Wesley Mission Prepares for ISM Compliance with Content Security
For more than 200 years Wesley Mission has helped people and communities to access the care, support and security they need to face life’s challenges and reach their full potential. With over 120 programs and staff of more than 2,000, Wesley Mission operates across the community services sector to provide support for children, families and the elderly, to those struggling with homelessness, mental health, financial or domestic challenges. This work is also supported by the contribution of 6,500 volunteers who provide more than 100,000 hours of effort each year.
In early 2016, it became clear to Wesley Mission’s Information Services team that changes would be required to ensure the organisation could meet increasingly stringent requirements for information security. A significant volume of personal data is collected and stored during the normal course of operations and ensuring this is being undertaken in a secure way is important.
“We undertook a comprehensive gap analysis of our technology use relating to compliance to identify the areas in which changes were required,” said Peter Mann, Operations Manager for Wesley Information Services. “This provided us with a roadmap to guide our compliance efforts.”
Mr Mann noted that Wesley Mission had a goal of achieving compliance with the Australian Government’s Information Security Manual (ISM) guidelines. These detail all the measures that must be in place to ensure data is gathered and retained in a secure manner.
“To achieve compliance we realised we would need the assistance of an external specialist. We needed a firm that could fast track the assessment of our status and guide us through the necessary steps to reach our goals.”
In late 2016, the Wesley Information Services team met with a number of consulting companies to determine which would be best placed to assist with the compliance process. The team assessed a range of criteria including depth of technical knowledge, prior experience and cultural fit.
“Once the evaluations were complete, it was clear that Content Security would be able to provide us with the guidance and support that we required,” Mr Mann said.
After completing a number of projects to address issues identified in the original gap analysis, the Wesley Information Services team prepared for an interim audit. This involved a thorough review of everything from governance and HR areas to technology and business operations. Security policies were also defined across the entire organisation.
“Content Security worked with us throughout this process and during the interim audit. This was completed successfully in October 2017.”
With the interim audit completed, Wesley Information Services is now working closely with Content Security towards achieving a final audit in April 2019. “We still have a lot of ground to cover, but I am confident we will achieve the full audit next year,” Mr Mann said.
Full compliance will deliver a range of benefits to the organisation. It will allow Wesley Mission to demonstrate to its clients and volunteers that is takes the collection and storage of personal data seriously and has put in place the measures required to achieve this securely.
Compliance will also ensure that Wesley Mission can continue to receive funding from government, which is vital for the ongoing delivery of services and support in New South Wales and beyond.
“Content Security have managed to effectively engage with the needs of Wesley Mission to drive real business value. Their knowledge and expertise has been invaluable and the progress we have made speaks for itself. We look forward to continue working with them in the future.”