Keeping An Eye On The Front Door

One of Australia’s largest manufacturing organisations has a complex IT infrastructure. Critical IT security services were in place throughout the technology environment but the sheer volume of detailed reporting made it difficult for management to see the real picture.
Long-term IT services partner, CSC, recommended and implemented a more user-friendly approach to IT security service compliance reporting.

CSC delivers security services across the IT infrastructure managed for the company and wanted to provide assurance and a clear view that all necessary security services were in place.

The Challenge

The company’s IT management had relied on spreadsheets of detailed data to determine how well their IT infrastructure was complying with security standards – such as whether the latest versions of Anti Virus software had been deployed.

Analysing the detailed data was time consuming and didn’t always allow them to prioritise areas for attention, or identify the most compelling issues.

What was missing was a ‘big picture’ view that represented the detail in a form that all the stakeholders could share, whether they had deep technical knowledge or not.

The Solution

CSC proposed its “Compliance Assurance Program” (CAP) to deliver regular, reliable reporting in a more user-friendly format.

Importantly, CAP provides pictorial and graphic representation of data across the range of security services.

Working collaboratively with the company’s IT Security Risk and Operations management over two months, CSC tailored CAP to identify key security requirements and areas of any concern for the company. The team then undertook a conversion and realignment implementation.

The goal was to give the company a bird’s eye view that they could trust, and which they could take to other parts of the business as they saw fit - a view that made sense to the whole organisation.

The Results

CAP delivered a targeted, meaningful, holistic, accurate, and timely communication tool that provides key messages to the customer and supports a cycle of continuous improvement.

CAP integrated successfully into the company’s existing technologies and processes to support informed decision making.

The overall result has been an increased focus on remediation and the implementation of new processes to assist the company’s business objectives.

As just one example, desktop patching compliance experienced a significant improvement soon after the program was implemented, and is now delivering consistently high compliance metrics.

“The compliance reports are just about everything that we asked for - accurate, whole, timely, and understandable and they maintain their integrity over time” said th customer's IT Manager.

Both the customer and the outsourcing partner benefit from the CAPS compliance assurance program at CSC, because they have a source of trusted information that can be acted on, shared and re-used to show both areas of excellence and issues that need to be addressed.

CSC knows the importance of building and maintaining the trust of its customers and we wanted to demonstrate how well the environment, which includes over 5,000 end points, was being managed.

“We needed to provide executives with assurance that their system is robust, that appropriate preventive strategies are being implemented across their applications and infrastructure, and that their critical IT security systems are being effectively managed” said Howard Evans, CSC's Security Manager.