Assist a major financial services firm with multiple offices in North America and Europe in developing all required information security policies and procedures for their growing regulatory compliance reporting requirements..

GDPR Compliance Case Study for Download

Challenges & Needs

Client was receiving numerous requests for validation of compliance with Gramm-Leach-Bliley, NYCRR 500, SEC cybersecurity rulings, GDPR, and general FFIEC best practices. Furthermore, client was being required to perform an annual SOC 1 SSAE 18 assessment for internal controls relating to financial reporting. Additional challenges included the following:

  • No expertise in authoring Information Security Policies and Procedures: Authoring InfoSec security documents wasn’t high on the list on anyone’s “to do list”, and worse, none of the internal employees really had any experience in writing policies and procedures.
  • The Client had No Existing Templates to Work with: With a large number of regulatory compliance requirements calling for documented InfoSec policies, the clients was unprepared in identifying and determining which security templates to obtain, and from whom.
  • Current Documentation was Inadequate! The client had challenges when it came to using their existing information security policies and procedures as a baseline because the documentation was so poorly written. The InfoSec policies were old, written almost 7 years ago with no updates!
  • Nobody Wanted to Step Forward and Take Ownership: Authoring security policies was seen as mundane and time-consuming task. This resulted in little interest from existing employees when it came to authoring such documentation.

Our Solution

FLANK put together a comprehensive plan-of-action for developing all required information security policies and procedures for both regulatory compliance, and InfoSec best practices. Using our world-class policy templates, we performed the following:

  • We met with existing employees to gain a much stronger understanding of the client’s processes and procedures, ultimately allowing us to document all of the information with newly developed information security policies and procedures.
  • We moved quickly and efficiently, getting the answers we needed, while also offering recommendations on improving upon our client’s control environment. This allowed us to develop high-quality documentation, while incorporating new processes and procedures into their control environment. It was a win-win!

Challenges Solved

  • Developed all necessary information security policies for regulatory compliance, and also for InfoSec best practices.
  • Created a comprehensive set of compliance policies that were without question needed and lacking!
  • Saved the client hundreds of hours of tedious and taxing InfoSec policy development..

Value Created

  • Adoption of a corporate culture that now understands the real the value of security policies and procedures – and regulatory compliance!
  • Massive savings in terms of time and money spent on information security policies and procedures development.!


FLANK provides comprehensive information security and regulatory compliance and consulting services & solutions for controllers and processors all throughout the globe. Whatever your information security and regulatory compliance needs are – from documentation to expert advices – we have the expertise for helping you every step of the way.

GDPR Compliance Case Study for Download