IT Security and PCI Compliance

Industry: Technology / Travel

Scope: IT Security Remediation

Background: In a technology-centric operation, this CTS Impact client had identified significant internal control weaknesses which required disclosure in its annual report to the SEC.  Due to the dynamic nature of the client’s environment, numerous applications, hardware, networks and other technical infrastructure were in place due in part to informal IT governance.

CTS Impact Solution: In order to remediate the material controls weaknesses, the first step was to identify ALL systems in use, understanding their connectivity and interaction, and then to address the controls deficiencies. CTS Impact provided a Project Manager and staff to perform the following:

  • System mapping
    • Identify critical systems (software, hardware, networks, interfaces)
    • Document comprehensive systems in use (over 100 identified)
    • Identify gaps and inefficiencies
  • Analysis and Remediation
    • Perform risk assessment
    • Documentation of key controls
    • Perform IT compliance testing
    • Remediation planning and execution, including development of standard operating procedures

Given the depth of understanding of this client’s systems, business processes, culture and overall environment, CTS also assisted this client with the following other projects:

  • IT project management
  • Payment Card Industry (PCI) data security compliance
  • Treasury workstation design, roll-out and user-training
  • Interim Business Analyst — financial systems
2017-02-08T23:41:19+00:00