Challenges & Needs

• No Data Mapping Measures in Place: The client had never undertaken any type of meaningful CUI data mapping exercise with regards all of their business lines.
• Unclear Understanding of CUI. No uniform consensus existed amongst leadership as to what CUI actually was, both electronically and in hard-copy format.
• Unsure of the Legal Requirements for Data Protection and Retention: There were conflicting views in terms of how CUI, both digital and hard-copy format, should be protected, how long it should be kept, and what the actual disposal practices were.

Our Solution

• Met with senior leadership and provided a complete strategy and plan-of-attack for helping the client gain a stronger understanding of all aspects of CUI within their environment.
• Met with key stakeholders within various departments/divisions for the organization, earning acceptance and support for what would be an aggressive timeframe for project implementation and completion.

Challenges Solved

• Successfully educated all key stakeholders on exactly CUI, the importance of protecting it, along with numerous other issues.
• Identified all known categories of CUI within the client’s environment, along with creating process flow documentation showing how CUI is collected, stored, used and, ultimately, destroyed, as needed.
• Developed comprehensive CUI policies and procedures, and conducted additional training seminars to key stakeholders on the various regulatory and contractual requirements relating to the safeguarding of CUI.

Value Created

• Put in place a corporate culture that now understands, respects, and truly values the importance of sound CUI practices.
• The broader topic of CUI was now viewed in a multi-dimensional value proposition that not only helps with stronger information security, but with enhanced business development opportunities, and increased client satisfaction and other related measures.