Social Value & Information Security
Managing cyber security risks is a sub-section of tackling economic inequality, another Social Value theme. Yet, it's also significant in its own right: information security is integral to the creation of opportunities, the strengthening of trusted partnerships, and the positive growth of communities.
Understanding tech, mitigating risk, protecting data
While our people are the beating heart of our company, digital technology is our lifeblood, so we take information security seriously.
Granby has invested in building and evolving online technology that doesn’t simply facilitate 3PL / 4PL and our other services – it adds value. Additionally, we’ve made a commitment to invest in training and achieving nationally and internationally recognised accreditations.
These help us continually improve the services and security we offer our clients and partners, as well as setting an example across the supply chain, as a project partner and as an SME.
Snap insights – Granby’s cyber credentials
- ISO 27001:2013 accredited – the international standard for information security, showing Granby’s information security management system is aligned with best practices.
- Cyber Essentials Plus – the government-backed, industry-supported scheme to help organisations protect themselves against common online threats.
- In-house expertise – our developers have created bespoke systems including our fulfilment system SCOPe, which allows us to identify exact system requirements and implement solutions around them (rather than hacking a client’s system to make it fit).
The point of Social Value – Information Security
- Identify, understand and mitigate/manage the risks that might affect a project or contract, including market, sector, industry and country.
- Take measures to mitigate/manage cyber security risks within the supply chain including engaging with the supply chain to identify and build resilience against cyber security risks, as well as actively raise awareness of issues.
- Commit to adopting technical standards and best practice as a basis for appropriate cyber security controls.
Granby as a partner
Our ISO 27001 accreditation and Cyber Essentials Plus certification show the high standards we work to. As credentials, they are challenging and intense to prove and achieve – and offer instant reassurance that we’re on the ball. We use these standards in our processes – ongoing, every day.
- We’re acutely aware of the risks presented through the use of technology, particularly in terms of confidentiality, availability and integrity of data that we process.
- As an ISO27001 certified organisation, we’ve created a risk register and placed mitigations against any risks that we have perceived as posing a threat to the business, the customer or the contract.
- Our risk register is reviewed quarterly to ensure new risks are added, as well as opportunities.
- Our systems are regularly pen tested by a third party and reviewed for robustness through our Cyber Essentials Plus certificate. A pen, or penetration, test is a simulated cyber attack that checks for exploitable vulnerabilities.
Granby’s influence in the supply chain
We’re proud to be a team player, invested in helping our supply chain partners and suppliers thrive.
1. Supporting local business
We make every effort to add value to our local community by identifying partners and suppliers that are local and developing relationships with them, rather than outsourcing to larger national organisations, including IT support and independent cyber security expertise. This supports the Social Value theme of tackling economic inequality, which this infosec theme is a sub-section of.
2. Spreading infosec awareness
We share best practice with our suppliers and the carriers we work with, and also local businesses who want to take their first steps into public sector procurement projects.
One way is to encourage our supply chain partners to adopt the National Cyber Security Centre’s 10 steps to cyber security. Others include:
- Logging and monitoring incidents through system design
- Asset management – knowing your data and systems and what they do/support
- Identity and access – controlling who and what can access your systems and data
As well as taking care of data and confidentiality as part of day-to-day business, our bespoke 3PL / 4PL and promotional marketing technology upholds rigorous standards. For the public sector, where the importance of cyber security is earmarked as a Social Value theme, only the highest standards are acceptable.
1. SCOPe – the best fulfilment platform
SCOPe is our fulfilment platform has three modules:
- OrderSure, our inventory management system
- Warehouse management system (WMS) with enhancements
- Process automation system for fulfilment and reverse logistics
Our leading receipt validation system, SwiftReceipt, uses AI to support promotional marketing activities like rewards & loyalty programmes and sales campaigns. Public sector organisations – including local government – can use SwiftReceipt technology in other ways.
For example, it can be used to place orders within a defined framework, making processes direct and more efficient, ultimately providing value to the general public.
How we measure our impact on economic inequality
In short, we look at the data – qualitative and quantitative – including surveys, audits and HR and Finance data for our suppliers (start-ups, SMEs, VCSEs, mutuals) and our employees. In this way, we can measure our impact on tackling economic inequality using KPIs like:
- Total spend, as a percentage of the overall contract spend.
- The number of contract opportunities awarded.
- The value of contract opportunities awarded in £.
- Number and percentage of companies in the supply chain with a current Cyber Essentials certification.
- Number and percentage of companies in the supply chain to have adopted the National Cyber Security Centre’s 10 ‘steps’.