Expensive Headache or Painful Heartache ?
Andrew McTaggart
Senior Manager - IT Security & Change Control

What is the EBRD?
8
6
4
2
0
14
12
10
94 95 96 97 98 99
• International financial institution est. 1991, owned by 60 national and supranational shareholders
• Promotes market-based economies in 27 countries in central & eastern Europe and the former Soviet Union
• Committed €16.5 bn for 708 projects to date
• Capital base of
€20 billion

What are the EBRD’s objectives?
To promote:

Transition to free, market-based economies by supporting private and entrepreneurial initiative

A better investment climate

Good corporate governance at project, corporate and country levels

Environmentally sound and sustainable development

Operational priorities

Continue to support the creation of sound financial sectors

Develop small and medium-sized enterprises

Promote infrastructure development

Demonstrate ways of restructuring large enterprises

Take an active approach to equity investment

Promote a sound investment climate and stronger institutions

Bank Resources

Available Headcount
–
750 Permanent Staff of which 36 are in IT
–
450 Consultants, Contractors and Temps

Singular Resource - Me

Current Activities
–
IT Security
–
Business Continuity
–
Change Control Management

So where do we go

Recruit staff
–
Available Headcount

Do nothing - is this realistic
–
IT Security is the management and negation of risk within the IT environment

Outsource -
–
Tap into external expertise
–
Consultancy or Service Provision

So why Outsource
• Delivery of service within available headcount
• Access to new technology
• Access to best practise
• Quantifiable cost of IT
• Reliable service
• Flexible service
• Manage risk exposure

How do we Outsource

Tender - strong pressure to be cost driven upon value (up to 80% in some circumstances)

Selection against a defined set of criteria which can, and probably will, change due to the length of the process

Procurement
–
The rules that apply to desks and chairs are not applicable for complex IT solutions
–
We are not buying “Tin”

Need to become transparent

What’s been achieved regarding IT Security
• Firewall administration, support and maintenance
• Wide Area Network support
• Local Area Network support
• Server and Desktop support

Experiences - Headache or Heartache
Internal
• Security Policy remains Bank’s property
• The Bank retains control of all changes
• Change Control – 1 hour ‘impact statement’
• Secure Sign off process
• Bank’s IT staff can focus on core application/business issues

Experiences - Headache or Heartache
External

Monthly reporting on service delivery and network utilization

Technical Account Manager – Customer/Support liaison

Firewall monitoring and support provided 24 x 7

End to end VPN service support

Review process every 6 months

What would I change
In an Ideal World
• Flexibility with the delivery of service
• Standardisation onto a global
At the EBRD
As the IT Director says
“Life at the EBRD is never dull” and this especially applies within IT

Questions
Contact details: e-mail: mctaggaa@ebrd.com
Phone: +44 20 7338 6704