Commissum

Strategic Security Review
Professional Institute



Legal GraphicThe Client

The Institute acts as the country’s governing body for a distinguished professional services sector and as such its reputation for information assurance and service delivery is always under public scrutiny.

Client Requirement and Business Drivers

As the Institute continues to increase its reliance upon IT to deliver an expanding set of services in accordance with its own business objectives, it was imperative that the latest IT strategy focused on the real priorities and resulted in making the correct high-level technical decisions.

The client therefore decided that it was essential to engage with an independent, expert advisor to analyse the three strategic initiatives that were crucial to the continued success of the Institute.

The business drivers for this engagement can be summarised as follows:

  • The client’s IT strategy focused on interpreting the business objectives and aligning to it. The client sought assurance that the alignment of the proposed IT strategy was justifiable and appropriate
  • The client had identified a significant infrastructure upgrade project; a high level of confidence had to be established within the business, to ensure that the project would meet the tight business driven timescales, budget constraints and agreed deliverables
  • Server virtualisation was considered as part of the infrastructure project as the Institute recognised the many advantages to be gained; the client wished to establish that the proposition from the potential vendor would deliver projected benefits
  • The client recognised the potentially disastrous impact on brand and reputation that would arise from any security related incident; in the context of the business plans, advice was sought on updating of the Institute’s policies, procedures and technical safeguards to protect their reputation

Recognising the importance of the right specialist expertise, together with the need for objectivity and independence Commissum was engaged to meet the strategic, business and technical security related objectives of the project within tight timescales set by the business.

Services Provided

The assignment delivered services in three areas:

IT Strategy & Business Alignment

Commissum thoroughly reviewed the existing IT strategy and related documents, such as business plans, policy and procedure handbooks, and current budget plans.

Interviews were conducted with business sponsors and keyIT staff to establish objectives, both explicit and underlying, of the IT service delivery and the alignment of the IT strategy to the business strategy.

A thorough management and technical evaluation of the proposed strategy was undertaken which challenged some of the assumptions and directions that were being proposed.

A report was written that encompassed a review on all management and technical aspects of the IT strategy, making recommendations for improvement in the context of the broader challenge of maximising the value of the IT function to the business.

Advice on Virtualised Architecture

Commissum technical consultants reviewed both the rationale for the new virtualised architecture and the 3rd party proposal for installation and commissioning of the virtualised architecture.

Potential risks identified from the proposal were highlighted to the Institute along with steps to mitigate them to a level appropriate.

Review of Policies & Procedures

The existing documentation set was reviewed and many of the policy statements challenged and a more structured policy framework recommended along with the delivery of improved policy templates.

Commissum continues to provide security assurance services to the Institute as a trusted security partner.