Securing a Historic Legacy with Cyber Essentials

The Carnegie Dunfermline and Hero Fund Trust is an endowment trust established by philanthropist Andrew Carnegie in 1903 to enrich the lives and environment of the Dunfermline community where he was born and raised.

One of more than 20 Carnegie foundations worldwide, it is governed by a Royal Charter and a Board of twenty Trustees.

Today, the Trust brings together three charitable purposes under one organisation. The Dunfermline Trust awards grants to local charities and organisations across arts, education, sport and community projects. The Hero Fund recognises civilian acts of bravery across the UK, and the Trust also runs the Andrew Carnegie Birthplace Museum, preserving the legacy of one of Scotland’s most influential philanthropists.

With responsibility for sensitive data and GDPR compliance, the Trust aimed to strengthen its cyber security posture and reduce the risk of cyber attacks.

Trustees also wanted to minimise the organisation’s exposure to cyber risk and qualify for lower cyber insurance premiums by completing the accreditation.

Although the Trust already partnered with Grant McGregor for day-to-day IT support, Cyber Essentials initially felt complex for a small internal team. They needed a clear, supported route to certification that would improve security without adding pressure.

Grant McGregor provided a guided, clear route to Cyber Essentials certification and annual renewal:

• One-to-one guidance from an experienced consultant, translating requirements into clear, actionable steps.
• Policy and documentation support to align existing practices with the scheme.
• Practical security improvements, including a password manager, multi-factor authentication (MFA) and structured software and device updates.
• User awareness training with phishing simulations and regular tips to build everyday vigilance.
• Renewal support each year, explaining question set updates and highlighting areas needing attention.