A Decade of BCP, InfoSec and Risk Advisory

Continuity of business, risk mitigation and mature security and risk frameworks are critical to any corporation, particularly one that is government owned and delivering to over 90 institutional investors in Australia and internationally.

Queensland Investment Corporation (QIC) is Australia’s second largest funds manager and as of December 2014 it had $70.8 billion in funds under management, making it one of the largest institutional investment managers in Australia.

Business Aspect has worked with QIC at senior levels within Information Technology and the business since 2005 in business continuity planning (BCP), information security and risk advisory. In that time we have jointly produced over 50 risk assessments and reviews for in-house initiatives and large, complex externally provisioned IT programs, including recent cloud delivered solutions. Read below for more about our specific work with QIC:

In the beginning…risk and information security frameworks…

Our relationship commenced with the provision of IT risk and information security services.

Brendon Taylor, one of Business Aspect’s founding partners worked extensively with QIC to mature its IT risk and security framework. This required the development of an information security policy framework and related standards and processes. Working closely with the IT group while reporting to the Chief Risk Officer ensured a close alignment with QIC risk management framework and methodologies.

Business Continuity Planning for Global Real Estate

Business Aspect went on to deliver Business Continuity Planning (BCP) consulting services for QIC’s Global Real Estate group which extended to the provision of a BCP specialist onsite at QIC to augment their existing capabilities; along with a finance specialist for business advisory services.

Assurance in the cloud…good governance with cloud security and SLA guidelines

More recently, we have supported the review of cloud delivered solutions. Together with QIC we have ensured appropriate governance and good practice across the acquisition of cloud services and alignment of externally delivered environments with QIC internal policy and regulatory requirements.

Business Aspect’s cloud assurance work has extended beyond review and assurance to the development of internal capability, such as the development of a number of security standards and associated guidelines as a component of the overall information security framework.

This included the development of cloud security guidelines and service level agreement (SLA) guidelines focused on addressing information and security, availability and service continuity requirements of cloud solutions and other externally hosted environments.

Business Aspect continues to be engaged by QIC to provide strategic risk advisory and in the provision of IT risk assessment and information security reviews of complex systems development and acquisition projects.

You can visit other areas of our website to read more about our work in IT Risk, Information Security, Business Continuity Planning.