Learn how Rail Delivery Group (RDG) deployed Northdoor’s third-party cyber risk platform to gain a clear view of both internal and third-party cyber security risks.
“Northdoor has helped RDG to cut business risk, improve cyber security, and ensure we embed best-practice, compliant policies.”
Alan Cain, Head of Information Security, Rail Delivery Group
About Rail Delivery Group
Rail Delivery Group (RDG) represents UK passenger and freight rail companies, Network Rail and High Speed 2. On behalf of its member companies, RDG is responsible for a host of shared services, including allocation and settlement of ticket revenue, discounted travel schemes, and third-party ticket sellers. RDG employs around 300 people.
At the buffers
Rail Delivery Group provides vital shared services to the rail industry. For example, RDG allocates revenue from tickets that span multiple train operating companies’ franchises and manages timetables across the UK.
The rail network provides essential services to the UK, from routine transport of food and goods to highly sensitive freight, such as nuclear waste. RDG and the train operating companies’ operations routinely include confidential data and personally identifiable information. With the global rise in pernicious hacks, particularly ransomware, RDG and its members take cyber security extremely seriously.
Ultimately, the core aim is to improve service reliability, reduce costs, and ensure rail safety. The greatest difficulty faced by RDG was gaining a proper understanding of its third-party cyber-security risks in order to identify and remediate issues. With the complex mix of integrated systems and shared data across multiple RDG member train operating companies, how could RDG enhance cyber security across this very diverse data landscape?
On-time departure
RDG turned to Northdoor plc to deliver a strategic overview and propose ways to embed cyber security. This would include procurement assessments of multiple suppliers and service providers to the industry, the operational systems deployed in the industry, and better data protection for customers, stakeholders and RDG member companies.
At the recommendation of Northdoor, Rail Delivery Group chose to deploy the cloud-based third-party cyber risk platform at RDG and at more than 40 member companies to assess, monitor and manage third-party cyber risk across extended supply chains. The solution uses a combination of AI, machine learning, and rules engines to analyse and report in real-time, replacing manual spreadsheets with an intuitive, live dashboard. The third-party cyber risk management platform provides a simple, automated, and centralised risk management solution that enables RDG to manage and monitor its cyber risk score and ensure its suppliers, stakeholders, and third-party partners meet its GDPR standards. For both RDG and the member companies, the third-party cyber risk solution enables senior executives to manage risk in real-time.
Alain Cain, Head of Information Security, Rail Delivery Group, comments,
“Northdoor’s third-party cyber risk solution enables us to gain enterprise-level insight into our cyber security risk and identify areas for remediation. Working with Northdoor we were able to rapidly implement and configure the third-party cyber risk platform and establish essential policies and procedures as the foundation of a greatly improved cyber security posture.”
Non-stop service
For a complex web of interconnected rail companies, onboarding new suppliers represents a specific and additional security risk. A new supplier to an individual train operating company is potentially gaining access to all RDG member companies’ systems. Without central management, each train operator relied on every other company to manage and mitigate this risk.
With the third-party cyber risk management platform in place, RDG and its member companies enjoy a best-in-class third-party security framework. Assessments of procurement risk for suppliers are faster and more effective, and all RDG members benefit from the improved shared cyber security stance.
Smooth running with a best-in-class cyber security framework
The new solution has created a best-in-class cyber security framework for Rail Delivery Group and its member companies, offering a better, faster view of the cyber security risks they face. For example, the shared view of technology service providers that are common to multiple member companies places RDG in a much stronger position to play an effective governance role. In turn, this helps to protect stakeholder investments, secure customer data, and enhance the smooth and efficient running of rail services in the UK.
“Northdoor has helped RDG to cut business risk, improve cyber security, and ensure we embed best-practice, compliant policies,” comments Alan Cain. “In addition, our cyber security is fully aligned with procurement, enabling faster and more-effective assessments of third-party risk during the onboarding of new suppliers.”
Alan Cain concludes, “Most importantly, the net impact of working with Northdoor and implementing the third-party cyber risk solution will be better service reliability on UK railways, saving time and money for both RDG and its members, and improving freight and passenger rail services.”