(609) 921-3551 Home | Contact

We help make businesses safe, providing peace of mind for our clients, their customers, and key stakeholders.

Press Release

May 15, 2006
Princeton, New Jersey

FEDERAL RESERVE BANK OF NEW YORK'S NATIONAL INCIDENT RESPONSE TEAM BECOMES FIRST IN NORTH AMERICA TO ACHIEVE ISO 27001 CERTIFICATION FOR INFORMATION SECURITY BEST PRACTICES

Churchill & Harriman Engaged for Pre-Certification Consulting

PRINCETON, NJ, May 15, 2006 - Churchill&Harriman (C&H), experts in risk assessment and mitigation services for more than a decade, announced a major milestone in information security: Its client, the Federal Reserve Bank of New York, is the first organization in North America to be certified to the new ISO/IEC 27001:2005 information security standard. C&H provided strategic implementation advice and documentation consulting for the Bank that preceded the certification.

C&H, a recognized leader in the international standards community, is one of only six elite U.S. companies to be named an Associate Consultancy by BSI Management Systems, the leading registrar of standards. C&H is also a Leadership Team Member and certified Member Implementation Partner of the Secure Access For Everyone (SAFE)-BioPharma Association. SAFE delivers unique electronic identity credentials for legally enforceable and regulatory-compliant digital signatures across the global bio-pharmaceutical environment.

"The Federal Reserve Bank of New York is leading by example, and it will undoubtedly be the first in a tidal wave of U.S. organizations seeking independent, third-party verification of their information security management systems," said Ken Peterson, chairman and CEO of C&H. "The significance of this milestone cannot be overstated."

"The Bank recognized that certification to ISO 27001 would validate, enhance and acknowledge the security best practices already in place. The leadership and commitment of the project team was outstanding," said Barry Kouns, lead C&H consultant on the engagement.

In the U.S., the regulatory and compliance requirements imposed by the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act (SOX), and the Federal Information Security Management Act, among others, are all best met through the development of an ISMS (Information Security Management System) that is integrated, comprehensive and incorporates widely recognized best practices. ISO 27001 certification is an essential step toward effecting and demonstrating compliance with both current and future legislation.

About ISO/IEC 27001:2005

In July 2005, the British Standard, BS 7799-2:2002, was updated and released as a final draft standard in support of the June 2005 update to ISO/IEC 27001. On October 15, 2005, the International Organization for Standardization (ISO) released the final version of the standard as ISO/IEC 27001:2005. ISO 27001 is the formal standard against which organizations may seek independent certification of their Information Security Management Systems, meaning their framework to design, implement, manage, maintain and enforce information security processes and controls systematically and consistently throughout the organizations. The final version of ISO 27001:2005 is available now from ISO or BSI. More information is available at www.iso.org, www.bsiamericas.com and www.xisec.com.

About C&H

Founded in 1986, Churchill & Harriman (C&H) has been a leader in information technology consulting and experts in risk mitigation for over two decades. C&H serves Fortune 500 companies in the financial, life sciences, insurance, manufacturing and education sectors along with government entities. C&H has hands-on experience in leading both large and small organizations through the ISO/IEC 27001:2005 compliance and certification process. C&H also has a proven methodology to assist BS 7799-2:2002 certified organizations to upgrade to ISO 27001:2005. With expertise in information security, regulatory compliance, privacy and standards, C&H helps clients develop and implement controls and procedures that identify, value, and mitigate business risk. C&H also delivers compliance tools and training and communications support to help clients incorporate risk mitigation into everyday strategy.

Press Contact:

Churchill & Harriman
Email: info@chus.com

 

Cost Optimazation for the Global Financial Services Community

"Through its membership and contributions to the Shared Assessments Program, Churchill & Harriman has demonstrated its leadership in global vendor management innovation. The Shared Assessments tools contribute to the differentiation of C&H’s program, maximizing risk assessment cost optimization while raising the bar on global information security and privacy protection."

