Mainframe Security & Risk Management

Deeping an eye on its core systems is key to management eager to ensure the continuity of its business. Receiving on a regular basis key indicator on its Core Mainframe environment is the first step to keep its systems up-to-date.

Deloitte is offering in depth internal audit of your Mainframe Environment, providing organizations a convenient way to follow-up and monitor its supporting Mainframe environment. This regular evaluation of the system is processed via metrics defined through the experience of Deloitte IT Specialists and continuously adapted following the technology evolution. 

Our objectives

Without appropriate and sufficient internal controls, sensitive and confidential information can be compromised. A secure environment provides assurance and value to your different stakeholders. Keeping track of Mainframe systems and comply with business and industry standards can be challenging as Mainframe technology is difficult to align with current internal control frameworks.

Deloitte's Mainframe team can assist you in developing an optimal internal control framework adapted to your environment and specific industry needs. Our expertise translates your internal control requirements into concrete Mainframe actions and we strive to find the personalized internal framework which ensures an adequate safeguarding of your assets and aligns with industry and business norms.

How we can support you

Based on our expertise with out of the shell technologies and deep understanding of the Mainframe infrastructure, we help our clients with a technical Mainframe assessment and identification of weaknesses and related risk exposure.

Our Centre of Excellence developed a set of automated tools based on already available reports and commands, increasing the scope coverage and the delivery efficiency and effectiveness.

The tools could also be used on a recurrent basis by customers to ensure compliance over a period (Mainframe Security as a service).

Thanks to the set of tools and the number of security assessment already performed, we developed a security benchmark, helping companies to compare their maturity versus other players in their sectors.

The benchmark also includes solutions deployed by other organisations in order to remediate identified weaknesses and helping them to strength their security.

Assurance to third parties

In an increasingly competitive and outsourced market, giving assurance to its customers and stakeholders is fundamental to support long-lasting collaborations.

Assurance ensures the integrity and reliability of business activities and demonstrates the willingness of companies to be transparent towards clients and partners.

Our Third-Party Assurance (TPA) services address regulator and marketplace demand to manage third-party risks. Throughout years of experience in the field, Deloitte’s TPA services helped clients facilitate efficiently the exchange of assurance-related data (privacy, control, cyber, etc.) across their user entity communities. These reports provide assurance to a broad range of clients and represent a significant competitive advantage when prospecting for new clients. 

Our objectives

Having a clear view during an implementation or a migration can be difficult:

• Acquiring a new business or merging two systems involves inherent costs and entails multiple challenges, that’s why suitable planning and technical support is an important enabler for a smooth execution of a new endeavor in a secure and familiar environment.

• An impact- and risk-analyses have to be complete and accurate to oversee complex projects from end-to-end.

Deloitte is offering, thanks to the expertise and capabilities enhanced through its engagements, frameworks to identify common bottlenecks and errors when planning and conducting significant ventures. Our know-how in managing and supervising implementation projects is expressed in the trust of our clients working in a Mainframe environment. 

How we can support you

• Provide vendor-independent health-check of client's mainframe environment through key controls, which offers a convenient way to check the configuration settings of the environment that supports core business.

• Assess encountered risks from environment health-check.

• Support mainframe migration.

• Address regulator and marketplace demands to manage third-party risks for core systems with Mainframe Third-Party Assurance (TPA) services.

You have outsourced the management of your Mainframeinfrastructure to a provider and you would like to evaluate the Mainframe service you are receiving against best practices and Mainframe service provided to other customers?

Our Mainframe Service Review will provide an independent peer comparison indicator on the service received compared to industry standards and other customers thank to the expertise of Deloitte.

We will also provide a clear action plan to remediate any service gaps. 

Our objectives

• Review the outsourced Mainframe Services includes a review of the Mainframe infrastructure, the relevant processes as well as the activities managed by the provider. Those translate in the following areas: People, Process and Technology.

• Evaluate of the knowledge of the environment and technologies as well as reviewing the right staffing (competencies and assignment commensurate with the infrastructure) is a necessary step before assessing the processes implemented. Processes instrumental for adequate Mainframe management should cover several areas such as Monitoring, Change Management, Backup configuration, etc.

Review of the technical implementation and configuration compared to best practice for the Mainframe, z/OS, IMS, RACF, CICS and tools used, is key. A review of failover and redundancy configuration and review of storage definition and configuration should also be included.

How we can support you

• Provide an independent review of the current service received from your provided;

• Provide clear action plan to remediate any service gaps and increase the service received from the provider; and

• Support management in their vendor review process and will support, if needed, an adjustment of the relationship with your provider.

With our different services and expertise on mainframe, we can support your Mainframe Security journey. Do not hesitate to reach out to us!