Category: casestudies

NTT

NTT

“NTT sees the Risklane team as Trusted Advisors who are not afraid to be critical, but at the same time have the capability to contribute to solutions. Thanks to the team for the flexibility and support!”

– Maickel Koenders, Senior Analyst: Regulatory Compliance (NTT)

Summary

NTT Ltd. is a leading global technology services company. Working with organizations around the world, they achieve business outcomes through intelligent technology solutions. For them, intelligent means data-driven, connected, digital, and secure. Their global assets and integrated ICT stack capabilities provide unique offerings in cloud-enabling networking, hybrid cloud, data centers, digital transformation, client experience, workplace, and cybersecurity. As a global ICT provider, they employ more than 40,000 people in a diverse and dynamic workplace that spans 57 countries, trading in 73 countries, and delivering services in over 200 countries and regions.

Challenge

NTT agreed to deliver an ISAE 3402 Type II statement for services specifically delivered to one of her strategic clients. NTT was looking for a partner they could trust to deliver a high-quality consulting assignment to enable NTT to meet its requirements. After preliminary meetings, NTT felt confidant Risklane understood the NTT culture and had the resources to help them deliver. Risklane helped NTT prepare for this SOC assessment. Risklane’s team worked decisively and quickly gained insight into the control landscape of a complex supply chain in a large organization. Nothing short than impressive.

Solution

Together, NTT and Risklane prepared an internal control framework that shows how NTT meets all ISAE 3402 requirements and market/client expectations. The ISAE 3402 control framework shows NTT’s strategic clients how processes and controls are defined and managed.

Results

Eventually, NTT gained insight and practical advice on what it takes to ensure a smooth formal SOC assessment resulting in planning for formal audits. All the controls for internal control are prepared by NTT and Risklane.

Solera | ISAE 3000

Solera | ISAE 3000

Summary

Solera is a software provider in the automotive and insurance industry. Solera’s mission today is ‘to be the 80% intelligence to help customers manage the risk of a collision, mechanical or maintenance repair and service’. Solera provides solutions for general automotive information and information on insurance claims in the automotive industry.

Solera combines existing automotive data with advanced analysis techniques, using the results to make enhancements to their data and create more effective handling of claims. The solutions Solera offers are provided by different applications.

Challenge

All Solera customers should be able to rely on the high standards for security of Solera. The simple question had a complex answer. There is no simple conclusion available since all applications have different application controls.

Solution

We analysed detailed information on each security risk in each application concentrating on uniformity in these risks and aligning the control framework to each risk on a company wide basis. solera was required to report in accordance with ISAE 3000 | SOC2 to the government. We started by implementing the Risklane ControlReports standard and developed a standard approach for Solera which was more efficient and professional than the existing standard.

We are currently in the process of applying statistical and machine learning techniques to model which controls are effective, could be performed more efficient or are redundant. Through hierarchical clustering, we are grouping similar risks together and used our analysis to create an effective control framework, which gives Solera a baseline for more efficient control.

Results

We helped Solera quantify which controls are key for maximising security, and therefore gauge how to invest in the controls that are effective to drive success at lower costs and with less business disturbance. Armed with deeper insights into its risks, Solera is now better equipped to control risks better and report accordingly to customers. – improving both user experience and cost control.

COLT DCS | Risk Control

COLT DCS | Risk Control

Summary

Colt Data Centre Services (DCS) is a carrier neutral data center provider. Colt DCS has been designing, building and operating large scale data centers. Colt DCS provides dedicated data center and data center colocation services across Europa, Asia.

Serving more than 1.000 of the world’s most data-critical industries for security of information in their 24 carrier-neutral data centers across Europe and Asia. Colt DCS’s commitment to embracing new technology has made leader in Data center services in Europe.

Challenge

Colt Data Centre Services (DCS) partnered with us to architect an effective risk management framework in compliance with ISAE 3402 that promoted a clear understanding of the risk control framework by customers, staff and other stakeholders. The Colt risk management framework should be able to evolve and scale for all European Datacenters.

Solution


Bringing both our best practice ISAE 3402 I SOC 1 framework for Datacenters and our Control Reports solution for effective implementation of ISAE 3402, we were able to solve the challenges facing an organization with many different locations in Europe. We designed and built the entire framework, internal procedures which eliminated redundant controls, manage the control framework, and schedule an effective program for providing evidence to the external auditor.

