Vendor Risk Management


Fidelity National Financial / FIS
2204 Garnet Ave
San Diego, CA 92109


April 2006


Client required to provide business partners with a high-level overview of the vendor’s services and information security posture of the organization. 

The Challenge

The client performed business to business (B2B) online transactions with many banks which required review of the clients overall security status.  Each bank used a different approach when attempting to obtain relevant related security information.  This included producing security documentation such as information security policy, procedures, standards and guidelines and most recent SAS70 Type II audit findings.

The Solution

Established and maintained and internal control structure that was easily assessed through effective documented controls.  Developed a template used to mapped security standards to the documents or process used to control that standard.   Prepared management reports on the structure and its effectiveness and conducted personal interviews with executives ultimately responsible for the areas reviewed.

The Result

Passed SAS70 audit with minimal discrepancies securing an attestation from an external auditor on the effectiveness of the clients controls. Successful responded to over 20 business partner security questionnaires providing results of audit, financial reporting and disclosure and corporate governance.


About FNF

Fidelity National Financial, Inc. (NYSE:FNF), is a leading provider of title insurance, mortgage services and restaurant and other diversified services. For over thirty years we have found opportunistic ways to provide industry leading products, services, and value.