A secure platform for virtual tribunal services

HM Courts & Tribunals Service (HMCTS) is an agency of the Ministry of Justice responsible for the administration of criminal, civil and family courts and tribunals in England and Wales – and non-devolved tribunals in Scotland and Northern Ireland. Operating from more than 300 courts and hearing centres, they handle about four million cases a year and have around 16,000 full-time, mostly frontline, roles.

To make justice more accessible, they embarked on a reform programme to remove unnecessary bureaucracy and paperwork, simplify processes and provide people with new tools and routes to exercise their legal rights. The aim was to develop a range of digital services –divorce, probate, civil money claims, social security appeals and plea services – that would ultimately comprise the ‘online court’.

6point6 was appointed to assist in developing the security elements in support of the programme’s evolving delivery and operating models to address security automation, assurance and compliance at scale, threat and incident management, vulnerability and compliance scanning, audit, monitoring, patching and host hardening.

A comprehensive suite of cybersecurity services

Our engagement covered three main areas: architecture and strategy, information assurance (privacy) and security operations (monitoring and responding to threats across the estate). In addition to facilitating a three-year security roadmap, we stood up a security team that would allow HMCTS to secure their online services and monitor them throughout their lifecycle for continuous assurance.

We worked with the HMCTS DevOps team and other consultants on the project to build a new capability for their security operations function, incorporating security information and event management (SIEM) and threat management capabilities into the Azure estate.

This was followed by modernising the HMCTS information assurance programme. We developed new risk and assurance processes and governance structures to support agile releases of digital services going forward.

Delivering strategic and tactical capabilities at scale

The scale of the project was significant: to get security operations up and running and monitor services that were going live, we ramped up our team to 18 people in eight months.

We followed a process of discovery and strategy while standing up tactical capabilities to support the immediate go-live on new beta services for the platform.

We conducted a cybersecurity maturity assessment and used the results to develop a roadmap for securing their digital services for the next three years.

Design reviews were conducted for each service and, using secure-by-design technical guidance libraries, we embedded architectures to work with each service to ensure secure access management and progress tracking.

Reshaping the justice system with secure by design services

Our work with HMCTS has augmented their technical security information assurance and design capability to support Agile methods and DevOps operating processes and target operating models, ensuring online services can be delivered securely.

Results that matter

• New online services covering divorce, probate, civil claims and social security appeals have been used by over 100,000 people, with excellent feedback.
• Over 14,000 people have submitted Social Security and Child Support online appeals against Personal Independence Payment and Employment Support Allowance benefit decisions.
• Appellants can use Track Your Appeal Online, and receive text and email alerts letting them know what is happening.
• A pilot digital service for Immigration and Asylum Appeals was launched to test the use of tribunals case workers in asylum appeals in two hearing centres to reduce delays.

The HMCTS reform programme is part of a wider global movement to shape justice systems around the needs of those who use them. Online services will increase in scale and functionality, and new services will be developed. HMCTS will conduct further testing and piloting of new ways to resolve disputes – all with a view to continually improving the way the courts and tribunals system operates.