Improving Regulatory Compliance Outcomes at Gallagher Bassett

case-study

Improving Regulatory Compliance Outcomes at Gallagher Bassett

GallagherBassett
Gallagher Bassett Services Australia provides customized third party administration (TPA), risk management and claims handling solutions to the insurance and financial services industry. The Company has offices in Melbourne, Brisbane, Adelaide, Sydney and New Zealand, and a team of more than 1,500 claims management experts, and provides a unique suite of claims management and related consulting, and technical services.
The company has Sarbanes-Oxley and ISO27001 compliance obligations through its US parent organization and is required to undertake regular user access reviews. Having previously used manual processes to undertake an extensive user access review program, the Company was looking to improve efficiency and compliance outcomes.

ABOUT GALLAGHER BASSETT

Gallagher Bassett provides customized third part administration (TPA), risk management and claims handling solutions to the insurance and financial services industry. Their story is one of innovation, commitment to quality and strategic decision making.
GB introduced the TPA model to the local insurance industry. Globally, we are among the world’s largest TPAs, with operations in the United States, Canada, the United Kingdom and New Zealand.
With offices in Melbourne, Brisbane, Adelaide, Sydney and New Zealand, and a team of more than 1,500 claims management experts, GB provides a unique suite of claims management and related consulting and technical services.

Information security driving demand
for operational improvement

All publicly-traded companies doing business in the United States are subject to the Sarbanes-Oxley (SOX) Act of 2002.  Section 404 of the Act demands that entities assess and report on internal controls and the integrity of financial reporting. SOX requires enforcement of user access control procedures, including periodic user access reviews of all systems that impact financial reporting.
Bart Vansevenant, General Manager New Products with RightCrowd noted that ‘user access reporting is a fundamental component of compliance against many standards, yet organizations of every size still rely on manual processes and out-of-date data’.

RIGHTCROWD A CLASS-LEADING USER ACCESS REVIEW SOLUTION

Nick Quinnell, Security Manager, Gallagher Bassett said ‘With a growing compliance burden and a myriad of disparate systems, the company needed to reduce the overhead of audits and reporting, while improving operational compliance’. ‘The Company saw an opportunity with RightCrowd Access Analytics to achieve both goals’ he said.
Gallagher Bassett had a mature identity management program the Company was looking for a solution to flexibly map, measure and monitor user access, to improve security and business practices. ‘The ability to ingest access data from legacy and other applications outside our core identity management system was a bonus.’ ‘It allows us to monitor and improve access across a broader range of systems fundamental to SOX and ISO27001 compliance’ Quinnell continued.
RightCrowd Access Analytics flexibly ingests access data from any system. By correlating against HR or Active Directory data, the health of user access can be accurately reported in near-real-time for audit and compliance reporting purposes.
Mr. Evans continues ‘we like the form factor of the Badgeholder because it fits very comfortably into a corporate environment’.
He further noted ‘we all use building access cards already and you can’t get into the building without badging in today. So having something that leveraged that, was easy for our people to accept because it was already part of our practice’.
The RightCrowd solution was deployed and tested with consultation with the customer’s IT and security team. Best-practice reports were deployed initially to meet standard requests, which were then improved with business input over time.
Mr. Quinnell noted ‘since our initial implementation of RightCrowd Access Analytics we have had a number of different departments request integration of their systems into the application. It delivers accurate access reporting fast, so they can be ahead of compliance.’ ‘It’s a been an effective tool to help us identify pockets of best-practice and help other parts of the organization achieve that too’.
RightCrowd Access Analytics - Dashboard

BENEFITS OF RIGHTCROWD ACCESS ANALYTICS

The major impact of RightCrowd Access Analytics is the provision of accurate user access data, faster. Up-to-date access data allows system owners to make better security decisions that not only improve compliance but security as well. Mr. Quinnell said that ‘knowing who has access is fundamental to good security, a flexible tool like RightCrowd augments our identity management program and gets the job done fast’.
This is why Gallagher Bassett chose RightCrowd:
Delivers up-to-date user access information fast
Connects to legacy systems, in-house applications outside of the identity management program
Fast deployment and the Gallagher Bassett team is fully trained
Additional security and compliance use cases