Royal London installs system to control computer misuse

Preparing for possible future regulations

Insurance and pensions group Royal London is installing security software to monitor the computer-based activity of its UK staff.

The system is helping the firm to enforce strong controls against computer and systems misuse, and provides clear and accurate evidence if abuse occurs.

The application captures all staff keystrokes and records every software and
hardware device installed on individual PCs, in a secure SQL database.

Group IT security manager Nick Harwood says the system is preparation for possible future regulations, with the potential for other uses such as a more accessible backup system.

‘There is no legal requirement for this today, but it’s clear that it is moving in that direction, with rules such as Sarbanes-Oxley,’ he said.

The system can track data files either emailed or copied onto external disks or devices, as well as the uploading or downloading of sensitive information or images, helping clamp down on any potential theft of corporate data.

‘Although it will let us, we do not sit and secretly watch what people are doing day to day, but we do consider it our responsibility to be able to check, if we need to, how our IT is being used,’ said Harwood.

He says the system does not prevent acts of misconduct, but does offer an efficient means for the company to respond.

The software has been supplied by specialist IT vendor 3ami and will eventually cover all 2,900 of Royal London’s PCs.