Skip to main content
Case studies

B of A GIS Third Party Assessment Program

Third Party Risk Management

Requirement

Assist a large and growing freight and logistics company with compliance relating to Bank of America’s Global Information Security (GIS) Third-Party Assessment Program.

Issues

The client had won a significant contract for freight services with Bank of America, but a notable condition of the contract was full compliance with BoA’s comprehensive GIS Third-Party Assessment Program. Upon inspecting the requirements for the program, senior leadership realized they needed immediate assistance.

Additional issues for the client

No Experience with Compliance at this Level: While the client had performed compliance audits in the past (i.e., SOC 1 and SOC 2 audits), the scale and complexity of BoA’s GIS Third-Party Assessment Program was something they had never seen before. Specifically, the BoF GIS requirements called for having dozens of information security policies and procedures in place, along with a handful of additional plans and programs relating to InfoSec, cybersecurity, and data privacy.

No Compliance Officer: The client had no official compliance officer, as such, no real ownership existed in terms of managing, or even beginning to understand the challenges in terms of developing all the required policies and implementing all the necessary controls. As a result, the CFO was tasked with the job, but had no experience with BoA’s GIS program requirements.

Missing Compliance Culture: Regulatory compliance was never high on the list in terms of organizational importance. Additionally, management often questioned why such a heavy investment in time and money was necessary.

Solution

Centris deployed a team of experts specializing in BoA’s GIS program that successfully accomplished the following:

  • Defined project scope and client participation.
  • Identified all control gaps and recommendations for remediation.
  • Completely reviewed all current security policy documentation and began authoring new BoA GIS specific policies and procedures.
  • Established contact and working relationships with all in-scope third-party vendors to begin the all-important task of identifying all external suppliers.

Outcome

  • Built and deployed an all-new information security, governance, and regulatory compliance program, one complete with policies, procedures, and processes.
  • Created a true culture of compliance where employees now understand and value information security, cybersecurity, and data privacy.
  • Implemented a continuous monitoring program for ensuring controls are properly monitored long after the consultants are gone.

Duration: 3 Months

Get the case study

Download the case study
Why Centris
As an internationally recognized business consulting firm, our highly trained employees work in every conceivable industry/sector in the global business arena. Centris has the knowledge and expertise you need for solving the challenges you’re facing. Our professionals are at the forefront of many of today’s most pressing risk, privacy, cybersecurity and compliance issues affecting organizations. We have a deep bench of talented professionals ready to go to work for you.
Ready to talk?