Choose your language:

Hong Kong
New Zealand
United Kingdom
United States

Leading an In-Depth Security Audit for a Banking and Financial Services Organization

Financial Services | Network Infrastructure Staffing, Network Services

Download PDF

One of the largest banking and financial services organizations in the world engages TEKsystems for a mission-critical data security initiative.

Headquartered in London, this client is one of the largest banking and financial services organizations in the world. The company’s network comprises more than 8,000 offices in 87 countries and territories in Europe, the Asia-Pacific region, the Americas, the Middle East and Africa. This client provides a comprehensive range of financial services to nearly 100 million customers through global customer and business groups. TEKsystems has partnered with this client since 1998.
Security Risk Management Policies and Procedures, NPPI, Network Diagrams, Gap Analysis, Risk Assessment, IT Audit, GLBA

Following the financial crisis of 2009, the regulatory pressures on financial institutions were at a fever pitch. Banks were under increasing pressure from a number of federal regulatory bodies, including the U.S. Office of the Comptroller of Currency (OCC). The OCC was focused on how well banking institutions governed and protected their customers’ Non-Public Personal Information (NPPI). NPPI includes data such as Social Security numbers, addresses and other personal information. The OCC not only stipulates the review of the bank’s internal governance processes and systems, but also all third party vendors that the bank chooses to utilize. Under this requirement, all vendors that support our client had to validate their governance practices with regard to the protection of customer NPPI data.

After an initial analysis of its vendor relationships, the client determined it would need to conduct more than 400 individual vendor reviews. Further, the number was expected to grow based on the evolving regulatory landscape. These vendor reviews would require on-site visits and the client was challenged by an existing staff that did not have the required technical background, knowledge or strength of numbers to conduct these reviews in the short timeline stipulated by the OCC.

The client needed a team of experienced information security specialists to conduct the audits. In addition to the just-in-time resources required to meet the project deadlines, the client also required the direct placement of long-term resources for ongoing operational support beyond the life of this project. For this reason, the client opted to partner with TEKsystems based on our auditing competency, IT security consulting, ability to fill needs for short-term bursts as well as support services for ongoing direct placement needs.

TEKsystems deployed a dedicated project team of eight IT security consultants who possessed specialties in information security and risk assessment. This team traveled to several U.S. locations to audit the client’s 400+ active vendors and to make recommendations to remediate the gaps identified in each security review. The project manager appointed by TEKsystems acted as the team lead and served as a single point of contact between the client’s management team and the TEKsystems project team. The project manager also handled administrative and logistics related to the project team.

Our team evaluated client records to identify what services the vendor performed and what customer information the vendor was privy to. Next, the team analyzed the findings and conducted a follow-up phone interview with the vendor to review and validate the scope of work needed to close the gap in data governance. Spending an average of 2.5 days on-site, the team accessed each vendor’s network diagrams, security policies and procedures and its processes around protecting NPPI data. Finally, the team rendered an assessment detailing the level of risk the client was exposed to as a result of the vendor’s practices. The final document was subject to a peer review and then published internally for the client’s records and regulatory review.

The client reports that the TEKsystems team completed this project ahead of time and under budget. The success of this initiative was a critical milestone in the TEKsystems relationship with this client. Historically, the client used another professional services firm for this type of initiative, but TEKsystems was able to provide an alternative option that allowed for equally qualified resources delivered on an accelerated deployment schedule, at a more competitive cost structure. By partnering with TEKsystems instead of its incumbent vendor, the client realized 26 percent cost savings totaling more than $450,000.

The client also recognized that effective utilization of its TEKsystems resources ensured a high level of knowledge transfer, a repository of in-house expertise and continuity of process and methodology. All eight of the original TEKsystems specialists remain as active members of this project team, with six of them converted to full-time employees. The remaining two members of the team are engaged with the client as consultants and we have since deployed another six consultants who now support the client’s ongoing third-party security program. The client has tapped TEKsystems for additional projects and we will continue to provide resources in response to the client’s human capital support needs.

Send Us a Message
Choose one