and the need to protect customer data is integral to its IT strategy. To meet Bromford’s security goals, the housing association were looking to secure the services of a cyber security provider for regular penetration testing of its computer infrastructure, specific projects as they were delivered and ad-hoc testing of their suppliers and partners.
One of the key requirements was that the provider had to align with Bromford’s DNA and become a trusted partner to the business to help reduce cyber exposure and implement industry good practice.

Aristi were awarded a three-year contract to act as a cyber security partner for Bromford to provide penetration testing and information security services including:

• Annual and ad-hoc IT Health Checks of Bromford’s network boundary infrastructure, websites and web applications, LAN, WAN and WLAN networks plus VPN technologies and cloud platforms
• Cyber resilience support for business continuity which provides a review of Bromford’s business continuity processes and documentation to ensure they can continue to operate in the event of a cyber-attack, IT failure or staff loss due to the pandemic.
• GDPR support to identify any gaps in compliance and develop an improvement plan.
• Ongoing information security and assurance guidance and support to meet Bromford’s security targets and external certifications.

Soon after the initial project kick off meetings, the country went into lockdown due to COVID-19. To minimise the disruption to Bromford and meet the requirements of the government’s social distance guidance, we developed a secure remote testing facility to allow us to test Bromford’s internal and external IT infrastructure remotely.

A detailed report was delivered identifying security vulnerabilities that needed addressing with recommendations and a remediation action plan. This has provided Bromford with a valuable security baseline to build upon.