University Hospitals of North Midlands NHS Trust 

Virtual CISO: Strengthening an NHS Trust’s Cyber Security Posture and Resilience


Each year, University Hospitals of North Midlands (UHNM) NHS Trust cares for over two million people seeking emergency treatment, planned operations, and medical care across two sites: Royal Stoke University Hospital and County Hospital in Stafford.

Working across various sites and a growing number of remote workers and devices, UHNM needed to ensure consistent levels of end-user security across all locations.

The Trust’s Chief Information Officer (CIO) and Head of Service Delivery were seeking an interim Chief Information Security Officer (CISO) to assume accountability and responsibility for cyber security operations to help counter resource challenges. i3Secure were introduced to the Trust as a new supplier by a trusted partner.


The Challenge

The original request was to provide an on-site consultant to replace a departing employee. However, in response to COVID-19 challenges, the Trust opted for a virtual Chief Information Security Officer consultant (vCISO) solution.

i3Secure emerged as the preferred cyber security supplier, impressing the Trust with its dedication to delivering value for money, unmatched flexibility, and specialised consultants with extensive experience of working with NHS clients.

The vCISO solution presented numerous benefits that aligned perfectly with the Trust’s evolving needs, providing a flexible and scalable approach to the Trust’s resourcing challenges.

In line with the Trust’s key requirements, i3Secure’s experienced, CISSP-qualified vCISO adeptly ensured Data Security and Protection Toolkit (DSPT) compliance, effectively managed technical systems and network firewalls, confidently led incident management response plans, and developed the cyber security strategy.

Deploying a vCISO at short notice (within three weeks) for a three-month period was testament to i3Secure’s agility and commitment to providing timely, efficient, and high-quality cyber security solutions to organisations.

Our Solution

i3Secure’s CISO promptly initiated work on the cyber security roadmap and business plan, earning acclaim from the Trust’s senior leadership team. Merely a few weeks into the role, our consultant faced the task of managing the Log4j incident, which had far-reaching implications. With commendable dedication, the CISO effectively led the Trust’s response to the incident, collaborating tirelessly with internal staff around the clock, resulting in laudable outcomes.

With threats constantly evolving on an unprecedented scale, the guidance of an experienced CISO was invaluable. An integral aspect of the CISO’s risk-focused strategic plan was the development of a comprehensive and clearly defined process for incident response planning and disaster recovery. Our  Virtual CISO skillfully devised protocols for identifying, containing, and evaluating incidents, complemented by effective procedures for remediation and enhancement. Drawing on compliance standards, our CISO established a robust framework that showcased best practice and fortified the Trust’s resilience.

The Result

i3Secure’s virtual CISO played a pivotal role in bolstering UHNM’s cyber security posture and resilience. Following the successful management of the Log4j incident and the development of a comprehensive cyber security roadmap, our Virtual CISO quickly emerged as the go-to expert for all cyber security matters within the Trust.

By leveraging their exceptional expertise and experience, our CISO provided invaluable guidance and strategic insights to UHNM’s senior leadership team, earning their trust and respect. Recognising the significant impact of i3Secure’s contributions, the Trust extended the contract for a further three months, allowing for sustained support and continued enhancements to the cyber security landscape.

With the solid foundation in place, UHNM’s cyber security efforts witnessed a remarkable transformation. The CISO’s proactive approach and continuous monitoring enabled the Trust to identify potential vulnerabilities and strengthen its incident response and disaster recovery capabilities. This proactive stance not only minimized potential disruptions but also instilled a sense of confidence and preparedness throughout the organisation.

Moreover, our consultant’s expertise and deep understanding of UHNM’s unique challenges positioned them as a key stakeholder in shaping the cyber security strategy. The Trust sought the CISO’s involvement in the interview process for a full-time CISO role, ensuring a seamless continuation of the progress achieved and a strong alignment with the ongoing vision.

As a result of i3Secure’s support, University Hospitals of North Midlands NHS Trust now maintains a robust cyber security framework, aligned with industry best practices and compliance standards. Our CISO’s dedication to fostering a cyber-resilient culture and their commitment to staying ahead of evolving threats made them an invaluable asset to the Trust, safeguarding critical assets and ensuring UHNM remains resilient in the face of cyber security threats.

At a Glance 

  • Fast deployment of virtual CISO to provide an immediate solution to the Trust’s resourcing challenge
  • Development of cyber security roadmap for UHNM 
  • Led the Trust’s response to and management of Log4j incident
  • Ensured Data Security and Protection Toolkit (DSPT) compliance

“The i3Secure consultant responsible for delivering our CISO as a Service has been exemplary. He has completely focused on the Trust’s needs rather than any third-party commercial drivers. His integrity, knowledge, ability and flexibility to go above and beyond have been second to none. I am thoroughly satisfied with the solution provided and would not hesitate in recommending it.”

David Tudor, Head of Service Delivery, UHNM

Looking for CISO as a Service?

Discover more about our outsourced Chief Information Security Officer service.

A practical and cost-effective solution for an ongoing security presence

Find out more