Infosecurity that’s grounded in practical experience

Alexandra Rose Charity, Mind Of My Own, Norfolk Community Arts

Information Security, Data Protection, Charity Sector

A graphic of a mobile phone displaying the Digital Candle, Alexandra Rose Charity, Mind Of My Own and Norfolk Community Arts logos

Human-centered support with information security governance, policy documentation and process implementation

At Neontribe, we are passionate about helping organisations with a social purpose to help the people who need it most. Those people are often from vulnerable groups, and so we have had to develop real expertise in information security and information management.

We want even the smallest teams to achieve and maintain high standards of information security. It’s important for everyone, and it’s critical for folk working in the charity sector. What we believe makes us different is that we have a proven history of actually implementing digital services that are secure-by-design. We’re happy to offer a free initial chat about what this means to any charity.

Result

We’ve developed digital services in ways that can be certified to ISO 27001, and helped others do the same, so that they can show their development processes are fit for purpose. We’ve helped small organisations fulfill the requirements of data protection regulations, so that they can take proper care of the data in their control.

We’ve taught the basics of information security, so that any stakeholder can be aware of their responsibilities

What we did

With Mind of My Own, we took on the challenge of helping a small team of just three people achieve ISO 27001:2013 certification starting from scratch. We made this framework manageable and effective for them, and with our assistance they were successful in 2016. Our support didn't stop there; we helped them by handling security questionnaires and requirements of their institutional clients and coaching them to obtain Cyber Essentials and Cyber Essentials Plus accreditations. We provided them with penetration testing and a clear role for security review and testing in their development process. Importantly, we delivered crucial education on the importance of information security to everyone in their organisation, so that it’s embedded in their work.

In January 2023, we joined the dxw family. In April 2024, we celebrated a significant milestone with the, helping develop their ISO 27001:2013 practises to achieve ISO 27001:2022 certification. This achievement reflects their ongoing dedication to maintaining the highest standards of information security.

For music charity Norca, we designed a streamlined, team-based method for running Data Protection Impact Assessments (DPIA). This easy-to-implement approach has significantly improved their data protection processes, making compliance simpler and more effective. Importantly, it makes this intimidating component of good governance understandable to people unfamiliar with its technicalities. Our approach there is readily transferable to other small charities

Our collaboration with food poverty charity Alexandra Rose Charity involved similar efforts, where we evolved our user-friendly DPIA methodology. Additionally, we offered comprehensive infosec awareness training and helped them ensure their digital service’s compliance to GDPR, showcasing our ability to help small organisations handle complex regulatory frameworks. This learning was subsequently integrated into the development practices for software that supports their mission, reducing the threat of sensitive data exposure.

We’re also part of the Digital Candle network, where we share our expertise in threat analysis and mitigation strategies. We’ve advised on threat assessments and provided actionable recommendations to enhance the security posture of the organisations who’ve taken advantage of the free hour of conversation that Digital Candle offers charities.