Security according to the highest compliance standards
The financial sector has very high security requirements. The Dutch Bank and AFM require companies to cover every operational risk and take sufficient mitigating measures.
“Nsecure is one of the few security companies that can meet our required compliance level as this is often too complex for other companies.”
Meeting the highest compliance standards
The choice of Nsecure as a security partner is obvious, explains Gerard Versluis, Portfolio Manager of Hard Services Security Facility Management at NN Group: “The financial sector has high security requirements. The Dutch Bank and AFM require companies to cover every operational risk and take sufficient mitigating measures, from data breaches to packages that may explode. This also places very high demands on your IT environment. Nsecure is one of the few security companies that can meet our required compliance level, which is often too complex for other companies.”
The regulations for the financial sector have significantly tightened in recent years. If a company fails to comply with or insufficiently demonstrates how risks are managed, this can lead to high fines and reputational damage. Nsecure is the market leader in security within the financial sector and works for four of the five largest banks and some of the largest insurers in the Netherlands. As a result, the company knows this playing field inside out. Versluis says: “We have been working with Nsecure for almost twenty years and know that they meet the highest standards.”
Coordinator for security
The collaboration between Nsecure and NN Group, which has labels such as Nationale-Nederlanden, Movir, Ohra, and NN Investment Partners, dates back to 2005. At that time, Nsecure won a tender for the delivery and maintenance of the access control system. Over time, their services have been further expanded. Nsecure is now the main contractor for NN Group for installation, maintenance, operation, and advice on the company’s security systems in the Netherlands and Belgium. Through the longstanding relationship with NN Group, a partnership has emerged where intensive cooperation takes place in the field of security.
What started in 2005 with a tender for access control has now grown into a close partnership. For the Dutch and Belgian offices of Nationale-Nederlanden, Nsecure installs, maintains, and operates most hardware systems and software platforms in the physical security area. The choice is evident for the insurer and asset manager: “Nsecure can meet the highest compliance standards required by the financial sector and always keeps its promises.”
‘Enormous reservoirs of valuable data’
Nsecure has been responsible for implementing and operating all physical security systems for the Dutch and Belgian offices of NN Group since 2012. Nsecure also provides central software platforms, including the workflow and identity management platform YIM for the card management process for employees and systems for access control and camera observation.
"These systems are 'enormous reservoirs of valuable data"
Ton van Klei, Sales Manager of Safety & Security for the financial sector at Nsecure, said: “NN Group can extract compliance-related information from here. For example, they can demonstrate that only authorized personnel have accessed specific areas, making them demonstrably in control. But they can also extract completely different forms of information. Think of occupancy rates of buildings for real estate management.”
Jointly developed security model
Nsecure has developed a model along with the NN Group that translates the insurer’s security policy into the application of security components such as cameras, intercoms, intrusion detection, and access control in its buildings. Project managers can easily implement security measures, detect deviations, and mitigate risks with this model.
Van Klei said, “Each room has a different risk profile, think of rooms where the ICT network components are installed or the room where the Board of Directors meets. The model describes which measures are applicable to mitigate different risks in different areas sufficiently.
Based on this, protective measures are implemented, such as access based on the four-eye principle with camera observation as support. Of course, safety aspects, such as escape routes, are always considered. This goes beyond the component level, also considering IT security.”
The co-development of policies is in line with Security as a Service, the total service provision with which Nsecure can take over the entire access and security policy at companies, both in terms of personnel and technology.
Card Management as a Service
Since January 2021, the NN Group has been using Nsecure’s workflow and identity management solution YIM to apply for, issue, and activate employee access passes. The entire process is designed with a self-service approach. The employee only needs to upload a passport photo and choose a pickup location. Nsecure then fully automates the employee pass production until the employee receives a QR code to pick up and activate the pass at the reception of the chosen location.
The co-development of policies is in line with Security as a Service, the total service provision with which Nsecure can take over the complete access and security policy at companies, both in terms of personnel and technology.
This offers the NN Group much more flexibility as the process can easily be scaled up or down. Versluis says, “If NN Group takes over a company with 500 employees today, a similar number of passes can be sent next week. Such an automated process also saves a lot of time.” There is also 100 percent continuity: access passes for access control can be requested online 24/7 without an NN facility employee needing to be available.
Van Klei says, “This is unique within the financial sector, as access passes are usually handled in-house. Such systems, which are hosted in an external data center and linked to the company network, are subject to high compliance requirements by regulators. Such solutions must also be reported to the DNB, for example. Employee personal data must remain secure, and the insurer’s network must be well shielded from malicious individuals.”
Versluis is pleased to note that the Card Management as a Service process is running smoothly: “The only issue is that people still need to get used to the fact that they can do this themselves. Just as people had to get used to the disappearance of bank branches, resulting in them having to manage their own online banking.”
This process of Card Management as a Service runs smoothly.
Three pillars of the partnership
The nearly two-decade collaboration has resulted in an increasingly close relationship. Van Klei says, “Our people have become like employees of NN: they are fully integrated. That is quite exceptional, as naturally strict requirements are associated with that.” Versluis adds, “We have indeed become colleagues, and we always know how to reach each other quickly.”
The three pillars of the partnership focus on taking care of complex matters, providing 24/7 continuity in security, and knowledge of the playing field of financial institutions. Versluis particularly praises Nsecure’s reliability: “Nsecure always delivers on its promises. That is not the case with every company. When signing a contract, other companies promise the moon, but after a year and a half, it turns out to be disappointing. Nsecure always keeps its promises.”
A future with biometric access control
The NN Group and YIM have exciting plans, with the insurer increasingly focusing on its core tasks and YIM taking on security, safety, and hospitality issues. YIM will be expanded with the ability to register visitors in advance and apply for authorizations for particular rooms. By the end of 2021, all buildings in the Netherlands and Belgium must also comply with the NN Group’s established security policy.
A significant step NN wants to take with YIM is biometric access control. Versluis says, “We have created a test environment to investigate how biometrics can be used for better physical security and a building with a more cheerful appearance. The underlying principle is hospitality: you have access everywhere unless biometrics indicate you cannot enter. We are on the verge of a major biometrics adoption, and we are confident that YIM can seamlessly apply it.”
Need more information?
Interested in how our innovative access control and security solutions lead to business continuity, risk reduction, compliance, and cost savings within your organization? Our specialists are happy to discuss the possibilities with you. Contact us.