Our skilled risk management team worked with various business areas to implement controls and maximize their value by turning established working procedures into effective controls. By restructuring their risk management and internal control implementation process, Colt Data Centre Services (DCS) was able to increase their efficiency and accuracy, and gather meaningful data on the effectiveness of the control framework.

Results

After implementing both the control framework in compliance with COSO ERM and the Control matrix, we set Colt Data Centre Services internal risk management team up for success with extensive training, documentation, and process guidance, to ensure their risk management and control framework continue to perform to their expectations. By improving productivity, eliminating redundant controls, and improving accuracy, we continue to help them maintain high standards of excellence.

Our elite team of risk management experts not only brought new life to a highly-advanced control framework but also
helped their internal support staff grow their skills and abilities.

Axians | ISAE 3402 | SOC 2

Axians | ISAE 3402 | SOC 2

“My relationship with Conclude Accountants / Risklane goes back some time. Both now and in previous projects, I have experienced the expertise, pragmatism and cooperation as very pleasant. Because we planned to achieve both the ISAE 3402 and the ISAE 3000 within one year, it was essential that we as partners could count on each other. The fact that Risklane / Conclude Accountants has established itself as a sparring partner during the implementation has helped us a lot. This partnership, in combination with the willingness to change, commitment, and motivation of all Axians employees involved, has ensured that we have been able to achieve this result within time and the budget.

A result that both Risklane / Conclude Accountants and Axians can be proud of!”

– Dennis van Hoof, Quality & Risk manager Axians

Summary

Axians is a dedicated ICT brand of VINCI Energies, specialized in IT solutions and services. They support a broad range of clients consisting out of private businesses, public organizations, government agencies, operators, and service providers. Axians offers a broad portfolio of IT solutions and services: business applications and data analytics, enterprise networks and digital workplaces, datacentre and cloud services, telecommunications infrastructure, and cybersecurity.

Axians uses the best technology for their clients to grow and compete in a constantly fluctuating market. People are more important than technology; the human touch is key for Axians.

Challenge

Organizations are increasingly outsourcing services and processes to service providers. Besides, the complexity of laws and regulations has increased. The outsourcing organizations remain responsible for their data and services. This caused a significant rise in the popularity of assurance reports that can provide reasonable assurance that service organizations are in control of their risks. Due to the fact that Axians is constantly striving to supply their clients with qualitative reliable services with the lowest possible risks, it is even more important to implement the ISAE 3402 | SOC 2 Type II report.

The biggest challenge Risklane faced at Axians was to separate the structures performed on a European or global scale, and which processes were performed within Axians Netherlands. The location of the supportive activities performed by Axians, such as the logical access management and the security of external links, have a major impact on the scope of the Axians Netherlands report.

In the end, our goal was not only to provide Axians with a state-of-the-art ISAE 3402 | SOC 2 Type II report but also to support them in taking the step towards risk leadership. Risk leadership is what we define as a critical shift in thinking, where risks are opportunities for improvement which should be met head-on instead of being worked around. As it turned out, this way of thinking matched perfectly with the agile and innovative thinking Axians is known for by their clients.

Solution

Knowing that more organizations are outsourcing their services Axians partnered with Risklane to achieve ISAE 3402 Type II | SOC 2 Type II which are complementary to ISO-certification as ISO 9001, ISO 20000, and ISO 27001. Risklane’s projects always aim to combine the highest standard of reporting in the market with descriptions and processes that are both recognizable for Axians as well as their clients. This required us to get to know Axians’ processes as if they were our own. Through intensive interviews with their employees, we not only succeeded in getting to know the Axians processes but also pinpoint the risks. Knowing the risks we can efficiently describe the control objectives and define effective controls. Our extensive knowledge of the outsourcing services market often allows us to advise our clients about efficiency drives in operations, registration processes, and risk management.

Results

The cooperation between Axians and Risklane resulted in achieving ISAE 3402 Type II and SOC 2 Type II. The result is a direct effect on the business for Axians as it will offer client organizations more certainty that processes are optimized and demonstrable setup and controlled including potential risks. In the end, the reports are successfully audit by Conclude Accountants.