Download PDF
Major Telecom Company Accomplishes Security Compliance in 18 Months
Technology Category
- Application Infrastructure & Middleware - Data Exchange & Integration
- Cybersecurity & Privacy - Security Compliance
Applicable Industries
- Telecommunications
Applicable Functions
- Business Operation
Use Cases
- Cybersecurity
- Regulatory Compliance Monitoring
Services
- System Integration
The Challenge
The telecom company was given a mandate by its board to create a broad-reaching governance, risk and compliance (GRC) program managing everything from audit and compliance to third-party risk and business continuity. The company faced a number of challenges, including a staffing shortage, customer demands, a dynamic regulatory environment and the off-the-grid nature of Alaska. They relied on spreadsheets, email and tribal knowledge for a patchwork compliance program, and lacked a comprehensive view of real risk areas. The Board requested the new GRC program to be up and running in 18 months.
About The Customer
The customer is a major telecom company based in Alaska. The company was facing a number of challenges including a staffing shortage, customer demands, a dynamic regulatory environment and the off-the-grid nature of Alaska. They relied on spreadsheets, email and tribal knowledge for a patchwork compliance program, and lacked a comprehensive view of real risk areas. The company was given a mandate by its board to create a broad-reaching governance, risk and compliance (GRC) program managing everything from audit and compliance to third-party risk and business continuity.
The Solution
To build a security compliance program, the telecom company hired a seasoned CISO with experience building similar programs. The company then formed a GRC team to integrate the entire GRC ecosystem at once. They chose NAVEX IRM, NAVEX ’s GRC platform, which is designed for integrated risk management. NAVEX IRM delivered on the company’s needs; namely, a collaborative tool with automation and functionality specific to the company’s use cases. Once data is in NAVEX IRM, it becomes actionable information that is then reported to business units to help them take action or make an informed decision. The GRC team was able to take a lifecycle approach to security compliance. It started with a controls framework design that lead to a current state assessment, followed by risk prioritization, remediation and reporting, with ongoing maintenance and, when necessary, updating the framework. NAVEX IRM supports every stage of this lifecycle.
Operational Impact
Quantitative Benefit
Related Case Studies.
Case Study
Vodafone Hosted On AWS
Vodafone found that traffic for the applications peak during the four-month period when the international cricket season is at its height in Australia. During the 2011/2012 cricket season, 700,000 consumers downloaded the Cricket Live Australia application. Vodafone needed to be able to meet customer demand, but didn’t want to invest in additional resources that would be underutilized during cricket’s off-season.
Case Study
SKT, Construction of Smart Office Environment
SK T-Tower is the headquarters of SK Telecom. Inside the building, different types of mobile devices, such as laptops, smartphones and tablets, are in use, and with the increase in WLAN traffic and the use of quality multimedia data, the volume of wireless data sees an explosive growth. Users want limitless Internet access in various places in addition to designated areas.
