Case study Tristone Investment Group – An SME

Homogenising the approach to data protection and compliance across multiple portfolio businesses through a single platform.

Tristone Investment group is an investment company committed to the acquisition and growth of established, profitable and cash generative companies that deliver positive social impact. TIG’s vision is to achieve a safe and caring environment for children through the delivery of outstanding services that are: (a) Service user-focused, safe and reliable; (b) Innovative and creative; (c) Able to provide meaningful solutions and targeted outcomes; and (d) Trusted and driven by skilled individuals that are committed to achieving excellence in social care practice.

TIG invests in projects that fall into one of the following categories: (a) Registered children’s homes; (b) Specialist care facilities; (c) Specialist education facilities; (d) Fostering services; (e) Specialist adult care facilities; and (f) Social care training companies. Currently the business operates 3 social care businesses with the capacity to support 116 children and young adults between the ages of 5-18 years old. The group employs over 200 staff across 32 properties and works with 33 Local Authorities.

Envisioned set of services:

TIG and its portfolio businesses collect and use personal information about children, young people, staff, parents and other individuals who use our services. This information is gathered as is consistent with TIG’s duty as a responsible provider of regulated and unregulated social care. In addition, TIG may be required by law to collect, use and share certain information. The security and privacy of data both within the organisation and as transmitted between social care agencies (i.e. Local Authorities, the Police etc.) is of paramount importance. With a predominant focus on vulnerable children and young adults, this is of heightened importance to protect the safety and wellbeing of these children for whom TIG has both a moral and legal obligation to protect.

Security and privacy are currently being handled within the TIG portfolio businesses using multiple platforms with little consistency either within one business on its own or across all the TIG businesses. The process of compliance is manually handled using platforms such as, Microsoft OneDrive, Google GSuite, Dropbox and various bespoke systems, developed by third parties for the specific security and privacy requirements of TIG. With increasing reliance on networking and remote working, the security and privacy of TIG data is more pressing than ever before. The ambition of TIG is to homogenise their approach to cyber security across the entire portfolio of businesses and to provide a single platform that would handle all requirements in a most effective and efficient manner.