Shared ASsessments / BITS Catherine Allen, Chairman and CEO, The Santa Fe Group
Founder, Shared Assessments Program
BITS, A Division of The Financial Services Roundtable

Case Studies

Compliance Consulting for a Fortune 20 Financial Services Company

Our client's objective was to become certified to ISO 27001 within their Global IT Infrastructure function. They turned to Churchill & Harriman. While consulting our client through the achievement process of certification to ISO 27001, C&H helped the organization harmonize two of five global IT processes into one, crossing departmental boundaries. In addition to resultant cost savings and process efficiencies, our work enabled our client to successfully address a Federal regulatory finding.... read more > >

Global Risk Assessments for a BPO

A publicly traded Business Process Outsourcing Service Provider (BPO) needed to meet security and privacy contractual requirements on a $1B contract with a new customer. Churchill & Harriman was chosen to develop risk (security, privacy, and compliance) criteria upon which our client's vendors were subsequently assessed. Employing the new risk criteria, C&H then conducted several onsite risk assessments on the BPO's vendors located around the globe, enabling the BPO to meet the security and privacy requirements their customer had of them.... read more > >

Vendor Management Program Optimization

A major global financial services corporation that provides custody and asset servicing wanted to improve their internal and external risk posture. Churchill & Harriman was engaged for a series of projects. Existing vendor risk assessment criteria were mapped to ISO 27001/2 and BITS Shared Assessments Program elements, thus ensuring our client's compliance with FFIEC guidelines and industry best practices. A new classification system for vendors was established that simplified and reduced the cost to both our client and their vendors. Additionally, a new approach to conducting information security and compliance assessments of the vendor base was developed, resulting in further and significant cost savings for both our client and its vendors.... read more > >

Business Continuity Plan Development for a Global Life Sciences Company

The largest division of a Fortune 50 client engaged Churchill & Harriman to develop and successfully test a comprehensive Business Continuity Plan for them. In addition to delivering the new BC Plan, C&H provided recommendations for improvement in planning, process and Plan execution, leveraging industry best practices including BS 25999. Our recommendations were subsequently provided to our client's Corporate Governance function so that they could be leveraged across their global enterprise.... read more > >

Information Security Services for a Global Life Science Corporation

To improve their risk posture, a Fortune 50 client determined to rigorously assess their global information security policies and practices. Churchill & Harriman was enlisted to conduct an ISO 27001-based Gap Analysis. C&H's work revealed numerous opportunities for our client to optimize cost, controls, and processes within their global information security function.... read more > >

Enterprise Privacy Program Strategy and Implementation for an International Pharmaceutical Corporation

Churchill & Harriman's ongoing contributions have better positioned this Fortune 50 client to meet its global privacy compliance requirements, including Safe Harbor for all of its U.S.-based companies. C&H provides recommendations to our client on addressing the dynamic global landscape of privacy challenges, providing analysis and input on their Enterprise Privacy Program. C&H works in conjunction with other Compliance stakeholders within the enterprise to ensure that our client's Privacy Program investments are optimized, and to lower our client's overall annual cost of compliance.... read more > >

Read All Case Studies

Testimonials

“Churchill & Harriman has provided exceptional support and service across a number of highly visible risk management activities across the globe. You and your team have exceeded my expectations and done so on time and under budget, without exception. C&H conducts themselves with the highest levels of demonstrated competency and integrity on my behalf, recognizing required interdependencies and challenges while working on our critical global initiatives. Most of all, I deeply appreciate the substantive results C&H has produced for my colleagues and me. I recognize this is founded on the open and honest lines of communication I have with you and the C&H team.”

Chief Information Security Officer
Fortune 100 Corporation

"I am happy to endorse Churchill & Harriman to any organization interested in enjoying a close relationship with a risk mitigation consultancy that I consider an important part of my daily business. I can truly state, without hesitation, that Churchill & Harriman provides the highest degree of honesty, integrity and ethics, and has become a vital component to our success."

Director, Worldwide Information Security
Fortune 50 Corporation

"I want to express my appreciation for the outstanding service that your firm [Churchill & Harriman] has provided over the years. I consider you a trusted business partner who takes a deep personal interest in our success, and I appreciate your honesty and integrity."

Chief Information Security Officer,
Global Financial Services Corporation

"Churchill & Harriman has been consulting to us on enterprise-wide business risk mitigation maters for seven years now. We continue to receive the same dedicated service and support from C&H that we received from day one. Few business partners have provided such validated ongoing commitment to customer satisfaction."

Director, Worldwide Information Security
Fortune 50 Corporation

©Copyright 2010 Churchill & Harriman, Inc. All rights reserved. Design by Asenka.