Accesa logo white
Maturity Assessment Consultancy for Better Compliance

Cybersecurity Maturity Assessment for Better Compliance

IT service provider

The company has been active in the European market for more than 20 years, with solutions and services specially tailored to the needs of organisations in the Finance & Banking, Retail and Manufacturing industries.

Industry

  • Finance
  • Manufacturing
  • Retail

Service

  • Cybersecurity

Company Size

1.000+ employees

Duration

2019 - present

Accesa arrow icon

Challenge

The business lacked specialised tools that would offer visibility and transparency over critical IT areas and specialists with competencies and experience to address the challenges of a continuously growing organisation. Additionally, they faced challenges in contextualising the need for investment and its impact on mitigating risks.

Accesa plane icon

Solution

Adopting a consultative approach, conducting internal studies, and considering various frameworks such as NIST CSF, CIS CSC, and ISO 27001/27002, we provided measurable and trackable security improvements, which helped demonstrate the impact of security investments to stakeholders. After the initial consultation, we continued to perform annual assessments.

Accesa speaking icon

Impact

The organisation achieved ISO 27001 and ISAE 3402 Type 1 certifications and successfully met the requirements for BAIT compliance. They also expanded their IT team by 500%, significantly improving the IT infrastructure's performance, availability, and monitoring. We also enhanced overall operational efficiency by achieving a 30% reduction in manual efforts required to validate and enforce compliance.

Project Overview

Based on a comprehensive evaluation of our cybersecurity needs and risk profile, we identified the best-fit framework to enhance the company's security posture. We devised and implemented the following plan:

  • Consulted with the stakeholders to assess multiple frameworks, ultimately selecting CIS Controls for its prioritised, easy-to-follow safeguards and alignment with the company’s transformation.

  • Planned and conducted annual cybersecurity assessments based on the selected framework, with a focus on identifying gaps, tracking progress, adjusting our recommendations to better fit with the organisation's growth strategy and cyber threat context and implementing remediation plans. The process ensured that all controls were evaluated and improvements were clearly demonstrated to stakeholders.

  • Performed proactive and regular follow-ups and validations of the remediation plan to ensure ongoing security improvements, cost-effectiveness, and reduced risks.

  • Initiated the use of benchmarks for hardening server environments and other critical assets, with plans to automate the process to validate and configure systems according to best practices.

By adopting a strategic and flexible approach, we enabled the company to improve security, meet compliance requirements, and reduce long-term risks associated with cyberattacks. 

Results

With an effective framework in place, our specialists gained a clear snapshot of the organisation's cybersecurity maturity, as well as an actionable list of remediation actions to cover weaknesses and enhance strengths, leading them to achieve ISO 27001 and ISAE 3402 Type 1 certifications, as well as compliance with BAIT requirements. Key results include:

Business & Operations

  • The IT team expanded by 500%, now consisting of 15 members, to support the increased demands of compliance and remediation efforts.

  • With the introduction of CIS Benchmarks and automated validation, we anticipate a 30% reduction in manual work required for compliance enforcement.

Technology Governance

  • Increased the number of fulfilled CIS Safeguards from 52 in 2020 to 108 in 2023.

  • Enhanced monitoring, availability, and performance of the IT infrastructure.

  • Strengthened adherence to information security standards.

  • Significantly reduced risks of unauthorised access, data breaches, and financial losses from cyberattacks.

These improvements have led to greater operational efficiency, stronger compliance, and a more secure IT environment.

GET IN TOUCH

0

WHAT HAPPENS NEXT?

1

After you submit a contact form on accesa.eu, one of our representatives will review the information and get back to you in 1-2 business days.

2

We will then assign a Technical Presales expert to have a deep dive and assess your requirements and objectives.

3

The Presales expert will work with a bid team and a Software Architect to prepare a high level project estimation and the Sales expert will provide you with a commercial offer.

We will get back to you within 1 to 2 business days. We will also provide a proposed project allocation and start date after a minimum of 15 days from the deep dive session.

Address: Constanta 12, Cluj-Napoca, Romania 

Phone number: +4989215485115