Our client is one of the top 10 global logistics companies with approximately 100,000 employees and extensive European operations.
Nicolson Bray were engaged for advice and consultancy in two key areas:
Seven key IT security risks had been identified and recorded over a number of years. However without significant focus and buy-in these risks had remained largely unmitigated.
Our client sought advice and leadership to manage the remediation of these risks.
Our client had recently announced the acquisition of the regional operations of a global logistics company.
However there was no plan for managing the IT security risk of the carve-out and the secure migration of services onto our client’s infrastructure.
It quickly became apparent that whilst a risk management process already existed, there was a lack of buy in and adherence across this global organisation.
This risk management process was reviewed and enhanced to increase risk visibility and global buy in from all stakeholders.
Risk remediation workshops were co-ordinated and held, risk owners were identified and risk remediation plans defined.
In addition risk ratings were re-assessed and corrected where necessary, and monthly reporting created to give the European CISO full visibility of risks owned by his direct reports and other teams.
The initial focus was the negotiation of security provisions into the Transitional Service Arrangements. These ensured that clear lines of accountability were set, and paved the way for a smooth migration.
Following this Security Transition States were defined for key stages of the carve out - Pre-acquisition, Day1, +6 months, +12months and Target. This enabled core architectural decisions to be made and provided a backbone for detailed planning.
These Transition States covered seven core cyber security domains, and consisted of detailed architectural solution designs for the transition of all significant services.
Despite operating within tight budgetary constraints, and being delivered during a period of heightened change and transition, the following has been achieved:
The carve-out process has been complicated, and Nicolson Bray were engaged at a critically late stage. However 6 months post acquisition the following has been achieved: