Our client, a leading multinational software enterprise based in the US, was preparing to launch their cloud security service product in the UK. As they were targeting customers in highly regulated industries, they needed an in-depth understanding of the UK compliance landscape to ensure the product would meet the required standards.
Delivered in-depth discovery research to ascertain how the client’s service offering would meet current and future compliance requirements in the UK.
6point6 set a high standard with this project, which the client hopes to see replicated in other geographies. To arrive at the end goal, we ensured the best use of resources was made, for example the identification of already existing technical controls that would satisfy the demands of the UK market. This, combined with our tried and tested methodologies and project management approach, helped to make the whole process extremely efficient.
The risks and costs that come with regulatory compliance can quickly undermine the business case for cloud services in new markets. Compliance in one territory doesn’t necessarily translate to compliance in others. Even general regulations can pose significant challenges, and when you’re looking to expand in heavily regulated markets, the stakes are that much higher.
Our US-based, global software enterprise client was looking to enter the UK market with a specialised cloud security product that’s designed for governments and private sector organisations with stringent security and compliance requirements.
A critical factor in their go-live plan was ensuring the product would adhere to EU and UK regulations and security standards.
As the first Amazon Web Services (AWS) Authority to Operate (ATO) partner in Europe, and having worked with several clients in the UK government, 6point6 had the expertise to support the client in understanding the local compliance landscape and aligning their service with UK security frameworks.
Our discovery focused not only on our client’s solutions, existing controls and areas of compliance but also, importantly, on the customers they wanted to engage with.
The client required a very broad set of specialisations to complete this compliance exercise, from in-depth knowledge of the standards for data privacy and information assurance to expertise in cyber architecture.
In addition to these skill sets, 6point6 brought valuable business insight to the engagement.
Because 6point6 has worked closely with several government departments and agencies across a broad range of services, we were able to share our insight into their operating environment and risk and threat landscape, as well as their unique concerns and individual requirements.
This helped us determine which of the many standards, frameworks and regulations our client needed to align with first. The priorities we identified as a baseline for the client were:
The client was already compliant with the rigorous standards of the US federal government’s Federal Risk and Authorization Management Program (FedRAMP). This allowed us to ‘match’ elements that were already in place with the UK/EU compliance requirements, then identify gaps that needed to be addressed.
Our approach was to reveal insights early and discuss our recommendations with the client as we identified them. This meant they did not have to wait for weekly updates before making changes, but could make regular, incremental improvements.
In addition to supporting the client in uplifting certain controls to acquire the relevant compliance certifications, we helped them create a proposed architecture for delivering the service – including where to house customer databases, given certain geographical restrictions.
With an actionable view of their exposure to cyber risk, a clear roadmap for aligning their services with UK security frameworks, and a set of cyber activities to support future projects, our client was able to take the product to market within their specified timeframe.