Home > Casos prácticos

Caso Práctico

Information & Cybersecurity Management of third-party providers

Risk Managers analysing existing contracts

Client

 

telefonica_logo

 

Industry
  • Telecommunications
  • O2 founded as Viag Interkom in 1995, E-Plus in 1993
  • Specialised in providing mobile and internet services for business customers and the mass market
  • 2.098 billion euros turnover in the period July to September 2024
  • Approx. 45.9 million mobile connections and 2.45 million internet connections in Q3 2024
  • 7,500 employees in 2023
  • Parent company Telefónica S.A. headquartered in Madrid, Spain

Challenges

Risk evaluation and management of existing and (potential) new contracts with hundreds of business partners (third-party / suppliers) of the client under cybersecurity and information security aspects using the client’s own Cybersecurity Compliance Matrix (which considers ISO 27001, among others) with minimum 100 up to maximum 510 controls (number dependent on product or service):

  • Evaluation of (potential) new business partners in the context of tenders or contract renewals.
  • Risk analysis of existing contracts.
  • Identification of redundancies in various contract constructs or annexes (BCM vs. Security Controls Matrix).
  • Support with internal and external audits (e.g. compliance with new ISO27001:2022 8.28 Secure SW Development Controls).

Solutions

  • Professionalisation, standardisation and streamlining of internal processes within team Enterprise Security Risk Management (ESRM) / Cyber Compliance itself and also towards other internal teams (such as Product Owner) and business partners.
  • Setting up internal and management reporting.

Methodology

  • Classical PM with (potential) business partners.
  • Open and honest communication internally and externally.
  • “There is always a – joint – solution” approach

Technologies

  • Standard Office applications (Word, Excel, PowerPoint, Teams)

Timeline and scope

Since April 2023 with an average utilisation of 90% and quarterly extensions.

Results and customer experience

  • Streamlining / formalisation of processes, which in turn allows quick, flexible and effective response to special circumstances.
  • Better overview of contract situation overall.
  • Significant reduction of backlog.
  • Strengthening of the team within the client organisation.