Net Defence is the Managed Service and Systems Integrator arm of the £200m Ogilvie Group, whose interests range from construction, fleet finance, and surveying over multiple UK locations and with over six hundred staff. In an increasingly regulated world where data is king, and protecting it is becoming increasingly challenging and critical, Net Defence was looking for a way to enable different parts of the Group to mitigate and manage security risk, international standards and the exacting regulatory rules of different vertical sectors in the most effective way.
In deciding on the approach that it would take to achieve this, ND considered the enormous amount of disparate regulations that the group was subject to, the International Standards that were increasingly becoming important to Group customers and the triangulation and cohesion of information needed to establish the single governance picture that would be required for the efficient oversight of all these things. It also wanted to be able to standardise its approach as much as possible both to internal and external customers. This it felt would not only simplify but also reduce the cost of oversight and reporting. To do this, it knew it would need to take into account the diversity of organisational types involved but as much as possible establish repeatable best practices for organisations to follow.
Harnessing the advice and best practice of its in-house experts and the guidance of International Standards in an efficient and scalable way would also require a systemised approach. Its opinion was that an approach like this would enable the level of scrutiny and reporting to be increased without the usual linear impact on costs. ND also recognised that many group and external customers would not immediately meet the requirements of every standard pursued or regulation announced. The ability to manage gaps and track remediation projects at the same time would also be therefore be important.
Net Defence found the answer to its questions lay in the capability of PRIMED to harness the guidance of the Subject Matter Expertise within the connected, flexible and automated data model offered by PRIMED. Able to capture, cross relate and report against each of the many controls related to ISO 27001, ISO 90001, and ISO 22301, Net Defence added oversight questions, gap analysis reports, and remediation tracking protocols into PRIMED. It then added Financial Conduct Authority controls and protocols too. These included oversight routines for regulations like SM and CR, Anti Money Laundering, and Vulnerable Customers.
Now Net Defence manages and oversees governance across several Group and external customers encompassing multiple regulations and standards, all from the same single but expansive instance of PRIMED and without the need to apply any more resources.
“I have managed the path to lots of different levels and natures of compliance in my time,” said Neil Smith, Senior Compliance Consultant at Net Defence. I would estimate that PRIMED removes around 60 percent of the administrative and reporting overhead. It is not difficult to deploy or use and my experience so far is that it can be turned to address almost any oversight or reporting challenge. We have deployed PRIMED across the group and to our wider customer base to handle ISO 27001 & 22301 and have plans to do so for ISO 90001 soon too. We are also managing multiple regulations using PRIMED across a number of customers too and all of this is being managed simply and easily from a single system” Debra Cairns, Managing Director for Net Defence added. “The ability to manage regulatory obligations, International Standards and cyber security protocols more effectively was until PRIMED limited by the amount of resource available. With PRIMED the possibilities are no longer limited by visibility and oversight capacity which is game changer for compliance professionals”