Age UK Croydon

Case Study
The Organisation

Age UK Croydon is a well-established charity dedicated to supporting older people across the borough of Croydon. Through a wide range of services, including health and wellbeing programmes, information and advice, and community engagement, the organisation empowers older residents to live independently and with dignity.

The Challenge

As part of their ongoing commitment to data protection and cyber security, Age UK Croydon required a renewal of their Cyber Essentials certification. This process involved a comprehensive review of their IT infrastructure, device compliance, and security policies. The challenge lay in ensuring that all systems, including mobile devices and third-party services, met the stringent requirements of the Cyber Essentials framework. With a mix of managed and BYOD devices, legacy hardware, and multiple cloud services in use, the organisation needed a structured and thorough approach to identify and remediate any non-compliant elements before submission.

Our Approach

We began by conducting a full pre-assessment audit to prepare for the Cyber Essentials renewal. This included exporting all devices from ScreenConnect to identify unsupported or out-of-date systems and checking for any devices not enrolled in Intune. We reviewed the mobile device inventory to ensure all were up to date and contacted the client where updates were required.
We documented the firewall and router models in use, verified firmware updates, and ensured none were end-of-life. Antivirus coverage was assessed, with individual tickets raised for any devices needing updates. Port forwarding configurations were reviewed, and unused ports were flagged for removal. We confirmed that remote access to routers and firewalls was WAN-locked and conducted spot checks on local admin rights, logging tickets to remove unnecessary access.
Autorun settings were reviewed across Group Policy, Intune, and standalone machines to ensure central management. A sample software audit was performed to identify unsupported applications. We also confirmed the primary update method and device management approach.
MFA status was checked across core services including Microsoft 365, Google Workspace, Slack, and CharityLog. Where MFA was not enabled, we advised the client on the necessary steps. Any issues that could incur additional charges, such as end-of-life routers or unsupported software, were flagged to the account manager. Once all remediations were complete, we scheduled a meeting with the client, submitted the Cyber Essentials application via the CyberTec portal, and ensured the client confirmed submission and received their certification.

The Results

Age UK Croydon successfully renewed their Cyber Essentials certification with minimal disruption to their operations. The pre-assessment process allowed for early identification and resolution of compliance issues, ensuring a smooth application process. The organisation now benefits from enhanced cyber security posture, improved visibility over device compliance, and strengthened protection across all cloud services. Staff were better informed about security protocols, and the IT environment is now more resilient against cyber threats. The certification reinforces the organisation’s commitment to safeguarding sensitive data and maintaining trust with service users and partners.

Key Outcomes