Governance, Risk, and Compliance Initiative
ScottMadden has worked with a number of organizations to improve security control and governance processes. Contact us to learn how we can help support your risk and compliance projects.
At a Glance
Security Assessment
Conducted security assessment of controls across application portfolio
Selection Assistance
Helped client source and select optimal governance, risk, and compliance (SGRC) tool by:
- Aligning requirements to vendor capabilities
- Developing evaluation criteria and scorecard
- Coordinating product testing with client and vendors
- Documenting and reviewing vendor selection
Improved Transparency
Improved risk transparency and decision-making ability for security leadership
Challenge
A southwest midsized utility that had recently undergone leadership changes desired to increase transparency into its security control and governance processes. Organization executives sought a way to eliminate information silos and achieve a full-scale view of system risks.
Process
- Proposed relevant security controls from industry best-practice IT frameworks
- Adapted and adjusted security control requirements to suit compliance needs
- Defined individual and business area ownership and scope of applicable security controls
- Aligned selected security control objectives with NIST cyber security framework
- Documented and reviewed comprehensive security control library
- Developed functional requirements for a governance, risk, and compliance (SGRC) tool based on best practices
- Aligned functional requirements to vendor capabilities within the market
- Developed evaluation criteria and scorecard to support vendor data collection
- Coordinated with targeted shortlist of vendors to conduct evaluations with key client stakeholders
- Consolidated final scores and reviewed comprehensive feedback with stakeholders
- Documented and reviewed final vendor selection
Result
- Documented finite set of customized security controls
- Conducted initial security assessment of controls across application portfolio
- Improved risk transparency and decision-making ability for security leadership
Related Insights
NERC Audit Support
Case Study
An electric utility was preparing for a NERC CIP and O&P audit to take place within the next six months. The utility started to prepare for the audit…
NERC CIP Program Recovery
Case Study
A large electric utility had received an unfavorable audit that pointed to a significant programmatic breakdown and a lack of cultural understating of NERC CIP standards.
Security Upgrade Project
Case Study
ScottMadden assisted Tennessee Valley Authority, a large nuclear generator, to execute its Security Upgrade Project to comply with the Code of Federal Regulations 10 CFR 73.55 and…
Let’s Work Together
We don’t solve problems with canned methodologies. We help you solve the right problem in the right way. Our experience ensures that the solution works for you.