SITUATION
In response to an FTC Consent Order, a global technology company sought a qualified, objective, independent third-party professional to perform initial and biennial assessments of its information security and privacy programs. FTI Cybersecurity was hired as the independent assessor to evaluate the technology company’s development of their information security and privacy program and their alignment with the Order.
OUR ROLE
FTI Cybersecurity leveraged a dedicated team of experts with specific experience designing and assessing information security and privacy programs, especially for global technology companies. This team of experts conducted in-depth discovery efforts to develop and understanding of the operating environment, followed by comprehensive controls design review workshops and then completed operating effectiveness testing based on joint understanding of control operations with the client control owners, with the goal to accurately determine the maturity of its information security and privacy program and its effective adherence to the requirements of the Order.
OUR IMPACT
FTI Cybersecurity performed controls effectiveness testing through testing procedures designed in coordination with client points of contact and identified both strengths and areas for improvement within the information security and privacy programs, how those areas of improvement relate to requirements of the Order, and assisted the client in developing plans of action to remediate the identified areas for improvement.
FTI’s final report was acknowledged and accepted by both the client and the FTC.