The aim of this engagement was to assist Envirobank’s internal resources improve and review existing and emerging information security risks across the business.
Established in 2008, Envirobank is an Indigenous-owned company that’s committed to achieving positive environmental and social impact by incentivising bottle and can recycling. It operates in the Return and Earn Scheme in NSW, Containers for Change Scheme in QLD and all other deposit markets. The schemes are designed to make it easy and financially rewarding for people, schools, community groups and businesses to recycle beverage containers using our reverse vending machines, automated depots, smart pods and rewards platforms.
Operating and employing over 100+ staff comes with significant challenges. One of the main difficulties is being able to identify and mitigate risks associated with the organisation. In addition, the organisation’s main focus is to help improve the environment whilst understanding the importance of IT Security.
While Envirobank already had some capabilities to assess its own risk appetite, it also needed to ensure that its risk approach followed industry standards. Envirobank sought an external cybersecurity vendor in Gridware that could identify any potential security vulnerabilities and provide a roadmap on how best to tackle these issues.
The review covered four key areas of IT risk as recommended by Gridware, which include security, availability, performance and regulatory compliance.
Gridware conducted a risk assessment based on ISO27001 and industry best practices by conducting various workshops with Envirobank’ s key stakeholders. The report provided a risk treatment plan for all risks identified, which enabled Envirobank to implement controls to mitigate these risks and improve its security posture to align with best practices. These IT security risks were prioritised due to the increased level of threat they pose to organisations and helped Gridware determine Envirobank’s current cybersecurity posture.
Gridware assessed Envirobank’s current information security cyber maturity standings and provided it with recommendations and remediation plans to mitigate these risks. It provided a realistic Roadmap which enabled Envirobank to take a systematic approach to its information assets.