Cirencester Friendly adopts SecurEnvoy’s Data Discovery Solution to meet GDPR and PCI DSS Compliance

About the Company

Formed in 1890, Cirencester Friendly is a leading provider of income assurance solutions. From small beginnings over 100 years ago, and based on an original concept designed by George Holloway, today Cirencester Friendly employs over 70 people and has in excess of 37,000 members.

There are many reasons why so many advisers choose Cirencester Friendly, their award-winning products, published claims history and excellent personal service have helped establish the Society as a leading provider. As leaders in the income assurance field, Cirencester Friendly actively keeps abreast of the everchanging technology landscape as well as regulatory requirements to support information management and data governance processes.

Challenge – maximising on the latest technology to ensure compliance

Driven in part by the recognition that there are now new, affordable easy to deploy technologies available to assist end users and enterprises in the secure management of high value information. This coupled with the threat of high monetary penalties under the new EU General Data Protection Regulation (GDPR), and the UK’s Data Protection Act which came into force in May 2018, Cirencester Friendly were actively seeking information security and digital resilience solutions that would ensure they remained both competitive and compliant.

The main areas of concern regarding GDPR compliance for Cirencester Friendly were the discovery of Payment Card Information (PCI) and Personally Identifiable Information (PII) to comply with Subject Access (SAR) and Right to be Forgotten Requests. Cirencester Friendly were looking for a method of searching across all of their digital estate including endpoints, cloud-based applications, and their own servers to ensure GDPR requirements were being met. Without the ability to search at content level and locate their files, Cirencester Friendly recognised that they would have been unable to fully comply with both the GDPR and PCI requirements.

Specifically, Cirencester Friendly wanted to verify exactly where Personally Identifiable Information (PII) and PCI were stored across the enterprise as a first step towards compliance and digital resilience.

Result – clear, actionable intelligence on the location of sensitive data

In deploying SecurEnvoy’s Data Discovery solution, Cirencester Friendly was able to understand exactly where their sensitive data was being held across their entire digital estate. In addition, Cirencester Friendly also recognised that it was important that they also train their 70 staff members.

“Cirencester Friendly saw the introduction of the General Data Protection Regulation as an opportunity to look at the digital resilience of our internal processes. We identified that we had limited visibility of PCI and PII within the enterprise. SecurEnvoy, as experts in data discovery, were the obvious choice as a partner to meet our internal needs. We now have the ability to audit and monitor our data across all of our digital estate including servers and endpoints with subject access and right to be forgotten requests easily facilitated via the Data Discovery platform. The added bonus of using the platform to inform and train our staff on appropriate data usage was a significant differentiator.” Remarked Andrew Horsley, Company Secretary, Head of Compliance Cirencester Friendly

SecurEnvoy Data Discovery identifies, protects and reports on sensitive data across your digital estate including PCs, laptops and servers; as well as in the Atlassian Suite, Alfresco repositories, cloud sync folders and email archives. By providing powerful search, real time alerts (including on USBs), remediation and training capabilities to administrators, analysts and end-users, visibility of sensitive data at content level is available across the enterprise for the first time – allowing for a timely response to external requests, such as Subject Access or Freedom of Information Requests whilst assisting with compliance requirements and training.

Do you know where your sensitive data resides?