Thrive Tribe
Background
Thrive Tribe, a leading health and wellbeing organisation, sought to enhance its cybersecurity posture to protect sensitive client data and maintain trust with its stakeholders. As their outsourced managed IT provider, Espria were well placed to support Thrive Tribe with the certification, working closely with their team to guide and support them through every stage of the Cyber Essentials and Cyber Essentials Plus processes.
The Challenge
Thrive Tribe wanted to achieve Cyber Essentials and Cyber Essentials Plus certifications to ensure compliance with industry standards and to demonstrate their commitment to cybersecurity.
The Process
The certification process required Thrive Tribe to be assessed against five key security controls:
- User Access Controls
- Security Update Management
- Malware Protection
- Firewalls and Internet Gateways
- Secure Configuration
The Espria Compliance Team worked closely with Thrive Tribe to ensure that all controls were up to the required standard.
Specific Steps Taken
- Initial Assessment and Planning: Espria began by identifying any gaps in the requirements of the Cyber Essentials framework.
- User Access Controls Implementation: Collectively, existing user access controls, were reviewed to ensure only authorised personnel had access to sensitive data and systems. This included confirming all systems were secured with multi-factor authentication (MFA).
- Security Update Management: The team checked that all software and systems were updating within the specified 14-day period to maintain security.
- Malware Protection: The installation and configuration of their antivirus and anti-malware solutions across all endpoints were confirmed to be in accordance with industry best practice and that real-time protection was configured correctly to detect and mitigate any potential threats.
- Firewalls and Internet Gateways: The configuration of firewalls and internet gateways was reviewed to ensure they effectively blocking unauthorised access and were protecting the network from external threats.
- Secure Configuration: Espria conducted a thorough review of system configurations to ensure they complied with security best practices.
- Final Assessment and Certification: After implementing the necessary controls and measures, a final assessment was conducted to ensure compliance with the Cyber Essentials requirements. The self-assessment form was submitted and a third-party verification was conducted to confirm compliance.
Policies and Procedures Review
During the initial assessment, the Espria team reviewed several key policies and procedures, including:
- Access Control Policy
- Patch Management Policy
- Antivirus and Anti-Malware Policy
- Firewall Configuration Policy
- Secure Configuration Policy
Cyber Essentials Plus
Following the successful completion of the Cyber Essentials certification, Thrive Tribe went onto achieve Cyber Essentials Plus which involved an external assessment. This verified the security measures outlined in the Cyber Essentials certification were actively in place and being monitored. The external assessment included:
- Vulnerability Scanning: Thrive Tribe’s network and systems were analysed in order to identify any potential security weaknesses.
- Device Testing and Assessment: All corporate devices were tested to ensure they were secure and managed in accordance with the Cyber Essentials Plus requirements.
Results
Thrive Tribe successfully achieved both Cyber Essentials and Cyber Essentials Plus certifications, demonstrating their commitment to cybersecurity and providing assurance to their clients and stakeholders. These certifications have helped Thrive Tribe to:
- Enhance their cybersecurity posture and the protection of sensitive client data.
- Build trust with existing clients and attract new clients.
- Ensure compliance with industry standards and regulations.
Client Testimonial
As part of our ongoing commitment to cybersecurity, we saw the importance of achieving Cyber Essentials and Cyber Essentials Plus certifications for our existing clients as well as suppliers and prospective new customers. The support and guidance provided by the Espria Compliance Team was invaluable in helping us achieve these certifications.
Poonam Ahuja, Head of Managed Services at Thrive Tribe
You may be interested in
Outgrowing your MSP; businesses need a provider that scales with their growth
To stay competitive, business leaders must align with MSPs that deliver strategic value, drive innovation, and support to scale. Now firmly into 2025, it’s becoming clear what the year has in store for the IT landscape. For SMBs, the message is clear: business growth must be matched with smarter, more scalable managed services. The demand for cyber-resilient, cloud-first and AI-integrated solutions is no longer a forecast – it’s a reality already shaping business priorities. According to leading global technology market analyst firm Canalys’ MSP Trends 2025 report, the MSP model is transforming under growing pressure…
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Recent breaches at major UK retailers, combined with the approaching end of life of Windows 10, highlights a critical moment for IT resilience planning The recent wave of cyberattacks targeting major UK retailers has highlighted the growing security risks associated with organisations running outdated systems and applications and maintaining weak identity verification protocols. These incidents—particularly those involving Marks & Spencer and the Co-Op—have starkly exposed how vulnerable legacy infrastructure and insufficient access controls can be. In both cases, attackers successfully posed as legitimate employees and manipulated IT help desks into resetting internal passwords, ultimately gaining…
UK SMEs must fortify their cybersecurity against geopolitical risks, says Espria
A recent Sky News investigation highlighted an uptick in cyberattacks tied to the Iran conflict that are targeting businesses across multiple sectors. Speaking at the NATO Summit, Prime Minister Sir Keir Starmer urged UK businesses, regardless of size or sector, to prioritise cybersecurity and ‘take immediate steps to review and strengthen their defences.’ While the warning is timely in tone, businesses are already becoming targets of politically motivated cyberattacks, emphasising the need for heightened vigilance. “As tensions spread globally, threat actors will continue to exploit digital vulnerabilities, and neutral businesses may be caught in the…
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
End of windows 10 support signal urgent action needed from UK organisations as cyberattacks continue to rise
Why Businesses Should Invest in ESG: Lessons learned by Espria
In today’s competitive landscape, Environmental, Social and Governance (ESG) performance is no longer just a “nice to have”—it is a critical business imperative. Companies that prioritise ESG are better positioned for long-term success, risk mitigation, and reputation enhancement. Today’s world demands more from companies than just financial performance. Customers want transparency. Employees want purpose. Investors want resilience. ESG helps businesses manage risk, seize new opportunities and build trust with the people who matter most. It is how you can stay competitive, stay responsible and stay relevant in a fast-changing world. A powerful case study of…
The Importance of Compliance and Security: Complementary Forces in Today’s Business World
In today’s rapidly evolving business landscape, compliance and security have become paramount. These two elements, often perceived as hurdles, are in fact complementary forces that drive business success and sustainability. Understanding their importance and how they work together can transform them from perceived blockers into enablers of growth and innovation. The Role of Compliance Compliance refers to adhering to laws, regulations, standards and ethical practices relevant to an industry. It ensures that a company operates within the legal framework and maintains its reputation. Compliance is not just about avoiding fines and legal issues; it is…