Ensuring Smooth & Secure Transition to New Core Banking System as Trusted Cybersecurity Partner to Cambridge Building Society

Cambridge Building Society (The Cambridge) is an independent mutual society which has been committedly serving the community since 1850. Currently their assets stand over £1.12bn, and in order to maintain their status as a trusted home for people wishing to save, The Cambridge is always looking for new ways to improve its security.


  • Clear collaboration between
    Commissum, The Cambridge and all parties involved to ensure thorough eradication
    of risks
  • Commissum’s tailored and adaptable approach met The
    Cambridge’s needs throughout the project
  • Clear reports distributed
    by Commissum to both technical and non-technical members of the project
    team were easily interpreted by all
  • Smooth, secure transition from
    old systems to cutting-edge applications and infrastructure thanks to Commissum

The Challenge

In late 2014, The Cambridge was in
the process of transitioning to a new core banking system provider. Being
a financial institution, The Cambridge takes information security extremely
seriously, therefore a critical component of the transition process was
to verify the security of the new system was not vulnerable in any
way to threats; it was vital that the applications and infrastructure
hosting the new services were secure in order to facilitate adequate
protection of The Cambridge’s members.

Commissum was invited
to take part in a formal tender process, and following successful participation,
were tasked by The Cambridge to provide an initial test plan and ongoing
security programme which would provide a robust level of assurance pre
go-live and give The Cambridge confidence in the new infrastructure’s ability
to provide a sound platform for the society to work from in the future.

order to carry out the work, Commissum would have to collaborate with
all involved parties and The Cambridge to ensure a comprehensive understanding
of the platform and any potential risks or threats attached. This required
a tailored approach from the start, and Commissum would have to be
versatile enough to answer The Cambridge’s unique needs for the duration
of the project.

“It’s fair to say that from the first security tests
that Commissum performed, they have exceeded our expectations in some
notable areas. This has led us to partner with Commissum past our initial
engagement. The service we receive from our account manager and the
testing team remains as effective as the day we reached our agreement
and we had no hesitation in recommending Commissum as a security partner.”

Haynes, IT Manager at Cambridge Building Society

Service Provided

The Cambridge’s IT Manager, Dan
Haynes, was impressed at Commissum’s versatility throughout the project
as Commissum had structured all testing to meet the needs of The Cambridge
specifically rather than trying to apply a rigid, one-size-fits-all
testing regime from start to finish. The project was entirely constructed
to fit The Cambridge’s unique requirements.

There was zero margin
for error throughout the project, being that the applications involved
were to be put into practice on The Cambridge’s members’ assets right
away. Commissum understood that the security of the mortgages and savings
of The Cambridge’s customers was of absolutely the highest priority, and
all tests were rigorous and thorough to ensure comprehensive eradication
of threats.

The security work undertaken on the core system
application would determine if and when The Cambridge would take the project
forward and eventually on to customers, so reports from Commissum were
distributed to both technical and non-technical members of the project
team. Dan explained that thanks to Commissum’s clear, concise, yet
descriptive reporting, non-technical staff were able to quickly grasp
the seriousness of any issues raised without need for extra technical
knowledge. At the same time, Commissum’s reporting contained ample
information for technical members of staff and third parties to understand
and address any issues in a timely manner. This streamlined the entire
process whilst also giving The Cambridge’s employees full transparency on
the project.

Thanks to Commissum’s input in the project, The Cambridge
was able to provide members and staff with a seamless transition to the
new systems and infrastructure, whilst ensuring completely watertight
protection of data. The service and support throughout the project
led to The Cambridge electing to partner with Commissum on projects
beyond the initial engagement.

Commissum are experts in building society information
security. If you are looking to improve security at your financial organisation,
please get in touch.