This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

Bell Educational Services Ltd

Bell Educational Services Ltd implements data protection privacy framework on advice from IT Governance’s expert consultants

This case study reveals how IT Governance assisted Bell Educational Services to ensure it fully complied with the Data Protection Act. Enter your email address at the bottom of this page if you would like a PDF version of this case study. Call us on +44 (0) 845 070 1750 to discuss your own data protection consultancy requirements.

Bell Educational Services Case Study

Bell Educational Services Ltd contacted IT Governance to obtain advice and project support from our experienced data protection consultants. Bell’s management team wanted to know the exact standing of the organisation’s legal situation, security practices and operating procedures in relation to the Data Protection Act.

Management Systems consultants Ralph O’Brien and Nick Orchiston and qualified DPA auditor Richard Campo from IT Governance enabled the company to achieve its compliance goals and helped the organisation to plan and implement best practice measures to protect confidential data at all points in their system.

Background

For more than 60 years Bell has carried out English language teaching activities around the world as an educational charity, becoming one of the leading providers of language education in Britain. Over the last ten years more than 100,000 students from over 90 countries have studied English with Bell in the UK alone. This sizeable business operation has generated large stores of data, much of which is personally identifiable and confidential.

At the beginning of 2012 the Senior Management Team at Bell decided to review its Data Protection Act compliance and carried out a risk assessment that looked at the threats to confidential data stored within the organisation. To establish what corrective actions would be necessary to address areas of risk, Bell called in a DPA consultant from IT Governance.

Requirements

The main drivers for this compliance project were:

  1. compliance with the UK Data Protection Act 1998;
  2. protection of personal/sensitive information regarding Bell students; and
  3. prevention of data breaches that could lead to loss of reputation.

Gordon Sinclair, the Deputy IT Manager and IT Project Manager, described the project requirements below:

“Bell wanted to take appropriate steps to ensure that confidential data was being handled in accordance with UK law and also that sufficient safeguards were in place to secure that data in line with the risk appetite of our business. Caring for our students includes protecting their personal data, and our reputation in the education and training market was only one of several good reasons for ensuring that we were compliant. This meant that we needed to assess how we handled our data to ensure that we had all the appropriate security controls in place to provide the highest level of protection at all times.

Click here to read more »

Process

Gordon Sinclair explained the process:

“We began with a gap analysis performed by IT Governance’s Ralph O’Brien, who identified where we needed to enhance controls to data handling. The work extended to Ralph’s recommending tougher security measures and helping us to migrate our manual systems to electronic data handling.

One of the key challenges that we found when attempting to implement privacy compliance was that of trying to establish a set of meaningful guidelines or a recognised standard against which to work. Standards are an increasingly important requirement in governance frameworks: we need a standards-based approach to understand what needs to be achieved; to set common governance goals across and between organisations; to understand whether the responsible managers are competent to implement those controls; and to audit whether those controls have been properly established and maintained. On the advice provided to us by IT Governance we decided to align our privacy framework at Bell against BS10012 – Data Protection – Specification for a personal information management system (PIMS).

Click here to read more »

Outcome

Gordon Sinclair summarised the outcome of the project like that:

“Before completing this phase of our DPA compliance project, we wanted a thorough external audit of our information security and data protection processes and documented procedures. We invited IT Governance to conduct this and Richard Campo carried out the work. Richard proved to be a highly effective auditor and his guidance on our implementation of data protection processes was enlightening. Not surprisingly, he had a high level of awareness about the requirements of the DPA and how the processes that we were operating could be beefed up to further strengthen our stance. The results of this audit performed in 2013 satisfied our Risk Committee that, as an organisation and in terms of the commitment of our individual staff members, we had performed due diligence and that we were fully compliant in terms of UK law. As you can imagine, since we are a respected educational establishment that is among the best in the world, we mark our own efforts strictly so I have a high level of confidence in the outcomes.

For me, the interesting by-product of greater efficiency was a particular plus point in this project. The move from more traditional processes that were admin-heavy to an IT-based system throughout has been especially satisfying, proving the value of IT investment. We now have the ability to get into the system from anywhere in the world, securely and on demand. Uncontrolled work has been removed. I would point out to any IT manager tasked with protecting data that IT Governance helped us achieve this through a process-based review. DPA compliance is not just about meeting a regulatory requirement; it can be turned into an opportunity to improve systems and workflows to the extent that it puts control of information back into the hands of IT for the benefit of the enterprise. Our DPA project was not a cost centre: it helped us to grow our business and continues to do so now”.

Download this case study now

To get a PDF version of this case study enter your email address below and we will send you a copy straight away.

IT Governance has broad and deep experience in all aspects of data protection, privacy and the protection of personally identifiable information (PII). Just as we have helped Bell to achieve DPA compliance on time and within budget, so we can help you, whatever your need. Call us now on 0845 070 1750 and experience our service for yourself.