Security according to the highest compliance standards

Meeting the highest compliance standards

The choice of Nsecure as a security partner is obvious, explains Gerard Versluis, Portfolio Manager of Hard Services Security Facility Management at NN Group: “The financial sector has high security requirements. The Dutch Bank and AFM require companies to cover every operational risk and take sufficient mitigating measures, from data breaches to packages that may explode. This also places very high demands on your IT environment. Nsecure is one of the few security companies that can meet our required compliance level, which is often too complex for other companies.”

The regulations for the financial sector have significantly tightened in recent years. If a company fails to comply with or insufficiently demonstrates how risks are managed, this can lead to high fines and reputational damage. Nsecure is the market leader in security within the financial sector and works for four of the five largest banks and some of the largest insurers in the Netherlands. As a result, the company knows this playing field inside out. Versluis says: “We have been working with Nsecure for almost twenty years and know that they meet the highest standards.”

Coordinator for security

The collaboration between Nsecure and NN Group, which has labels such as Nationale-Nederlanden, Movir, Ohra, and NN Investment Partners, dates back to 2005. At that time, Nsecure won a tender for the delivery and maintenance of the access control system. Over time, their services have been further expanded. Nsecure is now the main contractor for NN Group for installation, maintenance, operation, and advice on the company’s security systems in the Netherlands and Belgium. Through the longstanding relationship with NN Group, a partnership has emerged where intensive cooperation takes place in the field of security.

What started in 2005 with a tender for access control has now grown into a close partnership. For the Dutch and Belgian offices of Nationale-Nederlanden, Nsecure installs, maintains, and operates most hardware systems and software platforms in the physical security area. The choice is evident for the insurer and asset manager: “Nsecure can meet the highest compliance standards required by the financial sector and always keeps its promises.”

Jointly developed security model

Nsecure has developed a model along with the NN Group that translates the insurer’s security policy into the application of security components such as cameras, intercoms, intrusion detection, and access control in its buildings. Project managers can easily implement security measures, detect deviations, and mitigate risks with this model.

Van Klei said, “Each room has a different risk profile, think of rooms where the ICT network components are installed or the room where the Board of Directors meets. The model describes which measures are applicable to mitigate different risks in different areas sufficiently.

Based on this, protective measures are implemented, such as access based on the four-eye principle with camera observation as support. Of course, safety aspects, such as escape routes, are always considered. This goes beyond the component level, also considering IT security.”

The co-development of policies is in line with Security as a Service, the total service provision with which Nsecure can take over the entire access and security policy at companies, both in terms of personnel and technology.

This offers the NN Group much more flexibility as the process can easily be scaled up or down. Versluis says, “If NN Group takes over a company with 500 employees today, a similar number of passes can be sent next week. Such an automated process also saves a lot of time.” There is also 100 percent continuity: access passes for access control can be requested online 24/7 without an NN facility employee needing to be available.

Van Klei says, “This is unique within the financial sector, as access passes are usually handled in-house. Such systems, which are hosted in an external data center and linked to the company network, are subject to high compliance requirements by regulators. Such solutions must also be reported to the DNB, for example. Employee personal data must remain secure, and the insurer’s network must be well shielded from malicious individuals.”

Versluis is pleased to note that the Card Management as a Service process is running smoothly: “The only issue is that people still need to get used to the fact that they can do this themselves. Just as people had to get used to the disappearance of bank branches, resulting in them having to manage their own online banking.”

A future with biometric access control

The NN Group and YIM have exciting plans, with the insurer increasingly focusing on its core tasks and YIM taking on security, safety, and hospitality issues. YIM will be expanded with the ability to register visitors in advance and apply for authorizations for particular rooms. By the end of 2021, all buildings in the Netherlands and Belgium must also comply with the NN Group’s established security policy.

A significant step NN wants to take with YIM is biometric access control. Versluis says, “We have created a test environment to investigate how biometrics can be used for better physical security and a building with a more cheerful appearance. The underlying principle is hospitality: you have access everywhere unless biometrics indicate you cannot enter. We are on the verge of a major biometrics adoption, and we are confident that YIM can seamlessly apply it.”