The client is a banking and financial services company. Their existing asset-based assessment solution was causing multiple issues as it was manual and time consuming leading to significant delay in completion of the assessment. They were looking for a vendor who could automate the entire process for an efficient IT risk assessment.

Infosys re-designed the assessment solution and automated the process using RSA Archer. This led to timely completion of the assessment process and ensured overall compliance with the organization policies.

Key Challenges

  • Time consuming and manual security control assessment of each asset by system owners and assessors
  • Lack of assessment workflow notifications to system owners, assessors and other stakeholders
  • Non-compliant security controls due to lack of required evidences
  • Delay in timely completion of assessment due to lack of integration between various security tools and RSA Archer
  • Lack of functionality to submit multiple assessments at the same time
Line

The Solution

Assessment made easy with automation

  • Redesigned the overall assessment process leading to enhanced reporting of security controls
  • Integrated security tools with RSA Archer and enabled auto population of control responses thus saving efforts
  • Enabled the functionality to pre-populate previous cycle’s responses into the current assessment cycle
  • Built a feature to display applicable controls based on the asset type
  • Enabled automatic identification of assets that required assessment
Line

Benefits

Quicker redressal of non-compliant controls

Overall assessment cycle reduced from six months to 30 days

Overall assessment cycle reduced from six months to 30 days

•	Increased control testing reliance by activating auto-population of control responses from security tools

Increased control testing reliance by activating auto-population of control responses from security tools

User friendly dashboard to cater to requirements of various stakeholders and improved compliance reporting

User friendly dashboard to cater to requirements of various stakeholders and improved compliance reporting

Optimized time by enabling submission of multiple assessments simultaneously

Optimized time by enabling submission of multiple assessments simultaneously

Improved assessment review process with regular system generated notifications

Improved assessment review process with regular system generated notifications

Faster identification of non-complaint controls leading to quick remediation

Faster identification of non-complaint controls leading to quick remediation

Eliminated the process of manual scoping of assets using automation

Eliminated the process of manual scoping of assets using automation