Data Centre Audit of Global Investment Banking Subsidiary
Risk Management Consulting
 
 
Xcina Case Study

Data Centre Audit of Global Investment Banking Subsidiary

The client

A wholly owned investment banking subsidiary of one of the largest brokerage and financial services groups in Japan.

The work

Undertook an audit of outsourced Data Centre Management on behalf of the client’s Internal Audit department.

How we helped

We worked with the client’s Internal Audit team to define key risks and expected controls in respect of Data Centre Management. The resulting audit plan covered Physical Security, Facilities Management, Data Centre Service Provision (including third party supplier management), Change Management, Incident and Problem Management and People Management. Data centre service provision was outsourced to a third party. This partner in turn outsourced facilities and infrastructure provision to other external service companies. Our experience in complex outsourcing arrangements allowed us to understand the respective roles and responsibilities and legal commitments and fully test them to provide assurance that the client’s desired service, availability and performance levels were being safeguarded appropriately.

Value added

We brought a breadth and depth of knowledge around Data Centre Management and associated risks that did not exist within the client. In addition our complete independence from the client meant we were able to challenge and test the responses of key third party service providers to provide highly robust levels of assurance over the management of risk in the data centre environment.

Industry and sector:

Financial Services

Solutions and service area:

What our clients say

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do. "

Getac Technology Corp, Legal Affairs Center

"Xcina is always responsive to any question we have during the time we are implementing data protection remediation activities, they keep us informed and understand what we need and what we’re trying to do."

ParkMobileUK, Managing Director

"Xcina Consulting performed an annual review of our card data environment, and ensured that we are compliant with the PCI-DSS. We continue to work with their experienced QSAs, leveraging their guidance and best practices so we have the highest possible level of security controls in place."

DKB Brands, Data Protection Officer

"Xcina really helped us to kick start our data protection compliance process. They took the time to speak to all departments of the business and outlined our highest risk to lowest risk areas. The insight and guidance they provided was essential for our business to become GDPR compliant."

Portman Settled Estates Limited, Estate Secretary

"Xcina’s ongoing support has ensured that our employees feel confident when dealing with data protection matters, with best practice knowledge and expertise from consultants who have taken the time to get to know our business and our industry."

National Bank of Kuwait, Compliance Officer

"Xcina worked with us on a number of data protection matters, including subject access requests and gave helpful, practical advice which reflected their understanding of technology issues as well as legal matters."

Your World Recruitment, Group IT Director

"We have worked with with Xcina successfully for two years, initially on internal GDPR GAP analysis. We now have them engaged as our ‘Virtual DPO’ provider and regularly receive useful, pragmatic and, more importantly, actionable advice on all areas of Data Protection."

Quadrangle Research, Group Chief Operating Officer

Discover how we have supported businesses like yours >>

Subscribe to Updates

Receive regular updates from our expert consultants as they provide clarification and guidance on issues impacting your organisation.

Subscribe >>