Author: securance

NTT

“NTT sees the Risklane team as Trusted Advisors who are not afraid to be critical, but at the same time have the capability to contribute to solutions. Thanks to the team for the flexibility and support!”

- Maickel Koenders, Senior Analyst: Regulatory Compliance (NTT)

Summary

NTT Ltd. is a leading global technology services company. Working with organizations around the world, they achieve business outcomes through intelligent technology solutions. For them, intelligent means data-driven, connected, digital, and secure. Their global assets and integrated ICT stack capabilities provide unique offerings in cloud-enabling networking, hybrid cloud, data centers, digital transformation, client experience, workplace, and cybersecurity. As a global ICT provider, they employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries, and delivering services in over 200 countries and regions.

Challenge

NTT agreed to deliver an ISAE 3402 Type II statement for services specifically delivered to one of her strategic clients. NTT was looking for a partner they could trust to deliver a high-quality consulting assignment to enable NTT to meet its requirements. After preliminary meetings, NTT felt confidant Risklane understood the NTT culture and had the resources to help them deliver. Risklane helped NTT prepare for this SOC assessment. Risklane’s team worked decisively and quickly gained insight into the control landscape of a complex supply chain in a large organization. Nothing short than impressive.

Solution

Together, NTT and Risklane prepared an internal control framework that shows how NTT meets all ISAE 3402 requirements and market/client expectations. The ISAE 3402 control framework shows NTT’s strategic clients how processes and controls are defined and managed.

Results

Eventually, NTT gained insight and practical advice on what it takes to ensure a smooth formal SOC assessment resulting in planning for formal audits. All the controls for internal control are prepared by NTT and Risklane.

Solera | ISAE 3000

Summary

Solera is a software provider in the automotive and insurance industry. Solera’s mission today is 'to be the 80% intelligence to help customers manage the risk of a collision, mechanical or maintenance repair and service'. Solera provides solutions for general automotive information and information on insurance claims in the automotive industry.

Solera combines existing automotive data with advanced analysis techniques, using the results to make enhancements to their data and create more effective handling of claims. The solutions Solera offers are provided by different applications.

Challenge

All Solera customers should be able to rely on the high standards for security of Solera. The simple question had a complex answer. There is no simple conclusion available since all applications have different application controls.

Solution

We analysed detailed information on each security risk in each application concentrating on uniformity in these risks and aligning the control framework to each risk on a company wide basis. solera was required to report in accordance with ISAE 3000 | SOC2 to the government. We started by implementing the Risklane ControlReports standard and developed a standard approach for Solera which was more efficient and professional than the existing standard.

We are currently in the process of applying statistical and machine learning techniques to model which controls are effective, could be performed more efficient or are redundant. Through hierarchical clustering, we are grouping similar risks together and used our analysis to create an effective control framework, which gives Solera a baseline for more efficient control.

Results

We helped Solera quantify which controls are key for maximising security, and therefore gauge how to invest in the controls that are effective to drive success at lower costs and with less business disturbance. Armed with deeper insights into its risks, Solera is now better equipped to control risks better and report accordingly to customers. - improving both user experience and cost control.

Fujitsu I ISAE 3402

Summary

Fujitsu delivers total solutions in the information- and communication technology industry. The comprehensive business of Fujitsu encompasses the development, manufacture, and operations of cutting-edge, high-quality technologies that make high-quality services possible.

Fujitsu delivers total solutions in the field of information and communication technology. Along with multifaceted services provision, our comprehensive business encompasses the development, manufacture, sales, and maintenance of the cutting-edge, high-quality products and electronic devices that make these services possible.

Since 2015, Risklane has partnered with Fujitsu, introducing and expanding the company’s risk management reporting. From management services to application and housing services, Fujitsu can boast the undisputed best-in-category risk management in Europe.

Challenge

Traditionally, managed services have relied on effective and efficient management of services at the lowest risks. An integrated approach focusing on an organization-wide consistent risk management methodology as required by the management of Fujitsu. Not surprisingly, this required improvement of procedures, working methodology, and leadership involvement.

Solution

Recognizing the growing demand for transparency of risk management and internal control, Fujitsu decided to partner with Risklane to bring this capability to the Netherlands. In 2015, Risklane launched the Fujitsu Risk Management framework in compliance with ISAE 3402. Risklane designed, developed, and continues to support Fujitsu’s risk management framework and prepared the generic and customer-specific SOC reports.

Results

With the help of the ISAE 3402 reporting, Fujitsu became the #1 management services provider in the Netherlands with a 95% recommendation score. Fujitsu’s risk management strategy and transparency thereon have been a major driver of the company’s impressive business success.

COLT DCS | Risk Control

Summary


Colt Data Centre Services (DCS) is a carrier neutral data center provider. Colt DCS has been designing, building and operating large scale data centers. Colt DCS provides dedicated data center and data center colocation services across Europa, Asia.

Serving more than 1.000 of the world’s most data-critical industries for security of information in their 24 carrier-neutral data centers across Europe and Asia. Colt DCS’s commitment to embracing new technology has made leader in Data center services in Europe.

Challenge

Colt Data Centre Services (DCS) partnered with us to architect an effective risk management framework in compliance with ISAE 3402 that promoted a clear understanding of the risk control framework by customers, staff and other stakeholders. The Colt risk management framework should be able to evolve and scale for all European Datacenters.

Solution


Bringing both our best practice ISAE 3402 I SOC 1 framework for Datacenters and our Control Reports solution for effective implementation of ISAE 3402, we were able to solve the challenges facing an organization with many different locations in Europe. We designed and built the entire framework, internal procedures which eliminated redundant controls, manage the control framework, and schedule an effective program for providing evidence to the external auditor.

Our skilled risk management team worked with various business areas to implement controls and maximize their value by turning established working procedures into effective controls. By restructuring their risk management and internal control implementation process, Colt Data Centre Services (DCS) was able to increase their efficiency and accuracy, and gather meaningful data on the effectiveness of the control framework.

Results

After implementing both the control framework in compliance with COSO ERM and the Control matrix, we set Colt Data Centre Services internal risk management team up for success with extensive training, documentation, and process guidance, to ensure their risk management and control framework continue to perform to their expectations. By improving productivity, eliminating redundant controls, and improving accuracy, we continue to help them maintain high standards of excellence.

Our elite team of risk management experts not only brought new life to a highly-advanced control framework but also
helped their internal support staff grow their skills and abilities.