True Story: Contractor Has to Prove Strict Security Controls for SOC, PCI & NIST Compliance to Win an RFP Bid, but must pay an expensive security report OR find a smarter way to win the bid.
He succeeded. His story.
Contractors bid RFPs for new business every day. When dealing with big financial institutions like credit unions, credit cards, and investment firms, contractors must work and meet or exceed compliance regulations.
We recently worked with a commercial contractor who was given a choice to pay for an expensive security report required for the bid or figure out a smarter way to leverage the compliance conundrum without paying for an expensive security report.
Pay to Play
This commercial contractor was bidding on work for a big-name financial organization. He knew that security compliance would be a requirement to win the bid. However, to get the security report, he would need to accompany the RFP to ensure that he met compliance requirements. He was asked to submit a credited report from a credited SOC 2 firm. When he inquired about the price for such a report, he was quoted around $100,000. Additionally, this price did not include the hardware, security plan, or services for monitoring and maintaining security compliance; it was only the security report. This contractor would have to pay for the report if he wanted to have any chance to be considered for the bid, or would he?
After consulting with this contractor, Blue Fox Group recommended he consider moving the entire operation to Azure Cloud. Here’s why: Microsoft has built its compliance solution directly into the Azure cloud service. Azure has a portfolio of over 90 compliance offerings such as certifications for standards like HIPAA, FedRAMP, and ISO/IEC 27018, many of which are built with the specific needs of heavily regulated industries, like finance, in mind.
In addition to setting up and maintaining the Azure platform for this contractor, Blue Fox Group could also provide IT services to meet the complete security needs of the organization, including:
- Change Management Software (Detection of changes on the network)
- Device Management and End User Security – Advanced Antivirus with AI
- Identity Management with Multifactor Authentication
- Web App, Email, Network Security
- Risk Analysis with Quarterly Business reviews – that is documented.
- Measure your environment and align with best-practice standards.
When the financial institution reviewing the RFPs requested the anticipated compliance reports, Blue Fox Group generated the reports needed, demonstrating comprehensive SOC compliance without the wait or additional fees.
This contractor also stood out from other contractors with a pitch that went like this:
Azure Represents a Better “Bang for The Buck”
Microsoft Azure as a compliance platform represented a more cost-effective solution than other commercial alternatives considered. Additional Azure benefits include:
- Keeps pace within the United States and international regulations: "What's important to us is being current with all the regulations. SEC regulations are what we are most concerned with, but we see growth in international regulations. It's the organization, streamlined access, and automation of Azure that has had the most positive impact for us."
- Financial data is more secure: "Our biggest challenge is ensuring that financial data is secure and not compromised. This sounds simple, but we are constantly responding to new threats. Azure secures our network and manages identity and administration. Azure's unified security management keeps everything secret, protecting proprietary information. We are also able to do financial reporting on time and accurately."
- Offers security and a comprehensive solution: "The main benefit is security and having a robust and broad solution from a single vendor. We are confident that Microsoft will be our platform for the foreseeable future."
- Reduces risk of financial penalties: "Azure for compliance is phenomenal when it comes to reducing our risk exposure. This has been great because we have less worry about not following policies and regulations. In addition, it has helped us develop best practices, avoiding financial losses or penalties."
The regulatory framework affecting businesses continues to grow in complexity with no signs of slowing. So partnering with an IT expert that seeks to build process and standards to improve your use of IT, might be right for you.
About Blue Fox Group
Any IT expert can provide network management and help desk services. However, only a unique technology partner - who will challenge the status quo and address strategic business initiatives before tackling IT problems can address how IT supports the business (and not the other way). At Blue Fox Group, we establish a set of industry standards that will align your IT infrastructure to meet business outcomes. At Blue Fox Group, we take a unique approach to aligning IT to business outcomes.