Alignment of National Security Standard with Localized Practice
As a wholly-owned subsidiary of the Assurance Company of Canada, the Hong Kong office was established since 1892. Today, the Company provides professional financial services to both individual and corporate clients through individual life and health, pensions and group pensions, and third party administration businesses in Hong Kong. The Company is focused on providing top-quality protection and wealth management products, and retirement planning to satisfy the clients’ evolving needs at different life stages.
At a Glance
Hong Kong Insurance Authority / ISO 27001 ISMS
ISMS Implementation
Security advisory partner
What brings them to MXC
To cope with their business direction on enforcing the implementation of information security management and they are looking for long term security advisory partner to embedded Information Security Management and Risk Management for the assurance the business risk management, customer information protection as well as the compliance of security compliance requirements from their national security team and Hong Kong Insurance Authority by leveraging with international standard such as ISO27001 ISMS.
Challenges
- Lack of internal resources on implementing Information Security Management effectively.
- Lack of experience and professionals to build the culture of security management within the company and promote the staff awareness on information management system
- Complex and continuous needs on security requirement from their national team security team and the regulatory requirement from Hong Kong Insurance Authority.
Results
Maximus or MXC Compliance Advisory Team was appointed as their Information Security Consultant including the works like staff training, risk assessment process, internal audits, assistance on certification and other information security management system advisory.
Designed, Developed and Implemented a fit-for-purpose Information Security Management System or ISMS to in-line with the corporate requirements
Certified by Accredited Certification Body.
Creates an effective risk management system to evaluate their existing information security risk and advise the tailor-made risk treatment plan for continuous improvement.
To be able to demonstrate to their stakeholders, business partners and customers a “fit-for-purpose” assurance regarding information security
Continual improvement on information security management on both maturity and effectiveness