CNS Group supplies Security Audit and Advisory Services to Saunderson House in order to assess the level of Operational Security at their 3rd Party Providers and Suppliers. This enables Saunderson House to provide market leading financial services to their client base securely and efficiently.
Saunderson House is a leading firm of independent wealth managers based in the City of London providing award winning financial planning and investment services to busy professionals and other high net worth individuals.
Their Corporate Chartered Financial Planners status demonstrates commitment to the highest degree of knowledge, capability and ethical practice. Likewise, they make it a priority for all their advisers to gain individual Chartered status. As part of an ongoing commitment to ensuring best practice CNS were first engaged by Saunderson House to assess the security of their own external and internal environments as well as the public facing applications they produce. The relationship has grown from utilising CNS’s CHECK, CREST and TIGER accredited penetration testing skills to employing the skillset of the Governance, Risk and Compliance department to assess the appropriateness of their own internal policies and procedures culminating, to date, in an ongoing project to ensure Saunderson House complies with ISO22301 and begin the journey to full ISO27001 accreditation.
“Saunderson House take security and protection of our client and corporate data very seriously. By utilising CNS Groups expertise we have been able to make informed decisions based on specialist knowledge. This has led to us reducing corporate and, very importantly, client risk across increasing complex and specialist areas.”
Head of Information Technology,
As part of these ongoing efforts CNS were asked to assess the operational security, from a technical and procedural perspective, of a number of Saunderson House’s key business partners and suppliers of client critical services. 3rd Party Security Audits are an important way for Saunderson House to firstly select an appropriately governed company and then ensure that the data and service reliance Saunderson House share with and place on these companies can be relied upon and that the security, availability and integrity of all Saunderson House business critical and client data is maintained.
Example: One particular project aimed to assess the current level of operational security that Saunderson House’s web services and client portal supplier adhered to and provide them with assurance that this data is managed, transmitted, presented and held or stored by an organisation that has appropriate and adequate security measures in place.
- CIS Critical Security Controls Audit and Risk Treatment Plan creation (SANS Top 20 Audit)
- Policy and Procedure Review and Creation
- CHECK/CREST certified External, Internal and Web Application Penetration testing
CNS Group produced a multifaceted Audit Report and Management Overview enabling Saunderson House to quickly and easily evaluate the level of IT and Information Security that each organisation performs at and understand the inherent risks with using such organisations. Statistical analysis of the level of risk associated to information subsets such as Incident Response and Management Plans, Data Protection, Access Control, Monitoring and Analysis of Audit Logs, Data Security, Boundary Defences, Network Segmentation, Configuration and Security Patch Management, Change Control and DR Capability were all achieved, amongst a number of other possible threat vectors analysed.
The Risk Treatment Plan enabled each audited organisation to easily target the gaps in their current operations and set out plans to remediate these issues to satisfy Saunderson House’s needs. Coupled with an independently assessed Penetration Test report, which would detail any physically exploitable vulnerabilities in the services provided to clients, CNS Group were able to accurately report on a holistic understanding of security based on the results garnered and advise Saunderson House on the suitability of the Cyber Security controls and defences of each 3rd Party Provider thus ensuring the high level of Cyber Security at Saunderson House is maintained.