Cyber Security Governance Compliance Assessment

Large UK Financial Service Firm


As a leading governance advisory firm our client places a high value on protection of its
reputation within the financial sector and amongst its clients.

Challenge

Our client is a leading UK financial with a large percentage of clients in the retail sector

A key business driver for the firm is to ensure it can evidence compliance with the FCA information security by July 2017.

As a leading governance advisory firm our client places a high value on protection of its reputation within the financial sector and amongst its clients.

Financial clients are also driven by the rigours of the FCA regime which even prior to Cyber Security was pushing members to evidence greater due diligence of controls in their supplier management practice.

Our client’s business processes require that it is frequently responding to information security controls due diligence from mortgage advisory either as part of a new bid or ongoing supplier management.

Increasingly the questionnaires required evidence that our client is responding to prevailing financial services regulation and legislation.

With this business background and a shortage of available specialist resources our client engaged NS Global to assist deliver of the firm’s cyber risk goverannce project.

What We Did

The engagement has been separated into three phases of Readiness Assessment, Cyber policy framework designed followed by Remediation and cyber risk ware training.

  • Readiness Assessment requires that NS Global subject matter experts from Strategic Risk Governance SME  collaborate with peers on the client side.
  • 8 work streams were established to perform a gap analysis between the current and target compliance state. The work streams are fully aligned to the guidelines of the FCA legislation and the UK Information Commissioners Office (ICO):
  • A risk based governance approach was developed by NS Global to act as both a project dashboard and evidence of the due diligence and rigour in the project
  • The current state assessment required to collect data from multiple sources including flowcharts, data maps, structured interviews, contracts, applications interrogation, audit reports and policy/procedures
  • At every stage the client interaction was fully inclusive and collaboration ensuring the our client has full ownership of the project supported by NS Global subject matter expertise.
  • Leadership, culture and governance
  • Cyber security project structure, due diligence and controls
  • Scope of the cyber risk governance acrorss the organisation
  • Risk management  Third Party Assurance
  • Roles and responsibilities
  • Data Protection Office
  • Process Information Management systems
  • Process and applications analysis
  • Information Security Management systems

The Result

Our client is a leading UK financial with a large percentage of clients in the retail sector

  • The Readiness Assessment phase has complete May 2017.
  • The phase report is :
  • Remediation activities are to be prioritised with factors such as the firms risk appetite and the prevailing compliance guidelines from the FCA and ICO.
  • Full Cyber security compliance status is required by July 2017 and our client will achieve that.

“Confirm the scale of the remediation gap,
 Compile a detailed remediation plan with timescales, roles and costs,
 The prioritisation of the plan is driven by a full risk assessment approach,
 Ensure that controls are in place to ensure the management of the evidence, 
 based due diligence is embedded into firms day to day business operations.”