QBANK, the Member-owned bank dedicated to police, emergency services, government employees and their families, recognises the critical importance of information security in safeguarding the personal and financial data of those dedicated to protecting and serving the community. To reinforce their security posture and ensure compliance with industry standards, QBANK enlisted the expertise of Business Aspect to access ongoing cyber security and risk management expertise via a Virtual Chief Information Security Officer (vCISO) service.
vCISO Service
Business Aspect’s vCISO service has become an integral part of QBANK’s technology and risk management processes. Working closely with Karla Day, QBANK’s Chief Technology and Transformation Officer (CTTO), and her team, Business Aspect’s vCISO played a pivotal role in helping deliver information security initiatives. This includes governance enhancement through policy uplift, streamlining vulnerability management programs and enhancing incident management processes. Furthermore, Business Aspect helped the CTTO reinvigorate the Information Security Steering Group (ISSG), ensuring improved and consistent oversight of the security program.
At QBANK, safeguarding our Members’ personal and financial data is paramount. Thanks to Business Aspect’s vCISO service, continuous compliance monitoring with Vanta, and rigorous vendor security assessments, we’ve fortified our security posture and compliance efforts, ensuring trust and reliability for Members.”
Karla Day, Chief Technology and Transformation Officer, QBANK
Compliance Program
QBANK is committed to ensuring regulatory compliance, recently undertaking comprehensive CPS 234 Tripartite audits. Business Aspect worked with QBANK to develop a comprehensive program of work to address required security uplifts and ensure alignment with CPS 234 and other compliance requirements identified in these audits. A key aspect of this initiative was the establishment of a security framework mapping CPS 234 requirements to the NIST Cybersecurity Framework (CSF), allowing QBANK to assess and manage their security posture effectively. Regular monthly and quarterly management and committee reporting ensures transparency and accountability.
Continuous Compliance Monitoring
To further enhance QBANK’s compliance monitoring capabilities, Business Aspect supported the implementation of Vanta, a platform for continuous compliance monitoring. This involved integrating governance frameworks into Vanta, monitoring risks against controls for compliance, and aligning existing policies with the compliance framework. By leveraging Vanta, QBANK have gained real-time insights into their compliance status and can swiftly address any gaps or vulnerabilities.
Vendor Security Assessments
Recognising the importance of third-party vendor security, Business Aspect developed a robust assessment framework to evaluate the security posture of new vendors ensuring that vendor risk is managed, and security aligns to the bank’s stringent standard. Through comprehensive assessments, QBANK receives assessments and recommendations regarding the engagement of vendors and identified additional precautions required to mitigate potential risks effectively.
I take great pride in working with QBANK and helping them to build a strong and secure technology environment that enables great financial services and products. I love the opportunity to give back and support the wonderful community that QBANK serves.”
Bruce Irwin, Principal Consultant, Business Aspect
Security Program Management
Business Aspect’s partnership with QBANK is ongoing and has played a pivotal role in developing QBANK’s security program based on assessments aligned with the NIST framework. Business Aspect continues to oversee and assess all elements of the security program. This includes providing ongoing oversight of the security program and delivering regular reports to the CTTO to ensure alignment with strategic objectives and continuous improvement.
Through the collaborative partnership with Business Aspect, QBANK has successfully strengthened its information security posture and compliance efforts. By leveraging vCISO services, implementing continuous compliance monitoring with Vanta, and aligning with industry standards such as CPS 234 and NIST CSF, QBANK has enhanced its ability to protect sensitive data and maintain the trust of its valued members. Moving forward, QBANK remains committed to proactive security measures and ongoing collaboration with Business Aspect addressing emerging threats and regulatory requirements effectively.