Local Union Protects Data With Help of IT General Controls Assessment

Background

A large Indianapolis-based skilled tradesmen’s union had been providing services to its members and the community for more than a century. The union’s Information Technology (IT) functions were outsourced to a reliable managed services provider (MSP). The MSP’s responsibilities included day-to-day IT operations, such as keeping the systems operational and IT strategic planning.

The Challenge

A top official at the organization was alerted to the topic of cybersecurity at a professional conference. It became apparent to him that the organization needed help protecting critical data in their possession, such as confidential member information. The conference helped the official understand how much the organization didn’t know about protecting its systems. The union reached out to the MSP that supported its IT systems, and the MSP recommended KSM to provide a third-party review of IT controls, otherwise known as an IT general controls assessment.

The Solution

KSM’s internal controls assurance team identified key areas of concern for the union, including authentication, security training, incident response, backup & recovery, malware protections, and more. The KSM team had working sessions with both the MSP and the union official about the cybersecurity responsibilities that are outsourced to their MSP – as well as those responsibilities that are inherently internal to the organization and required some action on the union’s part.

The main deliverable was a prioritized list of concerns that needed to be addressed, but the key to success in this engagement was the communication between the KSM team, the union, and the MSP throughout the assessment. Every concern that appeared on the list at the end of the process had been discussed with the group as it was identified. In many cases, the solutions were relatively low-cost changes that the union could implement internally or with the MSP’s assistance, and it had started work on the modifications before the engagement concluded. Where possible, the KSM team provided guidelines or drafts for new policies that it recommended.

The Result

KSM’s work in assessing the IT controls at the union and educating the client about the results of that assessment helped to protect their current systems and to empower the union to be an educated consumer of secure information technology services going forward. By the end of the engagement, the union had a clear roadmap of the short- and long-term work that it needed to do to meet its cybersecurity responsibilities. It also had the knowledge to discuss future concerns with its MSP and to understand and evaluate possible solutions.

Our KSM advisors not only worked with us to make sure we understood the strengths and weaknesses in our current system, they also helped identify modifications we needed to make to secure our data.

-Union Official

Ready to get in touch with us about the safety of your IT environment?

Your organization’s IT environment is the most critical part of a risk management strategy. KSM’s internal controls assurance team can provide you with valuable information that will help keep your company safe – and ultimately protect your bottom line.

LET’S TALK