Overview:

The organization is a Mauritius-based consumer finance company. The Company provides automotive financing services for its consumers. In mission to become a world-class consumer finance company, the company initiated transformation of its legacy system into centralized database solutions. A leading bank East Africa acquired this Multi finance company.

Business Needs:

Entrans was asked to support the company for this transformation in IT Infrastructure, Information Security and Application domain. The consulting assignment awarded to Entrans, to carry out Gap Analysis of Current State, suggest End state, and present implementation plan to achieve end state.

Problems and Challenges:

Acquisition of company by a bank results into complex business environment, with multiple stakeholders and conflict of interest between parties. 

Different policy and process adoption, different technical environment, indigenous organization structure presents huge challenge to identify basis for gap assessment 

Interaction with two different IT organizations, identify mean between different interest groups, and finding common goal for future IT Transformation

Solution:

Solutions Gap Assessment exercise based on ISO27001 standards and acquire banks policies and processes Security Governance Mechanism Review, Security Policy Evaluation and Review Risk Management Framework

• Infrastructure Security Assessment, Vulnerability Assessment 
• IT Operational Control Assessment 
• Security Management Framework Assessment 
• Compliance Framework Assessment

Benefits:

• Identify security posture of organization, strengths, and weakness of organization. Dashboard view of information security status 
• Identify GAP against BS7799/ISO27001 standards and Review preparedness for BS7799/ISO27001 certification 
• Introduced Risk based approach for Information Security. Implementation of FMEA based Risk Assessment methodology 
• Detailed implementation plan for achieving End state security posture