The environments we create are resilient and built to withstand failure. We focus on 100% functional availability of mission critical application clusters. Large organizations rely increasingly on complex and scattered application infrastructures that support their business operations. One moment of downtime can have dramatic consequences. Retailing, trading and internet banking are obvious examples where any infrastructure failure leads instantly to a loss of revenues or stunted growth.
We can take care of these application infrastructures through a deep-rooted risk management and right first time culture. At the same time, we keep pace with business demands for innovation and regulatory compliance – all critical to business success. Making such bold promises, it is crucial for our customers and ourselves that we are fully auditable.
Being responsible for mission critical systems, comprehensive risk management is essential. It is ingrained in everything we do. Together with the customer we identify potential risks, mapping business criticalities as well as dependencies within customers’ application infrastructures. We evaluate the potential impact and characteristics of the risks and determine the appropriate precautionary and security measures to minimize and, where possible, eliminate risks.
Once we start working we retain an ongoing record of every change made and continuously monitor and record their impact across the outsourced environment. This is critical to maintaining a reliable change and release management process, fully auditable. Every year we evaluate the risk profile with each customer. But the risk management itself is ingrained in every aspect of our day-to-day work.
We call Schuberg Philis the ‘auditable IT outsourcing company’. It is our standard practice to include corporate governance, regulations and compliance into the overall service and infrastructure management of the outsourced applications. We continuously update our best practices in close cooperation with customers, their internal audit departments and independent external auditors.
We apply the highest standards while remaining flexible to evolving business needs. This approach creates enormous efficiency and control with regards to audit planning. It’s easy to demonstrate, even on the fly, what has been done. This decreases regulatory and compliance burdens and allows our customers to actually benefit from audits.
Schuberg Philis is the first outsourcing provider whose ISO 27001:2005 Statement of Applicability (scope of the certification) covers all customer application infrastructures outsourced to Schuberg Philis as part of the audited and certified environment. For customers who require an ISAE 3402 (International Standard on Assurance Engagements, no 3402), we are capable of providing this in close cooperation with the customer on the specific type and scope.
Where possible we prefer principle based auditing over rule based auditing. Principles question the rationale of our behavior, rather than just the adherence to protocols. That gives us energy and ultimately leads to improved processes.