Patch Management Process Controls Tier 1 Global Bank

 Client Challenge

After an unsatisfactory internal audit, a global FTSE 100 embarked upon an improvement plan to action process improvements and controls for access management of 70,000 distributed assets globally. With progress stagnating across 20 work streams, the firm engaged TORI to accelerate the programme deliverables. The challenge for TORI was to prove that it could deliver a production line of programme deliverables.

 What We Did

  • Undertook a CMMI assessment to baseline current processes and controls
  • Using collective TORI experiences created “Best Practice” processes and controls
  • Quantified the reality of current state process Controls and produced a gap analysis
  • Delivered process Controls for each gap, documented how they would be executed & allocated to roles
  • Where gaps could not be delivered immediately (e.g. gaps in tools, orchestration), specified  the action to be taken
  • Prioritised Controls based on risk and created the  roadmap for achieving stepped improvements in capability maturity

 Outcome & Results

  • 7 work streams were completed (patch management, monitoring, weak shared folder permissions, non-standard infrastructure, inventory and software agent remediation, security compliance monitoring & remediation, management console access controls and mainframe controls) on time and to budget
  • Client was able to evidence remediated audit points for each function
  • Client initiated a POC of ControlNet software to support monitoring and reporting of controls
  • £5M OPEX cost saving negotiated (a 70% cost saving to the client)
  • A new world-class Data Centre secured