Case Study: Imperial Chemical Industries (ICI) achieves centralized vulnerability management and enforces outsourced security SLAs with Qualys (QualysGuard)

Imperial Chemical Industries PLC — Enforcing Security SLAs of Outsourcers

Imperial Chemical Industries (ICI), a global specialty-products and paints company, faced growing security risk after a major business transformation left multiple businesses sharing a common, mostly outsourced network and more than 400 externally facing web addresses. With a fluid infrastructure and limited visibility into third-party operations, ICI could not reliably measure or enforce security, leaving sites vulnerable to attack and prompting the creation of a Global Information Security Director role to address the gap.

ICI evaluated solutions and deployed the QualysGuard web service for automated, on-demand vulnerability scanning and remediation tracking across its outsourced infrastructure. The service was implemented quickly, enabled weekly encrypted audit reports to suppliers, and supported contractual “right of audit” enforcement. As a result, ICI eliminated the most severe vulnerabilities and reduced minor ones by about two-thirds over 22 weeks, improved SLA enforcement with suppliers, and gained compliance documentation for standards such as ISO controls and Sarbanes-Oxley.

ICI

Paul Simmonds

ICI Group