VioPoint

Financial expertise and attention to detail is the focus at Freedom One Financial – after all they have been managing and servicing retirement plans for over twenty-one years. Located in Clarkston, Michigan, Freedom One Financial is an independent, full service 401(k) plan administrator and recordkeeper to over 400 Plan sponsors, providing retirement planning, plan administration and investment advisory services to over 30,000 401(k) participants.

About a year ago Freedom One Financial made the decision to analyze their information security policies and procedures very closely. Like many financial organizations, Freedom One manages a variety of personal client information including social security numbers, account numbers, and other confidential client data. Protecting that information from disclosure or insider theft is one of their top priorities. In addition, Freedom One also wanted to improve their information security processes and implement a disciplined program approach to help them cost effectively manage risk and support growth.

Challenged with increasing volumes of information and limited IT resources, Freedom One Financial engaged VIOPOINT’s Enterprise Information Security Program to manage this project. "We went to outside security experts because they have the program expertise we needed. Our IT department is small and we just didn’t have the resources or knowledge base to manage this as completely as was needed," commented Eric Benedict, Business Process Manager at Freedom One Financial.

VIOPOINT’s Enterprise Information Security Program begins by understanding the current security posture of an organization. Then utilizing a best practice maturity model and a self assessment survey the organization is given a baseline risk score. Once this has been established VIOPOINT develops a detailed strategy and plan to help the organization achieve their desired security posture.

One common flaw of resource-challenged organizations is managing security in a reactive mode. Freedom One Financial is now managing security proactively with this approach. "Two of the biggest benefits of this project has been classifying all of the potential ways that data can leave our company and identifying solutions to limit the risk of that happening. And we have done this without increasing the burden on our staff," said Benedict.

VIOPOINT ‘s Enterprise Information Security Program provides Freedom One Financial with the expertise, tools, and program approach to develop and sustain a cost-effective Security Program that is proactively managing risk without adding resources or technology tools.

Benedict has some advice for those organizations that have limited IT resources and are looking for better methods of managing risk and compliance, "It’s good to have an outside security expert look at your security policies and procedures. You need holistic testing, both externally and internally, to make sure those policies are being followed."