Back to resources
case study

Global financial services leader chooses leading application security partner

At a glance

FIS™ is a global leader in financial services technology, with a focus on retail and institutional banking, payments, asset and wealth management, risk and compliance, consulting, and outsourcing solutions. The company serves more than 20,000 clients and billions of transactions annually.

Company

FIS

About

The world runs on FIS. FIS works with 95% of the world’s leading banks. They support more than one million merchants around the globe. So when you buy a coffee, check your balances, or invest in your 401(K), you’re likely running on FIS software.

Featured Coalfire Solutions
Contact Coalfire

CHALLENGE

FIS was fed up. Their enterprise and operational risk teams maintain the multiple Secure Software Framework (SSF) certifications for their Data Navigator, Connex, IST, and Clear Commerce solutions, but the process with their Qualified Security Assessor (QSA) was not working well.

“Our previous QSA firm was painfully slow at completing our reports on validation (ROV),” notes Chelsea Lopez, risk manager at FIS. “The process to get our ROV took over 10 months from start to finish. This was partially due to unresponsiveness [on behalf of our previous assessor] and the failure to perform a pre-assessment to identify gaps like we’re able to do with CoalfireOne.”

Given the importance of maintaining SSF validation to meet contractual obligations and revenue expectations, as well as the number of solutions involved, FIS decided to identify replacement partners.

APPROACH

“Coalfire’s responsiveness stood out immediately, and their integrity and willingness to work with us as partners was incredibly positive,” said Lopez. Additionally, FIS had previously worked with one of the Coalfire QSAs, creating a level of confidence right from the beginning. “This gave our team comfort,” said Lopez.

During the first year, Coalfire leveraged industry expertise, best practices, and efficient assessment techniques to complete five validations, meeting deadlines in partnership with various FIS teams around the globe.

“Our Coalfire Secure Software Assessors are easy to work with, have integrity, and provide quick responses to calls and emails.”

–CHELSEA LOPEZ, RISK MANAGER, FIS

RESULTS

Since 2014, FIS has used Coalfire as their trusted PA-QSA, and now, Secure Software Assessor, based on the integrity, connections, and professional relationships they’ve built with the Coalfire team. “One of Coalfire’s many strengths is their ability to communicate – good [and bad] news,” explains Lopez.

As a preferred partner, Coalfire continues to consistently deliver application validations, thanks to its proven [application validation] methodology, deep knowledge of the SSF requirements, and team of highly skilled security assessors who have invested in understanding the FIS product suite. These efforts make what some organizations may see as just a compliance process into an important security checkpoint in the FIS product release cycle.

Related resources

Application security program development and implementation

data sheet Application security program development and implementation

Securealities Report: 2023 Compliance

report Securealities Report: 2023 Compliance

Coalfire PCI Compliance Services

data sheet Coalfire PCI Compliance Services