Customer : Recruitment SaaS
Scenario
- The company was dealing with a relatively high frequency of security incidents which created risks towards protection of the intellectual property of the formulations in addition to increased operational expenses incurred on remedial actions.
Challenges
- To transition from a reactive approach to a long-term prevention focus necessitated a re-think of existing operational procedures.
- The procedural changes needed several departments to establish a coordinated approach. This needed education and orientation towards security policies and procedures.
- It was important to involve suppliers and OEMs as part of this initiative as external interfaces represented a significant vulnerability risk.
Above all, the entire initiative needed to be governed via a framework that ensured visibility and transparency of actions.
Data Points
- At the start of the exercise, the baseline value was 4.8 incidents per 200,000 person-hours.
Solution
-
Deployment of an integrated incident prevention playbooks
- Playbooks spanning all departments were deployed for incident prevention and handling scenarios as well as for periodic procedural reviews and reporting.
- The playbooks combined instructional content (via videos), tasks and approvals (via emails) to ensure clarity of action.
-
Inter-departmental & inter-organizational coordination
- Playbooks incorporated tasks across functions (and 3rd party organizations) which allowed for an integrated approach.
- Handover of tasks between functions which had sequential dependencies were designated as milestones (to be alerted on in case of delays).
-
Real-time visibility as opposed to out-of-date information
- 360* view of data for analysis of cycle completion times along with identification of improvement opportunities.
Results
- The frequency of security incidents was lowered to 1.2 incidents per 200,000 person-hours (vs. 4.8 incidents earlier)
- This represented a 75% reduction in frequency of security incidents over a 6-month period.
