QA

Northern WARP – IT Security Training Joint Procurement 

Briefly describe the initiative/ project/service; please include your aims and objectives

Local government authorities (LGAs) are increasingly facing cyber threats that can compromise their data, systems and services. To enhance their cyber resilience and protect their citizens, LGAs need to invest in cyber security training for their officers.

Cyber security training can help LGAs to identify, prevent and respond to cyber attacks, as well as to comply with relevant regulations and standards. Cyber security training can also foster a culture of cyber awareness and responsibility among LGA staff, which is essential for maintaining good cyber hygiene and reducing human errors.

LGA funding for cyber security training can support LGAs to access quality and affordable training programs that suit their needs and capabilities. LGA funding can also enable LGAs to collaborate with other LGAs, local and central governments, and industry partners to share best practices and resources on cyber security. LGA funding can also incentivize LGAs to adopt a continuous learning approach to cyber security, which is necessary to keep up with the evolving cyber landscape and emerging technologies.

LGA funding for cyber security training is a strategic investment that can benefit LGAs in the long term. By improving their cyber security posture, LGAs can enhance their service delivery, reputation and trust among their stakeholders. LGAs can also reduce the costs and risks associated with cyber incidents, such as data breaches, ransomware attacks and service disruptions. LGAs can also contribute to the national cyber security agenda and support the economic and social development of their communities.

The Local Government Association provided each LGA through an online submission to get £5k to help with professional cyber security training , this was given out twice once in 2019 and another in 2022.

In 2019 the YHWARP ran by Bradford Council undertook this for its own members which was really successful and in 2022 YHWARP joined up with the NEWARP and NWARP and we managed to get 22 of Local Authorities onboard

The main objectives were

  • Maximise the pool funding
  • Maximise the number of delegates that can go on the course
  • Making sure that the course provide exams
  • Maximum of 3 officers being trained with exams
  • Undertake 2 rounds of professional cyber training
  • Allow a wide range of courses to be available – Additional benefits with the large procurement from QA
  • Making sure that we have a good return on exam passes – 40% and above on all courses

 

The initiative and innovation was to pool this money together to get the best deal possible for the 3 WARPS and make sure that there was value for money and maximising our investment from this initiative

 

What are the key achievements?

One of the most important aspects of IT security is training the staff to be aware of the risks and best practices. However, many organizations lack the budget or resources to provide adequate training for their employees. This is where pooling money for IT security training can be a great solution. Pooling money for IT security training means that several organizations or individuals contribute to a common fund that is used to pay for high-quality and relevant training courses. This way, they can share the costs and benefits of learning from experts and gaining valuable skills. Some of the achievements that can result from pooling money for IT security training are:

  • Improved security posture: By learning how to prevent, detect and respond to cyberattacks, the staff can reduce the likelihood and impact of security breaches. They can also comply with the standards and regulations that apply to their industry and protect their reputation and customer trust.
  • Enhanced collaboration: By pooling money for IT security training, the organizations or individuals can also network and exchange ideas with each other. They can learn from each other’s experiences and challenges and find solutions together. They can also create a community of practice that supports each other and fosters a culture of security awareness.
  • Increased efficiency: By pooling money for IT security training, the organizations or individuals can also save time and money that would otherwise be spent on finding, evaluating and booking training courses. They can also access a wider range of courses that suit their needs and preferences. They can also leverage economies of scale and negotiate better prices and discounts with the training providers.

 

Here are the stats regarding the achievement from the joint procurement of the pooling of the Local Government Associations Cyber Security Training money provided to Local Authority.

Round 1 – December 2022 – March 2023

The listed price for round 1 was £115,000

We paid with exams included on all courses

Round 1 – £50,000 – 35 delegates – 6 courses

 

Round 2 – April 2023 – March 2024

The listed price for round 2 was £105,000

We paid with exams included on all courses

Round 2 – £46,000 – 34 delegates – 10 courses

 

Courses attended:

  1. Certified Ethical Hacking Course
  2. CISSP
  3. CISM
  4. BCS Certificate in Information
  5. NIST
  6. CompTIA Security+
  7. Certified Data Protection Practitioner
  8. Certified ISO 27001 Practitioner (QAISOP)
  9. Lead Auditor ISO27001 (QAISO27KLA)
  10. Management of Risk (M_o_R 4) Total Learning (QAMOR4-TL)
  11. Certified Chief Info Security Officer
  12. System Security Certified Practitioner

