The telecom operator faced fragmented data security practices across business units, inconsistent classification of sensitive data, limited visibility into how subscriber information flows across systems, and operational gaps in enforcing data protection policies. Increasing TRA, PCI DSS, ADSIC, DGISR, and NESA expectations also drove the need for a structured enterprise data security program.
1. Due Diligence & Requirements Analysis
Conducted interviews, stakeholder mapping, and workshops across business, network, regulatory, and analytics teams. Reviewed current policies and regulatory obligations (TRA, PCI DSS, NESA, ADSIC, DGISR).
2. Development of the Unified Controls Framework
Mapped regulatory controls, industry standards, threat dictionary, and internal requirements into a consolidated UCF to harmonize compliance needs.
3. Data Security & Privacy Framework
Designed an enterprise-wide Data Security Framework including data privacy policy, data security policy, and base privacy statements.
4. Data Security Reference Architecture
Produced contextual, conceptual, and logical architectures defining how data flows, integrates, and is protected across the entire telecom ecosystem.
5. Data Discovery & Classification
Performed structured discovery using IBM Guardium and BCM/DIW tools; unstructured discovery using Symantec Network Discover.
6. Data Taxonomy & Critical Data Identification
Defined and ranked crown jewels and created a corporate data taxonomy.
7. Build & Implement Data Classification Solution
Implemented classification suite, Illuminate, metadata security, and classification for Office/OWA/mobile across endpoints.
8. Enterprise Rollout, Training & Handover
Delivered FUT/ATP, enterprise-wide rollout plan, operations documentation, runbooks, helpdesk procedures, and knowledge transfer sessions.
