North of England Commissioning Support

Consolidating cyber security to better protect new and existing customers

Project overview

Durham-based North of England Commissioning Support (NECS) is one of the country’s leading commissioning support organisations. It delivers high quality, cost-effective and innovative services to Clinical Commissioning Groups (CCGs), Commissioning Support Units (CSUs), Foundation Trusts, Local Authorities, NHS England and its regional offices, and clinical networks, locally, regionally and nationally.

As end-to-end supplier, North of England Commissioning Support (NECS) provides a total solution to deliver the best outcomes for it’s customers’ patients, coupled with portable tools, techniques and experience. NECS is one of the largest CSUs in the country with an annual revenue of £62 million.


When Commissioning Support Units (CSUs) were formed in 2013, involving the merger of disparate Primary Care Trust IT and administration functions, they inherited a wide range of IT solutions which varied considerably across both staff and customer bases. Consolidation of these suppliers and technologies was a priority, to drive greater efficiencies, deliver cost savings and improved functionality.

North of England Commissioning Support (NECS) decided to rationalise its inherited suppliers and solutions in order to achieve operational excellence and best-value solutions for its clients. The vision was to set up a joinedup IT security capability that could easily be released and rolled out to new customers as and when they came on board, simply by buying new licences and controlling everything from a single console.

“We all know and like Sophos products, and they are always improving and developing with us.” – Alison Emslie, IT Security Manager, NECS.

“We deployed Intercept X across our estate just before the WannaCry ransomware virus hit the NHS, so we were highly protected.”

Alison Emslie

IT Security Manager
North of England Commissioning Support (NECS)


NECS first began to migrate their McAfee endpoints to Sophos in December 2016, working alongside Sophos Platinum Partner and UKI Healthcare Partner of the Year 2017, ITHealth. The NECS team were also exploring ways to implement a single console to manage IT security and turned to Nottingham-based ITHealth for advice on this, as well as for ways of scaling and futureproofing their solutions as the organisation took on new customers. In addition, they were working towards the Government standard, Cyber Essentials Plus.

Soon after an initial consultation, ITHealth presented the NECS team with a complete proposal covering a wide range of consolidated IT solutions. What followed was the largest ever public sector deal carried out by Sophos, with NECS buying Advanced Endpoint Protection (antivirus), Sophos Unified Threat Management (UTM) including web, email, Wi-Fi, firewall and web services protection, Mobile Device Management, Intercept X (anti-ransomware and antiexploit), and wraparound services.

According to NECS’ IT Security Manager, Alison Emslie: “We migrated eight different antivirus environments into a single Sophos Enterprise Console and we will soon be switching this to cloud-based Sophos Central. We deployed Intercept X across our estate just before the WannaCry ransomware virus hit the NHS, so we were highly protected. Sophos and ITHealth have been brilliant and thankfully we were one step ahead.”

NECS is also using Sophos UTMs across its GP surgeries to provide Wi-Fi services to the public, and mobile device management for 600 staff devices, making it easier to manage mobile phone access and upgrades.

“Our partnerships with NECS and Sophos work because it’s all about the relationships – not just about selling the software.”

Chris Booth

Healthcare Account Manager


According to Alison: “The rollout went extremely smoothly considering there were hundreds of domains and devices involved. It was carried out in stages in order to comply with Information Technology Infrastructure Library (ITIL) best practice and is now 99% complete. ITHealth worked closely with us to adhere to this regulation.”  Benefits include:

  • Technical knowledge and expertise
    NECS values the combined skills Sophos and ITHealth can offer. Sophos provides a full range of security products and ITHealth complements this with their deep understanding of the NHS market and infrastructure. Both parties each have over 25 years’ experience working with the NHS, and Sophos protects over 80% of all NHS devices.
  • Simple solutions in a complex environment
    NECS finds Sophos solutions easy to use: “We all know and like Sophos products and they continue to develop with us” says Alison. “Minimal training is required as the products are very intuitive.”
  • Cost-effective solutions
    Together, ITHealth and Sophos have been able to provide NECS with highly competitive pricing, allowing them to offer excellent value for money to their existing customers, and also to attract new customers.
  • Outstanding support
    NECS has a dedicated 1:1 account manager at ITHealth who Alison says, offers a “personal touch, outstanding availability, a fast response and great communication”.

Next on the agenda for NECS is moving their consolidated solution to the cloud using Sophos Central. “We are looking forward to being able to monitor all customers from one single console at different locations,” says Alison. “We are discussing this with ITHealth and we will have transitioned by the end of the year.”

“Sophos continually develops their roadmap so we are always able to offer the most innovative products to our NHS customers, including NECS. Our sole focus on the NHS also means we are uniquely placed to offer the highest level of advice and support given our in-depth knowledge of both NHS systems and Sophos security products.”

Chris Booth

Healthcare Account Manager

You may also be interested in…

View all case studies

Take the next step

We’re here to help. Get in touch to discuss your cyber security challenges.

Prefer to talk? Just call us on 0115 987 6339.