Pathway to Improvement for Bronze

Achieving Bronze-level maturity is the foundation of your organisation’s digital and cybersecurity journey. This page provides a high-level guide to interpreting your assessment results and outlines general improvement actions by architecture area.

For detailed, question-specific recommendations, refer to the Assessment Report Output, which offers tailored actions based on your organisation’s scores.

Using the Assessment Report for Improvement

The Digital Pillar Assessment Tool provides:

  • Detailed Improvement Actions: Specific guidance tailored to each question based on your score (0–3).

  • Targeted Opportunities: Observations and pathways to achieve compliance and readiness in each architecture area.

  • Customised Action Plan: A summary of steps to align your organisation’s current state with compliance and operational goals.

Use the insights from the report to prioritise actions that address critical gaps while laying the groundwork for Silver-level readiness.

General Improvement Strategies by Architecture Area

1. Business Architecture

Focus: Aligning strategy, processes, and compliance.

  • Digital Strategy:

    • Document a basic digital strategy tied to operational goals and compliance needs.

    • Engage leadership to align strategic priorities with business transformation efforts.

  • Processes:

    • Identify 2–3 core processes for digitisation (e.g., invoicing, inventory management).

    • Establish clear workflows and ensure processes adhere to industry standards.

  • People and Organisation:

    • Develop a training plan to equip employees with essential digital skills.

    • Introduce basic cybersecurity awareness programs.

  • Compliance:

    • Conduct a gap analysis against foundational standards (e.g., GDPR, Cyber Essentials).

    • Implement policies and practices to meet legal and regulatory requirements.

2. Data Architecture

Focus: Securing data storage, access, and governance.

  • Data Management:

    • Introduce secure storage systems, such as encrypted cloud platforms.

    • Implement role-based access controls to restrict data access.

  • Data Security:

    • Apply encryption protocols for sensitive data at rest and in transit.

    • Regularly update encryption standards to align with best practices.

  • Data Governance:

    • Establish basic policies for data privacy and acceptable use.

    • Assign data stewards to oversee adherence to governance standards.

3. Application Architecture

Focus: Securing and managing essential applications.

  • Application Deployment:

    • Develop a checklist for secure configurations (e.g., authentication, patches).

    • Conduct basic vulnerability scans before deploying applications.

  • Application Management:

    • Create an inventory of deployed applications with details on usage, costs, and renewal dates.

    • Regularly review and update the inventory to identify redundant or unsupported software.

  • Software Security:

    • Introduce role-based access controls and active monitoring for SaaS and licensed applications.

    • Establish a schedule for applying software updates and patches.

4. Technology Architecture

Focus: Strengthening infrastructure reliability and security.

  • Servers and Compute:

    • Implement basic monitoring tools for uptime and performance metrics.

    • Partner with third-party providers for managed IT services if resources are limited.

  • Networks:

    • Introduce firewalls and VPNs to secure network traffic.

    • Perform periodic network audits to identify vulnerabilities.

  • Cloud Services:

    • Transition critical operations to secure, scalable cloud platforms.

    • Test backup and recovery processes regularly to ensure continuity.

  • Device and Software Inventory:

    • Develop an inventory management system to track hardware and software assets.

    • Use the inventory to prioritise updates and identify unsupported devices.

5. Security Architecture

Focus: Implementing foundational cybersecurity measures.

  • Cybersecurity Controls:

    • Deploy firewalls, antivirus software, and endpoint protection across all systems.

    • Train employees on basic cybersecurity hygiene, such as identifying phishing emails.

  • Data Protection:

    • Automate daily or weekly backups of critical business data.

    • Store backups securely, using encrypted off-site or cloud-based solutions.

  • Incident Response:

    • Draft a basic incident response plan outlining roles and steps to handle common cyber threats.

    • Schedule annual simulations to familiarise staff with the plan.

  • Compliance:

    • Review existing security policies and align them with baseline regulatory standards (e.g., GDPR, Cyber Essentials).

    • Document policies and communicate them to all employees.

Additional Resources

Leverage tools and templates from the Templates and Tools section of the Knowledge Base to support your improvement efforts:

  • Improvement Plan Template: Structure your action steps, assign responsibilities, and track progress.

  • Stakeholder Engagement Template: Identify key players to ensure successful implementation.

By following these pathways, organisations can build a strong foundation, meeting Bronze-level requirements and preparing for future growth towards Silver-level maturity.

PreviousAssessment Guide for BronzeNextSilver Level

Last updated

Was this helpful?