The Northern Ireland Court Service was established in 1979 by the Judicature (Northern Ireland) Act 1978. Providing support to the administration of justice in Northern Ireland it employs over 700 staff across court venues throughout Northern Ireland, and at its Headquarters buildings located in Belfast city centre.
Effective Information Security and continuity of service operation is important to the operation of any organisation’s business. This is brought into even sharper focus when consideration is made of the type and sensitivity of information that NI Court Service is responsible for.
As a result, the organisation made a firm commitment to achieving appropriate, consistent and cost-effective levels of security across business operations through the adoption of ISO27001.
In support of this, effort was concentrated in the following areas:
- Policy;
- Risk Assessment and Management;
- IT Healthchecks;
- Staff Awareness;
- Business Continuity;
- Compliance with legislation.
We are very proud to have been engaged by Court Service as their strategic partner for ICT security assurance. This role essentially means that we have responsibility for ensuring all Court Service ICT operations are carried out in a secure manner. The importance of this role is increased because all ICT service provision has been outsourced to a third party service provider.
Our work for Court Service has been very extensive over the last two years and has included the following:
- Production of RMADS for all protectively marked systems in accordance with HMG baseline standards;
- Technical vulnerability analysis of the corporate network to CHECK standards;
- IT contingency planning and testing guidance;
- Training of staff across Northern Ireland in BCP, Crisis Management and Disaster Recovery;
- Data Protection and Freedom of Information strategy development;
- Provided security input to major initiatives such as ICOS (a system designed to integrate all levels of court operations) and Causeway (a sensitive data sharing mechanism joining up all criminal justice partners in Northern Ireland)
ISO27001 Certification
Our greatest achievement for Court Service has been to lead them through an ISO27001 certification process. This was an intensive assignment involving the undertaking of a range of risk assessments using a tailored adoption of CRAMM . We produced all of the mandatory documentation required for certification including ISMS scoping documents, risk treatments plans and a statement of applicability. Our work resulted in a 2 week audit carried out by BSI and following this, Court Service achieved ISO27001 certification for all operations in Northern Ireland. This is quite unique in central government, as those organisations that have achieved certification have generally done so in narrowly defined business areas. At the time of certification, this was recognised as the largest ISO27001 certification in IK central government.
Business Continuity Planning
Complementary to our ISO27001 work we also managed a BCP project with the objective of creating business continuity plans for all of Court Service’s business areas. This work involved carrying out business impact analysis across the service to identify recovery time objectives. Plans were drafted with business managers, leading to an intensive round of rehearsals. All staff involved in the rehearsal were provided with appropriate training before they embarked upon plan rehearsals built around a range of service disruption scenarios devised by our consultants.
The BSI auditors involved in the ISO27001 certification exercise commented that this was the ‘best implementation of a Business Continuity solution in support of ISO27001 that they had ever seen‘.
The Court Servcie IS Manager said of our work: “Evolve helped us to clearly identify our objectives and obligations in relation to Information Security. They then went on to break the required tasks in the process into separate and easily manageable modules, each with its own defined objective, which was directly linked to our overall objective of achieving ISO27001 certification. The support that Evolve provided was straightforward, highly professional and extremely well communicated.”