*Reassuringly dull cyber security e: info@normcyber.comt: +44 (0) 203 855 6215

Case Study: Nth Dimension


Nth Dimension is an expert provider of a wide range of Digital Healthcare, managed services and business process transformation & outsourcing solutions. The company supports and enhances both core and next-generation capabilities for its customers. A subsidiary of Tech Mahindra, Nth Dimension was founded in 2015 with the explicit purpose of driving digital transformation and innovation within the healthcare sector.

As a provider of digital and managed IT services to healthcare providers in both the public and private sectors, we process a large amount of personal and sensitive patient data on behalf of our customers. We chose DPaaS from norm. to ensure that we adhere to the highest standards of data privacy and are able to do so in a cost effective way.” Ravishankar Vishwanath, COO, Nth Dimension.

The Challenge
Nth Dimension works with its customers to deliver digital solutions which improve the quality of care and clinical experience of their patients. It is responsible for managing the IT services its healthcare clients rely upon to treat patients as quickly and effectively as possible, helping to provide superior levels of care and the best possible patient outcomes.

Part of this involves processing large amounts of patient data via systems that Nth Dimension has either built or procured on behalf its customers. This not only involves reporting on metrics such as number of patients treated on a particular day or number of appointments attended, but also includes developing interfaces between systems which allow for the secure identification and transfer of patient data including scans, test results, admissions, and room service and billing information. All of this data needs to be attached to a single patient record with different members of the clinical and non-clinical team requiring access to different pieces of data.

The recent Covid-19 pandemic also brought challenges around data protection and safeguarding the privacy of patients to the fore. As non-clinical staff were directed to work from home, the Nth Dimension team – led by COO Ravishankar Vishwanath – took just four weeks to procure laptops, roll out softphone clients, deploy Microsoft Teams and install VPNs and multi-factor authentication on the laptops. In addition, USB drives were locked, and new information security policies were introduced.

We have always taken our data protection responsibilities seriously, and have made it a priority to demonstrate to our customers, employees and partners that we value their privacy and can be trusted to protect it. As digital transformation becomes more of a strategic driver for many organisations – accelerated in part by the Covid-19 crisis – preserving the integrity of personal data, irrespective of its location, is even more critical,” continues Ravi.

While recognising the need to ensure that best practice data protection is part of the culture of the company, as a scaleup business hiring a full-time Data Protection Officer (DPO) was neither necessary nor cost effective. As Ravi explains, there are also a lot of people who claim to be data protection experts but do not have the relevant skills or experience:

Data protection and ensuring compliance with regulations such as the GDPR is a specialist area – we couldn’t take the risk of hiring someone who wasn’t a genuine expert in the field. We needed a lawyer-led team who would be able to advise on a wide range of data protection issues and help Nth Dimension to build long-term, trusted relationships with its customers.

The solution

After carefully evaluating the various DPaaS offerings available, in April 2018 Nth Dimension selected norm. as its data protection service provider. Led by a data protection lawyer with many years of experience, the team at norm. supports numerous organisations across a variety of industries. As well as providing ongoing advice on data protection related issues, norm.’s specialists inform its clients of the latest updates, guidance and frameworks from organisations such as the ICO, and how they should be applied.

Ravi picks up the story: “We have saved a lot of time, effort and sometimes stress thanks to subscribing to DPaaS from norm. We know that we can call on the team there at any time to advise on specific data protection queries, as well as receiving guidance on broader initiatives and business priorities. Norm. has advised us on numerous contractual reviews and changes, and provided a number of template policies which we’ve been able to adapt.

As data protection regulations and guidance continue to evolve – for example with the introduction of the Accountability Framework and the Age Appropriate Design Code – it is vital for organisations to not only ensure that they mitigate the risk of an enforcement action or fine due to non-compliance, but that they use these principles to differentiate their business and deliver long-term value to their customers.

The benefits

As individuals increasingly recognise the value of their personal data it is more important than ever for organisations to acknowledge their responsibility to store, protect and use that data appropriately. For Nth Dimension, the nature of the data they process means that their clients expect them to have the appropriate controls in place to keep business and patient data safe, and to use it in accordance with the relevant regulations and guidance.

DPaaS from norm. allows Nth Dimension to demonstrate their commitment to superior data protection standards for a fraction of the cost of an in-house DPO. It signifies the company’s belief that respecting the integrity of personal data is part of its DNA and is something that all employees have a responsibility towards.

Navigating data protection regulation isn’t easy, but it is necessary to make sure that standards are met and adhered to. Like many organisations, we rely on data to inform critical business decisions, communicate with our clients and employees and provide new services. With the support of norm. we have instilled the belief that data protection isn’t just a chore to be completed, it is critical to attracting new clients and maintaining trusted relationships with our existing customer base. DPaaS from norm. gives us the assurance we need to continue to grow our business safe in the knowledge that we are doing so in a sustainable way with customer value as our primary driver.

Appointing NormCyber as our virtual DPO has given Ferrero the best of both worlds – access to data protection experts who understand what we stand for as a business, without the hefty overheads usually associated with appointing an in-house DPO.

Harpreet Thandi
Regional Counsel, UK & Ireland, Ferrero

We were looking for a virtual DPO service that offered all of the benefits of a fully qualified data protection lawyer, without the overheads of an in-house hire. The DPaaS solution from norm. has been invaluable in helping us to ensure we respect the integrity of our customers’ personal information, while using it to continue to deliver differentiated products and services which support our growing customer base.

Mike Whitfield, Compliance Manager

CSaaS allows me to step away from multi-vendor management as the Security Operations Centre coordinates all of the technology for me.

David Vincent, CTO

We were in the market for an independent Data Protection Officer service that was well versed with both UK and EU regulators. We’re thrilled to have acquired this service knowing that an expert is available 24/7.

Suzanne McCabe, Head of Project Management
James Hambro & Partners

Norm’s penetration testing layer, along with the suite of CSaaS modules has enabled MA to exceed all its audit requirements for its major clients.

Rob Elisha, ICT and CRM Manager
Montreal Associates

The speed of your Data Protection Officer’s response was very impressive – it was far quicker than I would have expected even from an in-house DPO

Will Blake, Director of Technology and Analytics
CRU Group