LRF CyberAPP

Effective Information Sharing & Security Award

City of Bradford Metropolitan District Council

Briefly describe the initiative/ project/service; please include your aims and objectives

The Yorkshire & Humber Cyber App is a region-wide digital tool and operating model designed to transform how local responders assess, escalate and manage cyber incidents across the four Yorkshire & Humber Local Resilience Forums (LRFs). Led by Bradford Council (Chair, YH Cyber WARP) and developed with multi-agency partners, the App converts technical incident data into a simple, scored risk assessment, clear escalation prompts, and an auditable PDF timeline — enabling faster, more consistent multi-agency decisions that protect frontline services and citizens.

Aims:

Standardise cyber incident triage and escalation across Category 1 & 2 organisations in the region.
Reduce ambiguity and delay between technical detection and operational response.
Improve statutory and national reporting compliance (NCSC, ICO, Competent Authorities).
Provide a single, auditable record for post-incident review and learning.
Deliver a configurable, easily replicable solution that other LRFs and partner organisations can deploy quickly.

Objectives:

Create an objective, weighted risk-scoring framework that translates technical impacts (service, data, users) into operational decisions.
Build multi-agency decision-support outputs (clear triggers for LRF involvement, TCG/SCG/CYB-TAC convening).
Produce automatic, auditable PDF reports and timelines to improve transparency and accountability.
Ensure offline capability and local configurability while flagging deviations from agreed regional standards.
Package the solution using mainstream Microsoft tooling to reduce deployment time and cost for other organisations.

How this relates to the award

This initiative directly transforms public services by using data and technology to deliver a citizen-focused outcome: protecting essential services and vulnerable people through quicker, consistent incident decisions and coordinated multi-agency action. It also drives culture change — aligning partners on language, governance and practice.

What are the key achievements?

The Yorkshire & Humber Cyber App has delivered measurable, programme-level change across governance, operational practice and regional capability — directly meeting (and in several areas exceeding) the project’s original aims of standardisation, speed of decision-making, multi-agency coordination and replicability.

Main results and evidence

Standardised, objective incident triage across the region.
The App translates technical inputs (functional impact, data confidentiality, availability, number of affected users, impact on critical systems) into a single, weighted risk score and agreed thresholds for escalation — removing subjective variation between organisations.
Clear, consistent multi-agency escalation triggers and decision support.
Built-in thresholds map directly to LRF/TCG/SCG/CYB-TAC escalation behaviours so incident commanders know who to inform and when, closing the gap between technical teams and operational responders.
Automatic, auditable reporting that saves time and improves accountability.
The App generates PDF timelines and reports (with change highlighting) and can email them to defined recipients — eliminating manual report drafting, creating a single source of truth for partners and regulators, and improving post-incident learning.
Improved compliance and regulatory readiness.
Reporting prompts and embedded guidance direct users toward NCSC, ICO and Competent Authority reporting routes where appropriate — reducing the risk of late or missed statutory notifications.
Replicable, low-cost regional solution.
Delivered as a Microsoft-technology “shell” (Power Apps / .NET / Power Automate) with a packaged install model and back office configuration, the App can be deployed rapidly by other LRFs and partner organisations — avoiding duplicated development effort across the region.
Designed and refined with stakeholders (real buy-in).
The SRS moved from v1.0 to v2.0 following wider stakeholder workshop input, demonstrating active co-design with the four Yorkshire & Humber LRFs and WARP partners. This collaborative approach has created ownership and accelerated adoption readiness.
Operational resilience features (practical usability).
The App supports offline use, CSV import for local contacts, configurable weightings (with change-flagging), and simple UI controls (radio buttons, dropdowns, optional free text) so it’s usable in live incident conditions.

Level of impact & how aims were met/exceede

The App fulfilled every core objective: objective, weighted scoring; multi-agency triggers; auditable PDF outputs; offline capability; and a replicable Microsoft shell. Where it exceeded expectations was in formalising an agreed regional escalation taxonomy and embedding change-flagging so local configuration cannot silently undermine the regional standard — a small design choice with outsized governance impact.

Operational efficiency gains (qualitative): automatic report generation and standardised triage reduce duplicated effort during incidents (no separate manual report-writing, fewer emails chasing clarifications), and give incident leads clearer first-time answers — freeing technically-skilled staff to remediate rather than administrate. The SRS explicitly requires PDF/email automation and change highlighting to deliver these efficiencies.

Cost avoidance and value for money: by producing a packaged, standard Microsoft-based solution for all four LRFs, the programme avoids multiple bespoke builds and associated licence/integration costs. The SRS highlights replicability and packaging as central project value, directly supporting regional cost-efficiency.

Tangible next-step / embedding evidence

A formal 3-month embedding period after Go-Live is built into the delivery plan so improvements and real-world lessons feed back into the product and governance quickly — demonstrating commitment to sustained change, not just a one-off build.

How Innovative is your initiative?

