Often when submitting an application or tender with a 3rd party, Nesta will need to provide a statement ensuring we meet cyber security standards set by the government or other parties. Our standard response to these questions can be found below:
Nesta employs a number of systems, policies, and procures to mitigate risks associated with Cyber Security. All Nesta staff receive regular cyber security training and are obliged to comply with our Information Security and IT Usage Policy. Annual penetration and vulnerability tests are run against Nesta infrastructure, and phishing simulations are sent to staff on a regular basis. Nesta's infrastructure is protected with redundant firewalls, and all data is encrypted while in transit. User endpoint devices are encrypted, and secured with multi-factor authentication. Endpoint Protection software is installed and monitored on all end user devices, and security updates are applied automatically. To ensure compliance with Cyber Security Standards, Nesta holds a Cyber Essentials Certification, which is renewed annually. A copy of this certificate can be provided upon request.
If a more detailed response is needed or more information is required, please submit a service desk request.