Overcome existing challenges and achieve high standards of information security management that are aligned with business objectives.

Corporations are under pressure to become compliant with legislation such as Sarbanes Oxley and Bill 198, and industry regulations such as FFIEC, NERC, and PCI.  There is a sudden demand in the market for security expertise and a scarcity of quality resources.  Many diverse and rare skill sets are required in an effective security team, and hiring resources with limited experience when building enterprise security programs carries a significant risk. As a result of this situation, companies are facing the following challenges:

• Compliance audit process with negative results
• Lack of credibility and support for the Security Position
• CISO transition jeopardizing current strategy
• Unfulfilled Senior Security Function
• Repeated security incidents
• Lack of credibility of security strategy

CIO's and business executives are under pressure to find faster and more cost effective solutions.

TELUS Enterprise Security Program (ESP) enables enterprises to overcome existing organizational challenges and achieve high standards of information security management that are aligned with business objectives.  It provides experienced leadership, specialized skill sets, a solid policy framework, and a phased implementation approach. Its fundamental objective is the alignment of the existing practices with compliance and security requirements.

Key Features and Benefits

TELUS provides a complete program and team equipped with strategic business risk assessment expertise, knowledge of the most current best practices, a clear understanding of compliance requirements and milestone deadlines, highly effective tactical execution resources, and pre-existing intellectual property in areas such as policies, technical standards, and implementation methodology.

The Enterprise Security Program includes the following activities:

• TELUS will immediately deploy a team of security practitioners experienced in establishing the enterprise security functions, including a senior resource to act as CISO
• Additional resources are available on demand as they become necessary
• TELUS leverages and adapts a pre-existing Enterprise Security Program Model, containing TELUS intellectual property in the areas of security control frameworks, enterprise security policy, practices and standards
• TELUS commits to a Program Charter with clearly defined objectives, milestones, and priorities
• Both “Build and Transfer” and “Build and Operate” program modes are available

Through this unique model, TELUS is committed to providing successful deliverables that achieve client milestones, rather than simply providing resources. The team draws upon all the skillsets contained within TELUS pool of dozens of specialized and experienced information security professionals, tapping a much broader and deep pool of expertise than would be feasible to hire internally, and can rely upon a tried and tested enterprise security implementation methodology.

TELUS also offers specific IT governance and compliance services to help organizations carry out their plans. The following services are offered:

• Threat & Risk Assessment
• Policy Consulting
• ISO 17799 Assessment
• PCI Consulting
• Privacy Assessment