Case Study : A Due Diligence Exercise Prior to Commencement of a new Business Partnership
Digital Assurance was asked by the UK's largest insurance company to carry out a risk-based audit on a supplier that they were considering partnering with to provide a new service offering. Essentially, the supplier is offering a web-based application and supporting network systems infrastructure which provides a new mechanism to support Independent Financial Advisors (IFAs) in the United Kingdom.
The Company was seeking assurance that the supplier had followed best practice with respect to developing the code, designing and supporting the infrastructure, as well as ensuring that the shared nature of the platform did not compromise the confidentiality, integrity and availability of their IFAs' or customers' data.
Digital Assurance planned and conducted a comprehensive programme of workshops and interviews with the supplier's staff, supplemented with reviews of documentary evidence and paper-based technical reviews of infrastructure design and the application source code. We provided a comprehensive final report detailing the current state of information security with respect to the supplier's platform, our opinion on whether the company should engage with the supplier and any risks that should be mitigated prior to moving forward.
References for this project are available on request