Why Bridewell?
Over the course of our business relationships, we remain in close conversation with our clients in order to deliver consistently high-quality solutions.
It is not by accident that our customers stay with us for the long term. They know that our capabilities make them look good and will frequently exceed their expectations.
170+ Security Specialists
Our highly-skilled team have diverse experience across all disciplines and sectors
Highly Accredited
Including NCSC, CREST, ASSURE, IASME Consortium, Cyber Essentials Plus, ISO27001, ISO9001 and a PCI DSS QSA company
Strategic Insight and Technical Expertise
Born from cyber security consulting, we combine transformative cyber security with technical support. We protect and detect, but we also have the contextual expertise in consulting
An Extension of Your Team
By working with you, not for you, means you can trust us to do the job, seamlessly, as if we were part of your own in-house team
Agile and Responsive Delivery
Agile by design, we use automation and integration to drive real value and deliver efficiencies where possible
Flexible Commercial Models
We don’t operate on a time and materials basis. We offer clients flexible agreements that allow change based upon business needs
Trusted By Microsoft
Part of the Microsoft Intelligent Security Association, with Cloud Security and Threat Protection advanced specialisations, recognised as a leading worldwide security partner by CEO Satya Nadella at Microsoft Inspire
Dedicated to Cyber Security
Uniquely focused on cyber security, we offer unparalleled scale, capability and breadth of expertise to ensure cyber security is an enabler of transformation
Developing Cyber Skills for the Future
A partner of the NCSC and University of South Wales, we offer apprenticeships, internships and support to UK schools, colleges and universities to develop cyber talent
Cyber Security for the Wider Good
We actively share intelligence, learning and knowledge with industry and the wider community to build a more resilient and prosperous digital economy
Committed to Sustainability
A carbon negative business, we are focused on reducing our footprint across all aspects of our business and plant 12 trees for every new member of our growing team
Award-Winning
Named Cyber Business of the Year at the 2021 National Cyber Awards and and Tech Company of the Year at the Thames Valley Growth Awards 2021
24/7 MDR & Security Operations Centre
We always have your back, no matter what time or day and are trusted to protect some of the UK’s most critical national infrastructure
What Our Clients Say
HESA Drive Digital Transformation with Bridewell’s DPO as a Service
The Challenge
As a leading HE data source and one of the largest processors of data in the UK, HESA handles ‘special category’ (highly sensitive) data for over 30 million people across England, Wales, Scotland and Northern Ireland. To ensure that this data was handled securely and in compliance with all relevant regulations, HESA needed a highly qualified and driven DPO with the skills to both manage their data privacy function and support a major transformation project. For HESA, data is a core part of every aspect of their business and ensuring the right practices are in place is essential to their operations.
The challenge for HESA was finding a suitably qualified DPO to occupy the role at an appropriate cost and within a reasonable timeframe. As with many cyber security roles, data privacy experts are in high demand and there were few candidates with the right expertise and experience to match HESA’s requirements.
"We didn’t just want our DPO to come into HESA to run the data privacy team and maintain business as usual. We needed someone who could add strategic value to our processes and the major projects that are key to our current operations and future ambitions."
Louise Morrison, General Counsel, HESA
Given the size and scope of their organisation, data protection teams and architecture, HESA recognised the importance of finding the right person for the role and concluded that using a service provider to find a suitable DPO was a good option. Rather than undergoing a timely and expensive recruitment process, outsourcing to Bridewell assured them of a highly certified data privacy expert to lead their data protection team.
The Solution
In parallel to seeking a DPO, HESA were already engaged with Bridewell in an implementation project. Given the success of the infosec project and their strong relationship with the Bridewell consultant running it, HESA decided to bring them into the business as their named DPO.
"Bridewell was our first choice for a DPO. I had only been working with [our Bridewell Consultant] for a few weeks but, given the quality of their work, it was clear that the standard they provided matched if not exceeded our requirements."
Louise Morrison, General Counsel, HESA
One of the first projects to support was a heavily technology-based business transformation, ‘Data Futures’, which was designed to wholly upgrade HESA’s existing infrastructure. The goal was to build a new technology platform within AWS that was fit for the digital age and would drive efficiencies in the higher education sector. Embedding data protection controls whilst maintaining a streamlined and agile programme of work was essential, given the scale and value of the project.
HESA’s named DPO supported across the entire programme, implementing a governance structure, offering complex technical advice in real-time throughout development, and ensuring that data protection was embedded by design. This was further supported by penetration tests from Bridewell’s offensive security team to ensure the integrity of the new platform.
Further to the Data Futures project, HESA also required their named DPO to support in a merger transaction with Jisc. In this capacity, they performed all required data protection workstreams in connection with the merger. Thinking ahead, a roadmap was created by
our DPO support to determine how the two separate data protection teams from each of the merger partners could be most effectively integrated after completion.
"Chris, our named DPO, has been a trusted senior partner throughout the merger."
Louise Morrison, General Counsel, HESAThe Results
With Bridewell’s DPO as a Service, HESA were able to rapidly bring significant data privacy expertise and experience into their organisation. With a Bridewell consultant as their named DPO, they have a highly qualified, reliable data privacy expert who singlehandedly advises the business and works with them to solve their challenges. Regularly communicating with and providing recommendations to key internal and external stakeholders, they have performed a fundamental role in major projects essential to HESA’s operations.
Leading their data privacy team, their named DPO has written the entire data privacy compliance program and provided substantial support in improving multiple data workstreams.
"With Bridewell as our named DPO, we’ve been able to hand over full responsibility to our consultant. It’s an end-to-end service and we trust in their expertise and understanding of our business to advise our board, solve our data privacy challenges, and support our business objectives."
Louise Morrison, General Counsel, HESAThey have helped manage resource levels of the existing data privacy team and brought on additional Bridewell consultants when needed for further support. This is not just true of their typical business as usual operations but of their role in Data Futures and the merger, where they have acted as a trusted, senior adviser.
"A lot of our external stakeholders have come to rely on Chris [our named DPO]. He has formed a significant part of day-to-day operations and is an ambassador of the company. His high performance has helped us establish a bestin- class team and has raised the status of HESA within our sector."Louise Morrison, General Counsel, HESA
Discover More About Our Services
Talk to The Team
From your most immediate challenges, threats & insights to your long term security objectives.