Accelerating Cybersecurity Certification for EstimateOne

‍
‍Industry: Construction Technology
‍Services Provided: Cybersecurity Remediation, Certification Preparation
‍Certifications: Cyber Essentials, Cyber Essentials Plus, ISO 27001

Background

EstimateOne, a leading tender management platform in the commercial construction industry, has served over 70,000 tenders and handled over 7.6 million architectural documents across Australia and the UK. With their innovative cloud-based platform facilitating collaboration between builders, suppliers, and subcontractors, EstimateOne has established itself as a key player in the construction technology space.

Driven by industry demand, EstimateOne recognised the need to enhance their Cybersecurity posture. They aimed to first achieve Cyber Essentials and Cyber Essentials Plus certification for UK builders working with the government. In the UK, organisations must have Cyber Essentials Plus certification in order to bid on public tenders. Thus EstimateOne having Cyber Essentials Plus would streamline the process for any customers bidding on those projects.

This work would also lay the groundwork for an ISO 27001 certification to be attained later. These certifications were crucial to safeguarding the platform, demonstrating a commitment to security, maintaining trust and complying with industry standards.

The Challenge

EstimateOne embarked on a journey towards achieving Cyber Essentials and Cyber Essentials Plus certifications with a clear understanding of the importance of robust security infrastructure and thorough compliance practices. As a rapidly growing and innovative platform, EstimateOne recognised several key areas that would require focused attention:

• Security Infrastructure Enhancement: To meet the rigorous standards of Cyber Essentials and Cyber Essentials Plus, EstimateOne identified an opportunity to further strengthen their security infrastructure. This involved not only adhering to certification requirements but also enhancing overall resilience against potential threats. The goal was to ensure that their platform continued to provide a secure environment for all stakeholders, reinforcing trust and reliability.
  

• Optimising System Integration: EstimateOne’s platform is a sophisticated, cloud-based ecosystem that spans multiple AWS accounts and integrations. There was an opportunity to streamline and optimise these systems to align with best practices in security and compliance. This optimisation was essential to ensure that evidence collection and compliance checks were not only thorough but also seamlessly integrated into their existing workflows.
  

Our Approach

Midnyte City was engaged to expedite EstimateOne’s certification journey by addressing the key challenges and providing expert remediation services. Our approach included:

• Security Infrastructure Uplift: We helped to prioritise and execute a backlog of tasks essential for Cyber Essentials and Cyber Essentials Plus compliance. This involved setting up the AWS platform in Drata, a leading compliance SaaS product
  

• System Monitoring and Evidence Collection: We implemented robust monitoring systems, including AWS GuardDuty, Inspector and Security Hub. Drata automates the evidence collection, the DataDog SIEM is a central security monitoring tool with advanced insights and monitoring. This ensured that EstimateOne could meet compliance requirements efficiently.
  

The Results

As a result of our engagement, EstimateOne successfully achieved Cyber Essentials and the Cyber Essentials Plus certifications, a significant milestone in their cybersecurity journey. They are now on a clear and structured roadmap to attain ISO 27001 certification.

Our collaboration not only accelerated their path to certification but also strengthened their overall security posture, allowing them to continue innovating and leading in the construction technology space with confidence.