Introduction:

This case study describes our role in improving the outsourced cyber resilience arrangements for a business that delivers critical settlement, processing, and data solutions to global financial markets

Already engaged in a broader exercise for our expertise in accelerating material outsourcing improvement, we were asked to help the third-party risk, security and operational teams to contractualise and negotiate their full end-to-end requirement as part of ole source negotiations with the incumbent provider and parallel RFP preparation activities.

The case study highlights the value of close cross-functional coordination that the client placed in progressing the action as well as the kind of integrative support that’s needed to make that work efficiently.

The Client's Challenge:

The client was transforming its core platform and needed to significantly improve cyber resilience and compliance with the latest regulations and security standards given the significance of its service to the market.

Their main challenge was whether the long-time IT outsourcing incumbent should feature in its target state given its value for money was now in question, or more seriously consider more cost-effective alternatives.

A challenge complicated by a cyber-resilience requirement that represented a collection of services that few single providers were able to provide, as well as ongoing resource contention given the priority of their transformation activity.

What We Did:

Already engaged in a broader exercise for our expertise in accelerating material outsourcing improvement, we were asked to help the third-party risk, security and operational teams to contractualise and negotiate their full end-to-end requirement as part of sole source negotiations with the incumbent provider and parallel RFP preparation activities.

Our key activities included:

• Conducting a thorough evaluation of the existing third-party risk and security commitments to confirm areas for improvement.

• Working with security teams to integrate diverse cyber-resilience requirements with the client’s target operating model and broader IT outsourcing contract

• Defining and detailed service specifications to ensure a comprehensive, end-to-end approach to cyber services.

• Expediting the preparation and management of contracts, RFPs, and due diligence processes to incorporate third-party risk management and security requirements.

• Assisting in presenting considerations to decision-makers and the board.

The Result:

The outcomes were:

• Agreement of a new cyber-resilience service that is more closely aligned with the envisaged target state while strengthening service commitments and reducing associated risks

• Improved third-party risk and security oversight commitments as part of the agreement

• Reduced overhead and distraction for the existing change activities and teams

• Reduced advisor fees as a result of more efficient validation of requirement detail

• Fully drafted RFP artefacts incorporating the TPRM and security requirements for the client to leverage into other future sourcing activities.

Tags:

#FinancialServices #CriticalInfrastructure #Transformation #Sourcing #Contracting #Negotiation