Information security is so important today, especially for financial services providers. To professionally run the processes that are relevant for information security, institutions such as DekaBank are relying on the integrated software platform risk2value from avedos.
Banks today are subject to ever-growing regulations from supervisory authorities with regards to information security. This was a driving force for DekaBank, the securities services provider (Wertpapierhaus) of the Sparkasse savings banks in Germany, to extend its existing system for information security management. To handle the complexity of its 500 applications, comprehensive regulations and unique risk model, the company sought to improve the supporting technology as well.
“risk2value from avedos fulfills the majority of our business needs within the platform’s standard functionality, so we only need to add our own very specific requirements for self-service information and the risk model,” explained Christoph Hammel, Director of Information Security Management at Deka. “We were also impressed by its transparent licensing and stack of resources that are easy to operate from the technology side.”
The objective was to manage all information security requirements and comprehensively identify relevant risks in a single tool. With risk2value, DekaBank can provide different audiences self-service access to information on a regular basis, trace all actions for handling risks in a compliant manner, and administer all information risks including individual assessments.
“The avedos team had a deep understanding for the needs of DekaBank, and the teamwork while transitioning from the proof of concept to the actual project work was very productive,” Hammel summarized. Hannes Wambach, Co-CEO at avedos, added, “We look forward to working with DekaBank to further develop a long-term, value-driven approach to managing information security as part of a comprehensive GRC strategy.”
Get informed on the facts and latest trends in GRC – and stay tuned for upcoming events, webinars, podcast episodes or trainings.