Case Study by Kathryn Kerr - Chief Operating Officer, FASEA
The Background
The Financial Adviser Standards and Ethics Authority (FASEA) was established by the Federal Government through the Corporations Amendment (Professional Standards of Financial Advisers) Act in 2017. With the responsibility to set the education, training and ethical standards for approximately 22,000 Australian licensed financial advisers.
The data we manage is diverse, and much of it is highly confidential – from the assessment of Higher Education providers, financial advisory courses through to development of professional standards and associated guidance. We are responsible for the delivery of a professional exam, collection of payments as well as the individual assessment of financial advisers' qualifications to ensure they are meeting the required standards.
As a small company, our entire team is highly technical and focussed on achieving our legislative remit. We have no in-house IT expertise, so we rely entirely on external support to keep our systems operational and secure.
The Goal
In engaging The Missing Link, our ultimate goal was to know that we are working with IT infrastructure and software that is secure and stable. We need to be able to assure our Board and our stakeholders, that our data is held securely and confidentially.
From a day-to-day perspective, we wanted to have expert IT services – similar to those you find in corporations – on hand to advise, support and manage our infrastructure and security as needed – but we didn't have the need to invest in a full-time on-site team.
The Selection Process
Two years ago, we engaged The Missing Link to help us with Managing our IT Services. We had been impressed by their level of responsiveness to our enquires, and their track record. On top of that, the number of certifications and awards they have amassed, along with positive client referrals, was more than enough to win us over.
Initially, The Missing Link undertook a Security Controls Review of our IT infrastructure and assessed our security protocols against the Australian Signals Directorate's Essential 8 strategies to mitigate cyber security incidents. It was the perfect time for this as our company's IT infrastructure had been growing organically since start-up. Following the review, we asked them to present their findings, along with recommended steps for improvement to our Board's Audit and Risk Committee.
Based on this, we engaged The Missing Link to undertake the work they had identified as needing attention. The first thing they did was migrate our Dropbox infrastructure to Sharepoint, a Microsoft system they said would be more secure.
The project went so well that when we decided to assess our website's security, we requested a quote and engaged them to do Penetration Testing. The Missing Link identified a few vulnerabilities in our website during this process but perhaps most impressively of all, discovered an unrelated vulnerability as well - which they were quick to address and help resolve.
The Relationship
The Missing Link is excellent to work with. While they all have the same work culture, it's not a homogenous group, in fact, every person we engage with is different and refreshing to interact with. Interestingly, I get the feeling that there is no – or very little – hierarchy within the organisation; everyone is equally respected for their level of expertise.
Their responsiveness inevitably exceeds expectations on timing, and they can communicate highly complex situations in plain English.
From a project management point of view, The Missing Link has been approachable and collegiate from day one. They are very organised, and really focussed on output and getting the job done – despite being a small company; I never feel that competing priorities impact us.
Most importantly, when we're working on a project, I feel like we are all on message, trying to resolve a problem together. This was particularly evident when they came across the unrelated vulnerability while undertaking penetration testing. Despite it being out of scope, they were quick to report it and to work on a solution so that it could be rectified.
The Difference
The Missing Link provides the expertise to fill a gap within our business, and although they are a third-party consultant, they work with us as if they're part of our organisation. Having worked in big organisations all my life, I'd say they're like the IT department of a corporation– only much more responsive.
