0121 222 5630

Email Aristi Ltd Follow Aristi Ltd on Facebook Follow Aristi Ltd on Twitter Follow Aristi Ltd on LinkedIn

Our Success Stories.

You are here:

Severn Hospice.

"“I suppose the absolute test will be when the Care Quality Commission (CQC) calls for an audit which they can do at any point. With little or no warning, they can come in and test every element of our business. Understandably, a key focus right now is information handling. Aristi has filled us with confidence that we will fly through the CQC’s security checks. That peace of mind is precious. But putting their professionalism and credibility aside - Aristi also make you painfully aware of how badly things can go wrong and the consequences, if and when, they do. Cost is just one factor. Being a charity, reputation is so important. Aristi has helped minimise our reputational risk. We’re now working with Aristi to continually perfect our systems to keep us one step ahead of cyber attackers.” " Kerry Davies Director of Finance and Information

Kerry Davies, Director of Finance and Information at Severn Hospice, was concerned about how the hospice could best handle its data in a way that it complied with both GDPR and the NHS tool-kit surrounding information governance.

Severn Hospice owns two hospices – in Telford and Newport – and 26 shops across the Midlands.

The Challenge

With the introduction of GDPR came a duty for public authorities or organisations which carry out certain types of processing activities to appoint a data protection officer (DPO).

The DPO must have a certain level of independence from the organisation’s purpose for data collection – the role can be inhouse or outsourced. They must also be an expert in data protection, adequately resourced and report to the highest management level.

“We know several charities have already been fined for breaching GDPR. No matter how noble your cause, no organisation is exempt from GDPR’s jurisdiction,” says Kerry. “We hold large quantities of personal data including that of patients, staff and donors which all need to be protected with a high level of security.

“This troubled us as we hold such a large amount of very different types of data.  We lived in fear of the risk of hacking and, even worse, ransomware demanding payment in Bitcoins.

“Some of the complexities surrounding information governance and how best to appoint an external data protection officer were problems we knew we needed outside support to solve.

“A former colleague of mine had met Harj and the Aristi team at an event and mentioned them to me.

“As we needed someone we could trust implicitly, we undertook an in-depth search:  their website, Google, credit checks etc.  Aristi came across so well in terms of both their offering and their professionalism.”

The Solution
  • A GDPR review to identify any gaps in compliance and develop an improvement plan
  • A Virtual DPO service providing access to GDPR expertise
  • Monthly compliance audits to provide assurance to senior management and identify next priorities
  • A penetration test to identify any security vulnerabilities in Severn Hospice’s IT systems and provide remediation guidance.
  • Cyber Essentials Plus certification to provide assurance to internal and external stakeholders of Severn Hospice’s commitment to good cyber security.
The Outcome

“As soon as we met Aristi, we immediately gelled with them. Their depth of experience was abundantly clear. Everything worked like clockwork.  Their advice was always timely, really valuable, genuine and independent. I felt you could really trust their advice because their professionalism and reputation hangs on how well they protect us.

“Some of the changes we needed were quite worrying,” says Kerry, “But Aristi assured us that many organisations were in the same position but at least we were getting our house in order.  He made it so simple for us – advising us through the whole process, providing continuous support often at short notice.


Please contact Aristi to discuss your requirements. Filling in the form below is the quickest way to get in touch with the relevant person at Aristi.


    Keep up-to-date with insights and info on all areas of Information Assurance, Information Security, Penetration Testing & Data Sharing from the award-winning consultants Aristi.

    Latest Tweets

    A useful reminder of the data protection obilgations on businesses. Key is to understand the risks and apply approp… https://t.co/9Bhsxk89Jf
    Some useful info from the ICO on home working and data security. https://t.co/yWfOWJNxS4
    COVID-19 update https://t.co/wRDHY7IR6Q

    Subscribe to our Newsletter

    Latest Blog Posts

    • Pulse Secure Vulnerability

      By Dave Buckley On 16th of April 2020 the CISA released an alert covering continued exploitation of pulse secure VPN’s post patching. This is an update to the original alert the CISA published back in January 2020 which advised organisations to immediately patch CVE-2019-11510. Pulse secure released patches for this vulnerability in April 2019 (SA44101). […]

      Written on Thursday, 07 May 2020
    • COVID-19 Update

      Aristi has made preparations to protect our operations from disruptions caused by the Coronavirus (COVID-19) outbreak. Our aim as always is to provide an excellent service to our customers, and we will continue to do so through this uncertain time. We will be monitoring the situation closely and following the latest government advice with regards […]

      Written on Tuesday, 14 April 2020
    • Testing as a Service

      Aristi has developed an innovative new cyber security service to give businesses and public sector organisations reassurance that they are doing all they can to defend against hackers. Many organisations conduct annual IT Health Checks to identify security weaknesses in their IT systems. However, a cyber-attack can occur at any time resulting in significant business […]

      Written on Monday, 24 February 2020