Strategic IT upgrade for AOC Archaeology

Cyber security

Key overview

Industry: Archaeology

Services

Managed networks

Cyber security

IT consultancy

Cyber Essentials Certification

Data cabling

Results

Ongoing holistic IT management

Bolstered cyber security stature

Increased collaboration

Increased connectivity

Cyber Essentials Plus Certified

The client

AOC Archaeology Group is one of Britain's most experienced heritage consultancies. For over 30 years they have been running excavations, advising on heritage planning, conducting archaeological surveys, and providing conservation services to their clients nationwide. They also manage Scotland’s only archaeological conservation laboratory where they carry out sophisticated post-excavation analysis. Today, AOC has 100 field staff and 50 office-based employees spread across six busy sites.

museum visitor looking at ancient pottery

The challenge

Field archaeology generates a large volume of data, including photographs, CAD, GIS data and 3D models. AOC’s server infrastructure was ageing and rapidly becoming unfit for purpose, and the company’s existing IT suppliers were struggling to meet the demands that AOC’s data management placed on the company’s infrastructure.

As a result of relying on local servers, there were also different approaches to data management between different departments as well as across the six office locations. Additionally, we identified a number of business-critical vulnerabilities in AOC’s infrastructure and processes which had the potential to put core operations at risk.

The solution

From the outset of this project, we took a thorough and methodical approach to our work which consisted of four key phases: Cyber security audit, recommendation, implementation, and review.

Cyber security audit

As a matter of urgency, our lead engineer and Cyber security engineer visited each of AOC’s six locations to conduct a thorough Cyber security audit. This involved mapping the Wi-Fi and 4G signals at each site, reviewing the cabling and network cabinets, assessing the vulnerability of the network, and carrying out health checkups on all staff computers.

Cyber Essentials and Cyber Essentials Plus

Together with overhauling AOC’s IT infrastructure, we guided them through the process of achieving Cyber Essentials and subsequent Cyber Essentials Plus certifications. These certifications are not tick‐box exercises; they provide independent, third-party validation that AOC’s security measures meet the National Cyber Security Centre’s robust baseline.

The standard Cyber Essentials scheme requires the implementation of essential security controls – such as robust firewall protection, secure system configurations, controlled user access, effective malware protection, and timely security updates.

While obtaining the Cyber Essentials certificate already demonstrated AOC’s commitment to safeguarding data, progressing to Cyber Essentials Plus further verified that all required technical controls were firmly in place through an external audit.

Our approach involved updating and upgrading the necessary hardware and refining internal processes to ensure that every element of AOC’s network and devices not only met, but exceeded, the minimum requirements. As a result, AOC not only fortified their cyber defences but also significantly bolstered client confidence in their data security practices.

"With our partners Texaport we've worked hard to overhaul our IT estate and bring it into line with the latest security standards, and we're pleased to have been certified for Cyber Essentials Plus, meaning that our data and that of our clients is as secure as possible."

Graeme Cavers Director & Head of Survey, AOC Archaeology

Report and recommendations

We then took the information compiled from the site audits and compared it with the industry standards as defined by the National Cyber Security Centre. We used this comparison to generate a detailed report of the areas where AOC’s current posture was falling short of complying with current regulations, along with our suggestions for resolving each issue.

The headlines were that AOC’s IT estate was ageing and no longer meeting their operational needs. In response, we proposed a new server infrastructure co-located in a data centre near AOC’s head office in Edinburgh. This would enable all employees to access and share data, regardless of which location they were based at, or whether they were working out in the field.

However, before we could establish the co-located server - and in order to get the maximum benefit from it - we first needed to make significant improvements to the existing on-site infrastructure.

Planning and implementation

We developed a clear plan of how the recommendations should be implemented and then set about readying AOC’s IT environment to integrate with the new server. Carrying out the plan involved our highly specialist teams working in cooperation to complete works according to a meticulous schedule.

Our expert structured cabling team designed and laid upgraded cabling at all six sites. Alongside this, the networking team arranged for updated network hardware to be installed in every office. New network switches and additional Wi-Fi access points were put in to ensure optimal connectivity.

A vital element of the plan was guaranteeing AOC’s internet access so that every site was able to connect to the centralised server. To do this, we included redundant internet capability, which AOC can turn to if the primary internet connection fails. As well as this, we set up next generation firewalls which also provide virtual private networks (VPNs) between the locations, keeping site-to-site traffic protected.

With the connectivity, cabling and Cyber security up to the necessary specifications, we then copied over all files from each location and moved them into the new co-located storage, before finally retiring the legacy on-site servers.

Ongoing Review

Once AOC’s new server was up and running, we rigorously cross-checked our own work to ensure that every gap we had identified had been successfully filled. After submitting to the accrediting body, we then established a timetable of regular reviews to ensure continued compliance.

"Texaport has transformed our IT infrastructure. Their expert support and proactive approach not only enhanced our operational efficiency but bolstered the safety of our data"

Graeme Cavers Director & Head of Survey, AOC Archaeology

The results

The new server centralises and secures data storage for all of AOC’s projects. A user-friendly file structure makes it easy for team members to find relevant data quickly. This combination allows teams to collaborate more effectively across the different sites and facilitates better alignment between field and office workers.

The updated network hardware gives both AOC and Texaport full visibility of the networks at each site. This lets us manage the network through proactive monitoring and tailor our troubleshooting to any problems that we identify.

By establishing a schedule of regular security reviews with AOC, we ensure that they are keeping up with regulatory standards and are in good shape for unannounced spot checks. With our guidance, they passed their Cyber Essentials certification with flying colours - a feat that felt far beyond reach just months before.

Following the success of this project, we became AOC’s managed IT provider. We now maintain their infrastructure, manage their software licences, proactively monitor their devices for threats, and are their go-to team for any IT related issues.

Through enhanced IT performance, preventative Cyber security management, and swift problem resolution we are proud to have succeeded in restoring AOC’s trust in their external IT partner.