Who:
Fidelity National Financial / FIS
2204 Garnet Ave
San Diego, CA 92109
When: April 2006
What: Client required to provide business partners with a high-level overview of the vendor’s services and the information security posture of the organization.
The Challenge: The client performed business-to-business (B2B) online transactions with many banks, which required review of the client's overall security status. Each bank used a different approach when attempting to obtain relevant security information. This included producing security documentation such as information security policy, procedures, standards, and guidelines, and the most recent SAS70 Type II audit findings.
The Solution: Established and maintained an internal control structure that was easily assessed through effective documented controls. Developed a template used to map security standards to the documents or processes used to control that standard. Prepared management reports on the structure and its effectiveness and conducted personal interviews with executives ultimately responsible for the areas reviewed.
The Result: Passed SAS70 audit with minimal discrepancies, securing an attestation from an external auditor on the effectiveness of the client's controls. Successfully responded to over 20 business partner security questionnaire,s providing results of audit, financial reporting and disclosure, and corporate governance.