The Scottish Housing Regulator has achieved Cyber Essentials Plus certification for its business intelligence system for the second year.
Cyber Essentials Plus is designed to help organisations guard against cyber-attack and demonstrate their commitment to cyber security. The certification shows that an organisation meets cyber security requirements under five technical control themes:
• Firewalls
• Secure configuration
• User access control
• Malware protection
• Patch management
Robert Laley, the Regulator’s Business Intelligence Manager, said:
“Cyber-crime is a serious risk facing any business today. This independent accreditation gives us greater assurance that our systems are robust and that we have adequate control measures in place to prevent, and react quickly to cyber threats to protect the information we hold.”
The Regulator wrote to social landlords about cyber security last month after incidents of cyber-fraud in a small number of RSLs. In its letter, the Regulator shared advice and guidance from the National Cyber Security Centre and underlined the need for social landlords to ensure they protect tenant information.
Notes to editors
- The Scottish Housing Regulator was established on 1 April 2011 under the Housing (Scotland) Act 2010. Its objective is to safeguard and promote the interests of tenants and others who use local authority and RSL housing services. The Regulator operates independently of Scottish Ministers and is accountable directly to the Scottish Parliament. It assumed its full regulatory responsibilities on 1 April 2012. The Regulator consists of the Chair and eight Board members. More information about the Regulator can be found on its website at http://www.housingregulator.gov.scot
- SHR sets out how it regulates social landlords in its published framework – Regulation of Social Housing in Scotland.
- The Regulator’s letters to registered social landlords and local authorities cover tenant and resident safety and cyber security. https://www.housingregulator.gov.scot/for-landlords/advisory-guidance/recommended-practice