The Society (as with other Financial Institutions) had been requested by regulators to improve its IT Risk and Control Frameworks relating to contract submissions.
As part of this call-to-action, the 2LoD was required to work in conjunction with 1LoD, to ensure the content quality as well the timescales satisfied the requirements as stipulated by the regulator.
What We Did
As part of the project, the team conducted a review on:
- Existing Policies, procedures and practices related to Cybersecurity and IT Risk Control
- Point of failures of incidents registered during a period of time (payments)
- Service management provided by the supplier and controls that other vendors will need to implement to avoid downtime
- Digital payments (new front-end): high level risk and security analysis
Outcome & Results
The team provided assistance to the 2LoD on:
- Determining the Point of failure to the payments incidents registered
- Made recommendations and calls to actions to address the points of failure
- Reviewed existing policies, procedures and practices to identify additional vulnerabilities
- Indicated key risk elements to be considered by the Senior Management to actively manage/control critical suppliers