Background
The culturally significant infrastructure project attracted interest from around the world due to its location, running through a UNESCO World Heritage Site. To maximise information security for the plans for a two-mile-long tunnel, Insight ensured that National Highways’ sensitive data and systems for this specific scheme were protected against cyber attacks under ISO 27001.
Challenge
National Highways needed to maintain operational integrity and public trust in a globally significant infrastructure project.
The project’s complexity, involving numerous stakeholders and long history, as well as its location in a highly sensitive and culturally important WorldHeritage Site, demanded a robust security framework.
However, securing the widely recognised gold standard for information security, ISO 27001, presented a major obstacle. The A303 Project itself was unable to obtain ISO 27001 certification because it was not a registered organisation. Since it was not listed in the Company Register in the UK as a legal business entity with the necessary documentation, it did not meet the criteria for ISO certification.
“Securing the A303 Stonehenge project presented a unique challenge, as itcouldn’t be certified under the standard ISO 27001 framework. Our sharedinnovative approach, certifying MindCraft as the responsible party, was key toovercoming this. This not only protected this nationally significant project but alsoset a precedent for securing similar infrastructure developments.”
Angus Walker, Managing Director, MindCraft
“This certification was critical to our project and helping us make sure weput data security at the heart of our approach. We were delighted thatInsight and MindCraft managed to navigate all the hurdles and ensure webecame the first roads project to achieve the certification in this way.”
David Bullock, Project Director, National Highways
Solution
Recognising the critical importance of information security forthe A303 Stonehenge project, National Highways sought to achieve ISO 27001 certification.
Using its extensive cybersecurity expertise and knowledge of ISO accreditations, Insight explored how ISO 27001 could be delivered, despite the auditing body only issuing the certification to legal entities as opposed to individual projects.
As a result, Insight focused on enabling MindCraft to be the certified body, as the consultancy providing all the digital services to the A303 Stonehenge project. This approach, accepted by the auditing body, enabled the project to indirectly prove its commitment to robust cybersecurity.
This collaborative effort resulted in MindCraft achieving ISO 27001 certification, on behalf of National Highways, effectively securing all data and systems used by the parties involved in the infrastructure project. This not only minimised cybersecurity risks for this important project but also set a precedent for other projects facing similar challenges.
The implementation was rigorous and included a gap analysis to identify areas for improvement, developing and updating essential security policies, and implementing a range of technological,organisational, and physical security controls. Rigorous testing and internal audits were also conducted to ensure everything met therequired standards.
Why Insight?
National Highways chose Insight for this critical project due to its proven expertise in cybersecurity, strong track record in the public sector, and being able to demonstrate a deep understanding of the unique needs and challenges of government agencies. Insight’sability to deliver through the HTE ComIT (HealthTrust Europe ICT Solutions 3) framework ensured a streamlined and compliant procurement process.
Insight’s knowledge ISO 27001, coupled with their ability to navigate complex certification processes, was essential to the project’ssuccess. The result was a bespoke solution tailored to the unique needs of the A303 Stonehenge project, mitigating risks and ensuring robust cybersecurity for this nationally significant infrastructure.
