Third-Party Security Compliance
Financial Services Company
Business Challenge
A New York-based financial services giant, like many institutions, has turned to third-party service providers (TSPs) to help deliver services quickly and at low cost. While these providers offer considerable benefits, they also have potentially dangerous access to the systems, transactions and sensitive customer data that our client relies on to meets its business goals.
Under current regulations, financial service firms are responsible for maintaining security controls for regulated data, even when outsourcing key business functions to TSPs. As a result, our client finds itself spending tremendous amounts of time and money performing security audits of TSPs to ensure compliance. These audits were frequently becoming a bottleneck in the development of IT projects, lengthening the time to market for new services.
Across the organization, the client identified more than 1500 TSPs to be, underscoring the huge amounts of data that needed to be processed and reported in a consistent format. The work effort represented an enormous challenge for resource-constrained Risk Managers.
Solution
Acumen Solutions' TSP Security Audit helps companies audit and report on the security controls in place at their providers at a fraction of the cost associated with traditional risk assessments. The streamlined process makes Acumen Solutions' audit the fastest, most efficient and cost effective solution available, providing accurate, relevant, and highly useful results.
Using RSAM© security assessment and compliance software from Relational Security Corporation, Acumen Solutions created custom tools specifically for TSP audits. These tools, based on rules developed by the Banking Industry Technology Secretariat (BITS), allowed Acumen Solutions consultants to audit TSPs rapidly and accurately, producing detailed reports suitable for submission to internal or external auditors at a competitive cost.
The TSP Security Audit covers all of the key providers in use at your firm, including:
- Application Service Providers
- Data Feed Providers
- Managed Service Providers
- Transaction Service Providers
- Outsourcers
- On-Site Services (guards, cleaning, repair)
- Data Storage Providers
Return on Investment
The results of the TSP Security Audit included a detailed folio, ready for internal or external auditors, with a consistent assessment scoring and findings report methodology for all TSPs. In addition, the powerful RSAM database and web interface provided the ability to track and analyze trends in compliance over many years or the length of a service agreement.