Subsidiary Onboarding Process
The purpose of this document is to provide information about the processes and steps required to onboard Member Firms in the Global Security Operations Centre (GSOC). The document describes the steps to undertake, along with the resources necessary to enrol in the GSOC and pass the User Acceptance stage.
The scope covers the Member Firm on-boarding process within the KPMG GSOC.
The responsibility of ownership and ongoing management of this document, including the processes contained therein, rests with the GSOC Manager.
The intended audience for this document is the GSOC Team. The document may also be viewed by the concerned IPBR personnel and the KPMG Global and Member Firms management that are responsible for and/or have established interest in this area.
All requests for exceptions to this processes contained within this document should be directed to the GSOC Manager who, depending on the nature and the scope of the request, may liaise with the wider Security Management Team / Security Board to authorise or reject the request. Any such exceptions should be deemed valid only if granted in writing (e.g. communicated via email) and are valid for a period of 1 year only when they will automatically expire unless extended or renewed in the interim.
Any violations to the contents of this document should be reported directly to the following email address: << GSOC-Manager@kpmg.com >>
The following roles have overall responsibility for elements of this process. Please note that these are not comprehensive listing of responsibilities of each of the following roles, but represent these roles’ specific responsibilities to support the member firm onboarding process (MFOP).
The SOC Manager is ultimately responsible for the proper functioning of the MFOP, and to ensure that supporting processes are also current and applicable. The GSOC Manager is also expected to approve the onboarding and sign-off. He may delegate any of his responsibilities to others as he deems fit.
The GSOC Assistant Manager will initiate onboarding upon agreement with member firm and coordinate all onboarding activities with relevant stakeholders. The Assistant Manager will be the Single Point of Contact (SPOC) from GSOC and arrange for the appropriate staff to address any identified issues.
The GSOC L2 Analyst may be called upon to assist during the MFOP. They will assist with checking the accuracy and completeness of supplied asset and other onboarding information.
The Member Firm is expected to provide a single point of contact to perform as a liaison to other contacts. I.e. technical contacts.
The SOC Tooling Engineer will ensure that changes required on the GSOC to support the onboarding in configuring GSOC environment and executing tasks necessary to align the configuration for onboarding.
- Member Firm Feedback Form
- Change Management Process
- Content Management Process
The onboarding process will be executed as a close collaboration between the GSOC and the Member Firm being onboarded. At a high level, this process will include initiation requirements outlining the timelines, documentation of assets from member firms, configuration of GSOC systems and alignment of member firm assets to facilitate GSOC services, user acceptance testing, initiate operation phase in which the GSOC will operate within its support model, operational test and finally normal service operation. These steps are illustrated in below and discussed in detail in Section 3.2. These steps will require all participants listed in the Section to be fully engaged.
Figure 1: High level steps in the onboarding process
The first stage of the Member Firms Onboarding Process is to initiate conversations between the GSOC representatives and Member Firm key stakeholders.
The Member Firm’s SPOC will co-ordinate responses from the Member Firm and return the updated document. The GSOC Assistant Manager will be the SPOC for any issues or queries encountered during the completion of the pack. Once the pack is completed with accurate information, it will be sent to the GSOC Manager along with any relevant observations or concerns.
22.214.171.124 Overcoming configuration challenges
If at any point the GSOC L2 Analyst or Tooling Engineer faces any issue with information collection from Member Firms, they should escalate the issue to GSOC Management.
This section describes the constraints and assumptions that form the key drivers for the design and content of this process. These are identified to ensure that when constraints change or assumptions are disproven processes can be examined to ensure that they still apply and are optimised for the goals of the GSOC.
Before the Member Firm Onboarding process is initialised, a pre-agreement between the GSOC and member firm where the requirements and services to be provided have been agreed is assumed to be in place between the Member Firm and the GSOC. This process focuses on activities that will be executed after the decision to onboard has been taken. Any financial, procedural or policy discrepancies would have been discussed and agreed before this process is activated.
This process expects that the Member Firms confirms all log sources are logging and working as expected prior to onboarding. In addition, Member Firms must ensure that log sources continues to log events as the effectiveness of the GSOC relies on logs to perform its work.
This process assumes that the GSOC has confirmed sufficient resources (human, computing, bandwidth and storage) necessary to on-board a new member firm through the relevant upstream processes. This process does not address any further verifications to ensure that the end-to-end process may affect the BAU operations in any way.
Any resourcing related analysis and discussions should be reviewed during the pre-agreement of on-boarding a new Member Firm, and not during the Member Firm Onboarding process and as part of the Service Management Process.
The Onboarding pack is expected to be completed by the Member Firm Technical Staff. The template might be returned incomplete or incorrectly completed. The processes assumes that a few rounds of validation and amendments will be required to complete the pack with accurate information. Meetings should be set to facilitate conversations between the GSOC Technical Staff and Member Firm SPOC (who will arrange for the appropriate staff to attend). The role of the meeting is to avoid a repetitive circulation of the template between the two teams, which can affect the timelines for the delivery of the Member Firm Onboarding process.
If the GSOC team identifies that the pack is not suitable for particular scenarios, the GSOC Assistant Manager should raise this with the GSOC Manager and review the contents of the pack. Any amendments to the Onboarding pack will be made outside the Member Firm Onboarding process.