The Yorkshire & Humber Cyber App is a genuinely novel regional innovation — it’s the first time four LRFs across Yorkshire & Humber have co-designed and agreed a single, operational cyber triage and escalation tool that translates specialist technical inputs into objective, auditable operational decisions. That cross-boundary, multi-LRF co-design itself is a breakthrough; it changes who builds resilience tools (regionally governed coalitions, not single orgs) and how they’re used in live incidents.

Concrete ways the project is innovative

True multi-LRF co-design at scale — bringing four LRFs and WARP partners together to define common risk definitions, thresholds and escalation behaviour has never been done in this region before. This creates a single, agreed operational taxonomy for cyber incidents rather than fragmented local heuristics.

Operationalising technical cyber data into decision-grade outputs — the App converts technical indicators into a weighted risk score, clear escalation triggers (LRF / TCG / SCG / CYB-TAC) and an auditable PDF timeline so non-technical incident commanders can make fast, consistent choices. That translation layer — not just dashboards or alerts — is both creative and highly practical.

Governance-aware configurability (innovation in control) — local teams can tune weightings where needed, but any deviation from the regional standard is flagged automatically in generated reports. This is an elegant governance innovation: balance local flexibility with regional consistency and transparency.

Packaged, low-friction replication model — built as a Microsoft-technology shell (Power Apps / .NET / Power Automate) and packaged with back-office configuration, the solution removes the usual barriers to cross-organisation adoption and prevents duplicated bespoke development across the region.

Designed for real incident conditions — offline capability, simple UI controls, CSV contact import and automatic PDF/email outputs ensure the tool is usable in pressured, connectivity-impaired situations — a pragmatic innovation that prioritises operational reality over theoretical functionality.

Challenging the status quo & taking risks

Shifting ownership from single organisations to regional collective action. Instead of each council or responder building its own siloed process, partners agreed to a shared operational standard — a cultural and political step change that required trust, compromise and a new governance approach.

Prioritising outcomes over technical showmanship. The team deliberately avoided building a purely analytic or forensic product and instead focused on decision-support outputs that directly protect citizens and maintain services — a risk that paid off because it drove adoption among non-technical commanders.

Embedding auditability into everyday practice. Automatically producing timelines and highlighting configuration changes flips post-incident review from a forensic afterthought to an integral, real-time governance feature — changing how organisations learn and are held to account.

Cultural & behavioural innovation

Common language and shared playbook. The co-design process created consistent incident language and escalation expectations across agencies — reducing delays caused by misunderstandings and enabling faster joint action. From specialist ownership to shared operational responsibility. By surfacing decision prompts and removing jargon, the App empowers operational leads (not just cyber teams) to own incident response decisions — a meaningful culture shift toward citizen-centred resilience.

Why this matters (impact of the innovation)

This project doesn’t just produce a clever technical artifact — it rewrites how regional partners prepare for, decide during, and learn after cyber incidents. Its innovations reduce decision latency, improve regulatory confidence, and create a replicable model other regions can adopt quickly and affordably. That combination of technical, governance and cultural innovation is exactly the kind of transformative change the award seeks to recognise.

What are the key learning points?

The Yorkshire & Humber Cyber App has generated practical lessons that make it straightforward to adopt and scale elsewhere. Below we summarise what worked, what we learned from challenges, and clear, actionable steps other LRFs and partner organisations can reuse.

1. Secure multi-party buy-in early

Bringing four LRFs and WARP partners together to agree risk definitions, thresholds and escalation behaviour was essential. Investing time in structured workshops, version-controlled decisions and a short “what we agreed and why” playbook built the rust needed for a single regional standard. Lesson: formal, documented decision sessions are not overhead — they are the foundation for regional adoption.

2. Design for decision makers (not for engineers)

The project succeeded because it translated technical telemetry into a single weighted risk score, simple escalation prompts (e.g. “inform LRF / convene TCG / notify NCSC”) and an auditable timeline. Simple inputs (radio buttons, dropdowns, one free-text box) are far more usable during live incidents than freeform forms or raw logs.
Lesson: prioritise outputs that enable operational choices over technical detail.

3. Embed governance into configurability

Allow local configuration but make every change visible and auditable. Flagging and stamping any deviation from the regional baseline in generated PDFs preserved local flexibility without undermining consistency. Lesson: auditable change-flags prevent silent drift and maintain trust between partners.

4. Prioritise operational resilience and usability

Offline capability, CSV contact import/export and automatic PDF/email outputs were small design choices with large. The Yorkshire & Humber Cyber App has generated practical lessons that make it straightforward to adopt and scale elsewhere. Below we summarise what worked, what we learned from challenges, and clear, actionable steps other LRFs and partner organisations can reuse.

Additional Comments

First-ever four-LRF co-designed cyber triage App: rapid, auditable, and replicable. It turns technical data into clear operational decisions, improves regulatory compliance, and protects frontline services. Packaged for quick regional roll-out with a 3-month embedding plan and stakeholder-owned governance.

HOME

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.