We were approached by a high-tech service provider that created a caller authentication service designed to help companies reduce the time required to verify a customer’s identity when calling into their help center. The client sold this service to large banks, but it did not have a program in place to meet financial institutions’ specific due diligence requirements.
We performed an advisory project to assist the client with implementing a data security program that addressed each requirement. Upon completion, the client was able to meet the necessary requirements of each bank and was subsequently able to sell its service. We continue to consult with this client to advise on additional due diligence requirements, and we help them ensure that management stays in front of evolving compliance and data security standards.
ABC Company is a database administration service provider that remotely manages client databases. ABC Company faced customer requirements to obtain a SOC 2 report and PCI certification. During our initial discussions with the client, we learned that the company had not finished its PCI compliance certification process with its current qualified security assessors in five years. This was largely due to miscommunications between the consulting firm and ABC Company.
We contracted with ABC Company to perform SOC 2, PCI certification, HITRUST, and Vulnerability and penetration testing services. This allowed ABC Company to meet its customer requirements through the work of one provider that successfully performed each service.
The value of utilizing one firm for essential projects like these has created efficiencies for ABC Company and helped the company save considerably on professional fees. Additionally, by implementing a one audit approach to meet all of its compliance and regulatory requirements, our work helped ABC Company dramatically reduce the internal time required for these projects.