Bridewell is an NCSC-certified cyber security, managed security, penetration testing and data privacy solutions provider. We asked them for their perspective on how they help TrustQuay and our clients achieve "ultra-robust security as a basic expectation.".

The challenge

Serving organisations in the trust, fund and corporate services sectors, TrustQuay’s customers operate in a fast-changing environment in which there is a continually growing focus on security and regulation. Additionally, these organisations’ clients range from high net-worth individuals to corporations and trust funds. As such, the provision of highly personalised and private services means ultra-robust security is a basic expectation for the types of clients they serve.

High customer expectations and increasing regulation have driven consolidation and modernisation of services across the industry which is where TrustQuay’s integrated software and wealth management solutions come into play. “The industry has been ripe for modernisation and underserved by technology” says Joe Sefton Jenkins, Global Head of Technology & Development at TrustQuay. Its solutions, such as its NavOne and 5Series trust and fund administration platforms drive efficiency and automation for these organizations.

In order to first engage with and then retain clients, TrustQuay must be able to demonstrate the most robust levels of security possible within its products. TrustQuay’s own software and internal practices need to undergo serious scrutiny to ensure the levels of security expected by its clients can be continually met.

The solution

 TrustQuay set out to find a security and risk assurance partner that it could build a long-term relationship with, that could provide ongoing support and consultancy around the security of its software and internal practices. The right partner would need to be at the forefront of information security and able to provide expertise and guidance on the latest security issues as they develop.

TrustQuay chose to partner with Bridewell based on the depth of its expertise and the strength of the work it does with government and large financial institutions. To test the security resilience of TrustQuay’s products, Bridewell regularly performs penetration testing on the software and reports back the results with insights into where and how any improvements can be made.

“Bridewell have listened to what our business does, what our needs are and understands what we’re trying to solve,” says Sefton Jenkins. “They provide wraparound care to help us meet our objectives. For them it’s not just about executing penetration testing – we benefit from deep, ongoing engagement around all of our software security and internal practices.”

The results

As security concern has grown globally in recent times, so did interest in the issue from TrustQuay’s customer base, particularly in what work was being carried out around product security. Bridewell has worked with TrustQuay through events and webinars that educate and inform the customer base around the threats that they’re exposed to and what TrustQuay do to mitigate those threats.

"We now get regular requests from customers asking us to share details of our security practices and results of penetration testing,” says Sefton Jenkins. “Working with Bridewell has helped to instill customers and ourselves with the confidence that we’re building our applications securely.” 

The partnership has also helped TrustQuay to raise internal awareness of security practices. For Sefton Jenkins, this is an absolutely critical benefit. “The depth of expertise from Bridewell has helped my team think about the security risks of the things they’re working on in a much more astute way.”

“Having a partner like Bridewell standing shoulder to shoulder with us not only enhances our credibility but helps our customer base understand the necessary levels of investment to improve their practices through our services.”

TrustQuay continues to demonstrate its commitment to cyber security and protecting its customers and are also working with Bridewell on implementing an Information Security Management System in preparation for ISO27001 certification.

This article appeared as a Bridewell case study and has been published here with permission.

About the Author

Guest Posts

Guest posts from TrustQuay partners