Optiv + Private Equity Firm = Decreased Risk for its Portfolio Companies

The Situation – meet GDPR compliance requirements in four months


When you’re managing multiple global portfolio companies, protecting critical data is a must. Driven by the EU’s GDPR (General Data Protection Regulation) compliance requirements, a leading private equity firm needed a 360-degree view of how citizen data was being processed and stored. They had to use existing procedures to analyze all the data – without the aid of intrusive agents – and had only four months to get it all done.



The Solution – all-round analysis for internal & third-party risk

management (TPRM)


Knowing that the firm needed a robust and repeatable ‘at scale’ assessment process, we developed a tailor-made, tiered ranking system to identify critical metrics. Using both ‘inside-out’ and ‘outside-in’ approaches, the inside out consisted of automated questionnaires combined with direct interviews, while the outside-in utilized offline configuration reviews, internet-based data leakage analysis and a neutral, external third-party view into risks. 


Our client was now armed with risk-based reports for each individual portfolio company, as well as a detailed roll-up report showing trends across all assessed companies. Fully covering all board, C-suite, and operational data levels, these reports contained all the information they needed to make knowledgeable decisions to lower overall business risk.

Industry Served: Financial

Our Starting Point

  • Secure a rapidly expanding network
  • Improve risk detection, response and recovery
  • Protect employee and contingent worker credentials
  • Meet growing GDPR compliance requirements
  • Improve third-party risk management (TPRM)

Accelerating Forward

  • Identified critical metrics through tiered ranking system
  • Performed inside-out analysis with automated questionnaires and direct interviews
  • Determined outside-in security posture through offline analysis
  • Collaborated project management with stakeholders
  • Designed and developed assessment tactics: measurement, questionnaires, scoring scheme, standard deliverables, etc.
  • Provided overall strategic guidance to improve security

Client Outcomes

  • Met GDPR compliance requirements within required timeframe
  • 100+ stakeholder interviews conducted and issues resolved
  • Developed risk reports for each individual portfolio company
  • Showed trends across all companies via detailed board-level aggregate reports
  • Gained an aggregate view of risk introduced by portfolio companies and subsidiaries
  • Measured responses and alignment to scoped capabilities via follow-up interviews
  • Delivered end-to-end solution for program and assessment management
  • Leveraged methodology across a portfolio of cybersecurity services
  • Client empowered to make knowledgeable decisions to lower overall business risk

How can we help you secure greatness?


Optiv can advise on, deploy and operate end-to-end cybersecurity programs aligned to your business goals. As the cyber advisory and solutions leader, we serve nearly 6,000 companies across every major industry. Our certified experts can help you gain the agility, security, scale and control you need to stay ahead of the competition.