Information Security Policy and Procedures Development
Assist a major financial services firm with multiple offices in North America and Europe in developing all required information security policies and procedures for their growing regulatory compliance reporting requirements..
Challenges & Needs
Client was receiving numerous requests for validation of compliance with Gramm-Leach-Bliley, NYCRR 500, SEC cybersecurity rulings, GDPR, and general FFIEC best practices. Furthermore, client was being required to perform an annual SOC 1 SSAE 18 assessment for internal controls relating to financial reporting. Additional challenges included the following:
- No expertise in authoring Information Security Policies and Procedures: Authoring InfoSec security documents wasn’t high on the list on anyone’s “to do list”, and worse, none of the internal employees really had any experience in writing policies and procedures.
- The Client had No Existing Templates to Work with: With a large number of regulatory compliance requirements calling for documented InfoSec policies, the clients was unprepared in identifying and determining which security templates to obtain, and from whom.
- Current Documentation was Inadequate! The client had challenges when it came to using their existing information security policies and procedures as a baseline because the documentation was so poorly written. The InfoSec policies were old, written almost 7 years ago with no updates!
- Nobody Wanted to Step Forward and Take Ownership: Authoring security policies was seen as mundane and time-consuming task. This resulted in little interest from existing employees when it came to authoring such documentation.
FLANK put together a comprehensive plan-of-action for developing all required information security policies and procedures for both regulatory compliance, and InfoSec best practices. Using our world-class policy templates, we performed the following:
- We met with existing employees to gain a much stronger understanding of the client’s processes and procedures, ultimately allowing us to document all of the information with newly developed information security policies and procedures.
- We moved quickly and efficiently, getting the answers we needed, while also offering recommendations on improving upon our client’s control environment. This allowed us to develop high-quality documentation, while incorporating new processes and procedures into their control environment. It was a win-win!
- Developed all necessary information security policies for regulatory compliance, and also for InfoSec best practices.
- Created a comprehensive set of compliance policies that were without question needed and lacking!
- Saved the client hundreds of hours of tedious and taxing InfoSec policy development..
- Adoption of a corporate culture that now understands the real the value of security policies and procedures – and regulatory compliance!
- Massive savings in terms of time and money spent on information security policies and procedures development.!
FLANK provides comprehensive information security and regulatory compliance and consulting services & solutions for controllers and processors all throughout the globe. Whatever your information security and regulatory compliance needs are – from documentation to expert advices – we have the expertise for helping you every step of the way.