 

Total cost of the courses would have been including exams £220,000 , with the funds pulled together between 22 Local Authorities we managed to spent £96,000

Saving of £124,000

Just shows when we pull together funds we can make huge savings

 

From the exams taken so far this is the percentage of those that have passed the exams over the two rounds:

 

  1. Certified Ethical Hacking Course – 90%
  2. CISSP – 60%
  3. CISM – 65 %
  4. BCS Certificate in Information – 90%
  5. NIST – 90%
  6. CompTIA Security+ – 70%
  7. Certified Data Protection Practitioner – 80%
  8. Certified ISO 27001 Practitioner (QAISOP) – 60%
  9. Lead Auditor ISO27001 (QAISO27KLA) – 80%
  10. Management of Risk (M_o_R 4) Total Learning (QAMOR4-TL) – 90%
  11. Certified Chief Info Security Officer – 50%
  12. System Security Certified Practitioner – 80%

 

On the back of that we have also had some money left and went out for a smaller round 3 of the IT Security Training on the following courses

  • Incident Response & Continuity Exercising Simulations (6 delegates)
  • Certified ISO 27001 Practitioner (6 delegates)
  • Certified Information Security Manager (6 delegates)

 

Also an additional 19 staff will be trained in 2023/2024 from the above which cost £20k if each member had to go out themselves the cost would have been £40k so saving £20k

 

How Innovative is your initiative?

This has never been done at any level in the UK , where central funding has been provided to Local Authorities and to look at pooling this together that money to maximise the impact this had for training staff on professional IT Security training.

We made sure by speaking to the LGA that there was no issues for pooling the money together and they confirmed as long as one officer undertakes the training and exams by 31st March 2023, then that would be acceptable.

We undertook the round 1 procurement through our process and then in round 2 we were supported by Calderdale Council to help with the procurement with QA training.

The process was very easy, asking for expressions on what course each LA wanted to undertake, this was then gathered by Bradford Council on numbers.

Negotiations took place between Bradford and QA , on the cost of the course and being able to maximise the training and on the back of that we had a cracking deal where we ultimately saved £124,000 of public sector money if we had gone alone to undertake all of those courses.

We made sure that the courses were private to WARP members , which helped with networking and also being able to share experiences etc in a trusted environment.

 It also helped that all the courses were done online and helped to maximise the funding further without paying for expenses , travel etc.

 We believe this is innovation at its best maximising funding, pooling money together across the Local Authorities , making sure that we got the best deal possible, networking in a safe environment and most of all creating stronger links between YHWARP, NEWARP and NWWARP , and on the back of that we created the Northern WARP.

 

What are the key learning points?

QA is a leading provider of training and consulting services to WARP, a global organization that specializes in web development, artificial intelligence, and cloud computing. QA has been working with WARP since 2019, delivering customized courses in IT Security, QA has also helped WARP to maximise its investment from the Local Government Association grant of £5k per Local Authority that applied for it.

QA’s training approach is based on the following principles:

  • Learner-centred: QA tailors the content and delivery of each training session to the needs and preferences of the learners, using interactive and engaging methods such as quizzes, exercises, and projects.
  • Outcome-oriented: QA aligns the learning objectives and outcomes of each training session with the business goals and expectations of WARP, using metrics and feedback to measure the impact and effectiveness of the training.
  • Continuous improvement: QA constantly updates and improves the training materials and methods based on the latest industry trends, research, and innovations, as well as the feedback and suggestions from the learners and WARP.

 

QA’s training results are impressive and consistent. According to a recent survey conducted by WARP, 95% of the learners who participated in QA’s training sessions reported that they were satisfied or very satisfied with the quality and relevance of the training. 90% of the learners also reported that they were able to apply what they learned to their work projects and tasks. Furthermore, WARP has seen a significant increase in productivity, efficiency, and innovation among its teams and departments after receiving QA’s training.

QA is proud to be a trusted partner and a preferred training provider to WARP. QA looks forward to continuing this fruitful collaboration and supporting WARP’s growth and success in the future with any future training needs.

QA helped organising and coordinate 87 delegates over 19 courses over the 2 years , so that everyone was able to make the training , the setup, coursebooks, undertaking the courses , feedback and providing details and information for delegates to undertake the exams at the end.

The WARP did not need to be involved in the organisation of getting delegates on to the courses this was all taken care of by QA , which saved the WARP time and effort in dealing with sorting out the training this was all handled by QA.