Risk Management Consulting
 
 
Xcina Case Study

Operational Reselience for Financial institution focused on UK mortgage market

Strategic Partner Supporting Client with Business Continuity Management, Disaster Recovery, Information Security and Operational Resilience

The Challenge

The client is a new entrant to the banking market focusing on the UK mortgage market.

Highlights and key components of the engagement

In the context of the Client’s banking application to the FCA and PRA, Xcina was requested to lead the Client’s efforts to develop and implement its information Security and Operational Resilience Framework. We interviewed key staff and reviewed relevant documentation to determine the state of the ISMS. We then produced a roadmap to enable the Client to align with the ISO/IEC 27001 and ISO/IEC 22301 Standards as well as PS21/3 and SS1/21.

 

Methodology and Approach

Following the approval of the roadmap and working with the Client, we undertook remediation activities to improve the frameworks. The main areas covered in our implementation / remediation included:

  • Business Continuity and Disaster Recovery – Developed, implemented and tested plans to ensure that the Client’s important systems remained operational and available at all times.
  • Operational Resilience – Identified Important Business Services, set Impact Tolerances and developed Scenario Testing strategy
  • Security Policy, Standards and Guidelines Framework – Enhanced existing policies, created new policies where gaps were identified based on the ISO 27001 standard, approved and socialised these policies.
  • Information Security Risk – Created and oversaw an IT risk management program that enabled the Client to identify and protect its business data, intellectual property and physical and information assets. 

 

Results and Outcome

With our assistance, the Client was able to implement the required cyber and resilience frameworks required by the regulators within the tight timescales.  They were able to go live, equipped with a robust framework providing a strong line of defence against cyberattacks and other potential disruptions.

What This Means for You

Whether you are at an early stage of your Cyber Resilience journey or looking for continuous improvement, Xcina delivers:

  • Independent benchmarking assessments against leading cyber resilience frameworks such as PS21/3, PS24/16, NIST, CAF, ISO27001, NIS2, DORA and TSA, identifying areas for improvement
  • Expert advice on complex security, resilience and certification issues and best practices
  • Pragmatic implementation assistance to help strengthen your security and resilience posture
  • A long-term partnership and ongoing assistance throughout your journey, not just a point-in-time assessment

To find out more about how we can assist you, please refer to our Regulatory Compliance Consulting Services and Solutions at https://xcinaconsulting.com/services/regulatory-compliance/

 

 

 

 

 

Industry and sector:

Financial

Solutions and service area:

Xcina’s objective:

Xcina Consulting was engaged as a strategic partner to support Business Continuity Management, Information Security Risk and operational resilience to financial institution

In terms of our governance, structures, policies, and procedures, we’re in a good place with embedding those and that’s certainly where Xcina has helped us. We had a requirement to get things done quickly and efficiently and needed the expertise and wider market knowledge which did not necessarily exist internally, at least in the early days. Xcina worked as an extension of our current team and company, rather than an arm’s length external organisation.

Colin Bell, COO and Co-Founder, Perenna Bank

Discover how we have supported businesses like yours >>

We’d love to hear from you

We have a strong track record in providing risk advisory services with a focus on governance, regulatory compliance, conduct and culture, data protection, and third-party assurance. We help organisations successfully address governance, risk management and compliance challenges.

To discuss how the areas highlighted in this case study, or any other aspect of risk management, information governance or compliance impact your business, speak with our team, tell us what matters to you and find out how we can help you navigate complex issues to help you deliver long term value.

If you have any questions or comments, or if there’s anything you would like to see covered, please get in touch by emailing Xcina Consulting at info@xcinaconsulting.com. We’d love to hear from you.

Lindsey Domingo

Senior Director

Speak to me directly by Email, or
Telephone: +44 (0)203 745 7826

Lindsey Domingo

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>