Establish formal IT Governance Disciplines for R&Q
Randall & Quilter (R&Q) is a specialist non-life insurance investor, underwriting manager, captive manager and service provider who has expanded their services into Live underwriting and client servicing. With the increased client focus and regulatory demands, R&Q wanted to improve and formalise its IT Governance and Information Security controls in line with best practice.
The practice was retained to implement improved IT controls and establish their operation. This followed the successful completion of work by Allan Stevens to improve the group’s Business Continuity Plans (BCP) and transfer of critical business systems into outsourced Data Centres to meet recovery time (RTO) and recovery point (RPO) objectives as part of a programme to improve Disaster Recovery (DR) arrangements.
Consultant responsible for designing a formal IT Governance framework, implementing appropriate IT controls and establishing these as part of Business As Usual activities together with management oversight that controls were being completed.
The framework and controls were aligned to ISO27001 and Cobit which were reviewed and endorsed by UK IT Governance specialists and audit representatives of a US state regulator.
Key to completing this work was developing and educating the R&Q Information Security Manager (appointed internally to fulfil the ongoing role), training staff and management in the control requirements, establishing a filing system to retain evidence of control achievement, and developing a schedule for management review.
This work included the revision of, and where necessary, development of group-wide Policies and Procedures to achieve designed IT controls, as well as selecting and implementing solutions for Security Incident and Event Management (SIEM).
The framework and controls were established and embedded within Business As Usual processes, and the management of the framework was handed over to R&Q management for ongoing operation and continuous improvement.