Our client, a large regional bank, needed to do a comprehensive security and controls review across their vendor group. The bank’s compliance organization was heavily tasked keeping up with all the regulatory changes and needed a firm to come in and develop a plan to get the vendor reviews current.
Orion Solutions provided an IT security consultant with extensive experience in the banking industry, and particular experience in IT vendor management. The consultant developed a multi-pronged approach for the project. The first phase included a review of SOC reports and determination of the impact of identified weaknesses. For the second phase, our consultant went to a variety of hacker sites where information on hacked companies is shared. The consultant learned that the majority of our client’s vendors had been hacked, and many of the hacked services had the potential to impact our client. In many cases these vendors had not communicated the exposure.
Orion Solutions completed the evaluation of each IT vendor and got the client current with all their key relationships. In addition, we built a report that ranked the vendors by the degree of exposure risk and the extent of identified hacking activity to allow management to make informed decisions about which vendors should remain and which required remediation to stay with the client.