This site uses cookies to provide you with a more responsive and personalized service. By using this site you agree to our use of cookies. Please read our cookie notice for more information on the cookies we use and how to delete or block them.

Bookmark Email Print page

Information & technology risk


To succeed in the future, businesses need to be aware of all risks that threaten their operations. Technology is a critical component of any operation and a key enabler for realising business objectives.

Awareness of technology risks and impacts is vital to making informed decisions and mitigating risk appropriately. Getting controls right enables organisations to effectively manage risks and drive performance. It also keeps costs down, grows revenue, secures assets and meets legal and regulatory compliance, as well as the expectations of customers, partners and shareholders.

Deloitte’s service offering

Deloitte provides a broad range of services to respond to a fast and constantly changing environment.

Deloitte's information & technology risk professionals help financial institutions deal with issues related to business process, technology, operational and financial risk. Our aim is to enable clients to measure, manage and control risk, thereby enhancing the reliability of processes and systems across the board.

IT regulatory compliance in the financial sector

Deloitte can assist in assessing compliance of your current or target IT operating model, propose pragmatic recommendations for remediation and improvement, as well as assist in communications with the regulator. 

Specifically, Deloitte can offer support in addressing requirements on IT/IS functions and outsourcing set forth in CSSF circular 12/552, as amended, on global resource access tools laid down in CSSF circular 13/554, and more broadly, in the launch of new banking channels (e.g. mobile web banking, etc.).

In particular, our specialists can provide on-demand assistance to the member of management assuming the role of Information Security Officer: from understanding where the information security organisation currently stands, through to defining a target security control framework and providing technical expertise as needed.

Information technology audit

Deloitte can assist boards and senior executives to better understand and manage their current Information Technology risks by providing independent and expert IT control assessment and designing tailor-made recommendations to align IT controls with industry standards, regulatory requirements and best practices. 

Deloitte also helps service organisations demonstrate IT compliance to third parties through SOC 1, SOC 2 and SOC 3 third-party assurance reports issued under ISAE 3402/SSAE 16 or ISAE 3000 standards.

System conversion and data migration assessments

Our information & technology risk specialists can assess your overall project plan and risk management throughout all phases of your project, ensure that the target environment will work as planned, which includes both the target application and its upstream/downstream applications, and provide assurance on the quality and accuracy of the new environment's data output.

Security management

Deloitte helps organisations address a wide range of security requirements, using proven methodologies to design and implement programs and solutions around IT Security policies and standards, governance and strategy, IT risk management framework, metrics and automated dashboards.

Identity & access management

By combining business process, security and controls, critical business applications, project management and technology skills with in-depth vendor software knowledge, Deloitte can help you maintain authorised access to information at any time, from anywhere, by employees, business partners and customers.

Business continuity management

Deloitte assists financial institutions in improving their resilience against disruptions by providing a method of restoring their key products and services to an agreed level and within an agreed timeframe after the disruption’s occurrence.

De-perimeterisation risk & security

Deloitte can help organisations address the underlying challenges raised by de-perimeterisation and moving IT assets, users and data outside of the traditional network perimeter. 

Deloitte provides assistance in ensuring a controlled deployment of Mobile Device & Bring Your Own Device (BYOD), Cloud Computing, End-Users Networks, Social Media Risk Assessment and Digital Trust Services.

Infrastructure & operations security

Deloitte can help address the challenges of creating a more secure, efficient operating environment, by addressing all the layers of IT infrastructure components, as well as the related operational processes.

Vulnerability management & intrusion testing

Deloitte ethical hackers can perform or assist with the assessment of IT infrastructure, networks and business applications to identify attack vectors, vulnerabilities and control weaknesses. 

Our team also has experience in developing and deploying the technical and architectural improvements necessary to reduce exposure to both internal and external threats.

Incident response & forensics

Deloitte can assist organisations in getting prepared before an attack takes place, developing early detection capabilities and responding effectively in the event of an attack.

Our approach to Cyber Incident Response blends deep technical skills, crisis management expertise and business intelligence to deliver a complete service, when and where organisations need it most.

Privacy & data protection

Deloitte can help organisations enhance privacy and data protection processes and solutions to reduce risk exposure and strengthen compliance, including help in the following areas: Data Loss Prevention, Data Privacy Compliance and Legal Archiving Readiness (PSDC).


  • Roland Bastin
    Partner - Information & Technology Risk
  • Stéphane Hurtaud
    Partner - Information & Technology Risk

Related links

  • ExternalURL
    Link'n Learn
    Deloitte in Luxembourg has launched new online series: Link’n learn | Interactive access to Deloitte knowledge
  • ExternalURL
    Deloitte screens and identifies significant issues for your business and conveniently wraps them in podcasts, which you can either download or watch on your computer
  • ExternalURL
    List of the forthcoming events organised by the Luxembourg office

More Learn more

  • Deloitte report outlines threats for seven industries and provides tips - 24/07/2014
    Today’s senior executives must deploy a cyber-defense that is secure, vigilant, and resilient, according to a report recently released by Deloitte Touche Tohmatsu Limited (Deloitte Global).
  • Deloitte Luxembourg and EBRC look into the cyber security journey - 10/06/2014
    Most security breaches are still perpetrated by external attackers and the financial services industry is particularly exposed to security incidents with confirmed data loss.
  • Deloitte’s 10 tips for better cyber security - 07/02/2014
    Addressing the increasing threat of cyber-attacks, Deloitte cyber experts have analysed the current situation in the market and presented 10 key recommendations.
  • Deloitte security consulting ranked #1 globally by Gartner - 18/07/2013
    According to Gartner’s ‘Market Share Analysis: Security Consulting, Worldwide’ 2012 report, Deloitte was ranked #1 globally in security consulting based on revenue.



Stay connected:
Get connected
Share your comments
More on Deloitte Luxembourg
Learn about our site

Recently published