Case Study by Matthew Schmalz - Head of IT, Finite Group
The Finite Group is a leading provider of diverse IT solutions in Australia and New Zealand. It was founded in 1998 to offer specialist IT recruitment expertise, people-based services, and in 2003 expanded into IT Professional services. The Group has experienced consistent year on year growth both organically and through strategic acquisitions, and has grown into a $440M per annum enterprise with 9 offices across ANZ and a workforce of circa 2000 personnel. Because we’re advising on IT, security needs to be at the forefront of everything we do – we need to demonstrate to all stakeholders that our security posture makes us a low-risk business to engage with.
With this in mind, we recently embarked on becoming ISO27001 compliant. As part of this process, I decided to initiate an external security assessment.
As a fast-growing organisation servicing many of the top organisations across Australia and New Zealand, including large Banks, leading Telecomm’s providers, and Government Departments. We needed to provide our clients with evidence of ISO27001 compliance and our ongoing commitment to continuously monitoring and improving our security posture.
The Selection Process
Finite decided to engage with a new strategic partner on security management. As a fast-growing company, we wanted a security partner that could be flexible and agile to quickly meet our needs within a rapidly changing IT environment.I had worked with The Missing Link previously at a different organisation, so I offered them the opportunity to tender alongside two other vendors in accordance with our company policy.
Each of the organisations received the same brief – I’m strong on transparency and consistency and like to ensure we’re able to make an ‘apples for apples’ comparison.The Missing Link’s proposal demonstrated that they understood how I worked and what I wanted and that they would ensure the outcome was what I was looking for. Unlike the other proposals, there was no fluff, and their costing was very competitive.
Having worked with The Missing Link before and now, I’ve come to know the team well during my time at Finite. The thing that really stands out about them is their customer service – it is excellent, and unlike most vendors I’ve worked with, across all industries, it doesn’t degrade over time. Response times are great, and the entire team is engaged from beginning to end and beyond. It’s very rare to find a business that’s so focused on the customer experience, yet it makes all the difference.
Our experience with penetration testing is a great example of the way we work so well together. They were proactive to ensure everything was done to schedule. The process was transparent and the outcome was what we wanted – we gained a thorough understanding of our security posture, risk levels and the path to improvement. Everything was delivered in one concise report, which we then collaborated on to develop multiple versions to suit the requirements of different audiences.
The Missing Link’s reports provide the evidence we need to demonstrate to our executive and clients that we’re aligned to ISO27001 compliance. Furthermore, we’re prepared to use a third party to test our environment and help us continuously improve our security posture. This is important because many of our clients – the banks, defence and government particularly – demand this level of confidence.
Having completed penetration testing as part of our security framework also gives our consultants greater confidence when they’re out there talking to clients and potential clients about the services we offer.
For me, it’s reassuring to know that I have a team of security experts that I can call on whenever I need advice or support. External threats are evolving and becoming more advanced every day, it is impossible to keep up to date with what is happening in the security landscape, so having them as a partner is really valuable.