Establish formal IT Governance Disciplines for R&Q
Randall & Quilter (R&Q)Â is a specialist non-life insurance investor, underwriting manager, captive manager and service provider who has expanded their services into Live underwriting and client servicing.Â With the increased client focus and regulatory demands R&Q wanted to improve and formalise its IT Governance and Information Security controls in line with best practice.
The practice was retained to implement improved IT controls andÂ establish their operation. This followed theÂ successful completion of work by MSPSL to improve the groupsÂ Business Continuity Plans (BCP) and transfer of critical business systems into outsourced Data Centres toÂ meet recovery time (RTO) and recovery point (RPO) objectivesÂ as part of a programme to improve Disaster Recovery (DR) arrangements.
Consultant responsible for designing aÂ formal IT Governance framework,Â implementing appropriate IT controls and establishing these as part of Business As Usual activities together with management oversight that controls were being completed.
The framework and controls were aligned to ISO27001 and Cobit which were reviewed and endorsedÂ by UK IT Governance specialists andÂ audit representatives of a US state regulator.
Key to completing this work was developing and educating the R&Q Information Security Manager (appointed internally to fulfil the ongoing role), training staff and management in the control requirements,Â establishing a filing system to retain evidence ofÂ control achievement, and developing a schedule for management review.
This work included the revision of, and where necessary, development of group wide Policies and Procedures to achieve designed ITÂ controls, as well as selecting and implementing solutions for Security Incident and Event Management (SIEM).
The framework and controls were established and embedded within Business As UsualÂ processes, andÂ theÂ management ofÂ the framework was handed over to R&Q management for ongoing operation and continuous improvement.