The Situation
The Technology Risk department of a premier US bank, faced with increased regulatory scrutiny, needed to quickly streamline and standardize its information security policy management program. A lack of program management methodology and tools was resulting in inconsistencies in documentation and a large backlog of outdated materials.
The Satori Solution
We supplied tools for automatic document status tracking and for real-time dashboard management reporting. We also created standardized templates for the firm’s security standards. Applying these templates resulted in elimination of numerous inconsistencies across high-level standards applicable throughout the firm’s technology infrastructure and platform-specific standards.
We mapped the firm’s high-level standards to the industry standards, such as the Information Security Forum’s Standard of Good Practice. This resulted in improved coverage of the risk areas, providing a roadmap for the regulators’ assessment of the firm’s documentation.
We also coordinated the creation of a Technology Governance Handbook for the firm’s entire Technology Organization. The Handbook articulated the setup and underlying philosophy of Technology Division governance and proved essential for internal reference and regulatory inquiries.
The Results
By establishing clear metrics for the program, Satori helped the client decrease the number of out ated documents from 75% to 8%. Our efforts were instrumental in streamlining the client’s information security policy program and helped it become the information security leader among financial services firms.