Client Challenge
The client’s Internal Audit function identified gaps and breaches against internal standards and regulatory requirements related to managing sensitive confidential information in a non-production environment.
The organisation embarked on an anonymisation project, allocating resources for several months to minimise the risk of data being exposed.
The client needed to accelerate the remediation programme and engaged TORI to expedite the process.
What We Did
TORI provided an independent Risk Assessment for all elements related to managing sensitive data in different environments:
-
Reviewed practices related to managing confidential and sensitive data in a Production and Non-production Environment
-
Challenged the direction and approach taken to remediate the gaps identified by Internal Audit
-
Risk & Compliance advisory: indicating possible regulatory breaches and consequences for the organisation if they continued with the existing approach
Outcomes & Results
As a result of the analysis, the team provided a detailed risk report containing:
-
Critical regulatory and operational elements required to manage sensitive data in a non-production environment
-
STOP, START and CONTINUE actions related to the existing remediation programme and the consequences of failing to comply encompassing:
-
Financial
-
Regulation & Compliance
-
Cybersecurity & Controls
-
Data Leak & Data Breach
-
Reputational Risk
-
Extent of Punitive Fines
-
Operational Implications
