Overview

For over 40 years, Commonwealth Financial has been committed to providing businesses with financial management assistance. Today, Commonwealth is the largest privately held independent RIA broker/dealer in the US. Commonwealth’s practice management experts lend insights and strategies on firm evolution, staffing, financial analysis, and more to solo practices, multiadvisor ensembles, or large-scale enterprises. In addition to its financial practice, Commonwealth also provides model portfolios for investment solutions and comprehensive solutions to community building, compliance, and marketing.

Challenge

Advanced Customer Requirements | Siloed Risk and Compliance
Processes | Using Spreadsheets

Commonwealth had been undergoing a two to three-year process of transitioning from an MSSP to an in-house security program, applications, and cloud infrastructure. Along with these structural changes, the firm was phasing out its siloed GRC approach with a renewed focus on cyber risk. Commonwealth ran IT compliance and risk assessments on spreadsheets and needed a solution that automated the process and centralized all data holistically, with the ability to standardize the program across the enterprise while quantifying cyber and IT risk. Starting on their maturity journey led by the CISO and InfoSec team, Commonwealth needed to integrate their systems using a flexible platform for greater dynamic risk visibility and cyber risk quantification such as FAIR. In addition, the business needed to align with standards such as FFIEC, FINRA, NIST, and others as requirements came in without performing another assessment project and increasing redundant efforts.

Solution

Unified Risk and Compliance Management | Assessment Automation | Agile, Real-Time Reporting

CyberStrong was able to tackle all of Commonwealth’s cybersecurity program priorities, beginning with the automation of risk and compliance assessments and standardization across business units in a single, flexible system of record. CyberStrong provides a holistic view of risk from the cybersecurity and IT perspective, breaking down the GRC silos that Commonwealth was trying to move away from through a robust feature set, integrations, and intuitiveness.

With the FAIR Model built into the platform, CyberStrong provides rapid risk quantification and displays a flexible view of the business’s mitigated, inherent, and residual risks. Using executive risk reporting, the CISO and Head of Information Security Risk can convey risk data upstream with Standard Risk Reports, Risk Assessment Reports, and Optimization Reports. Commonwealth can use the CyberStrong platform to create a comprehensive risk register to enhance risk tracking and foster a cohesive approach to cybersecurity.

CyberStrong’s NLP-backed crosswalking projects security posture data across frameworks, standards, or custom control sets to solve the problem of redundant assessment projects across frameworks. InfoSec leaders can crosswalk across several regulatory standards, including the FFIEC’s and FINRA, to see current compliance posture results within seconds regardless of the control set, whether custom, voluntary or regulatory.