Total Solution

A multinational financial institute with head office in Hong Kong, providing professional financial services worldwide

Size
200+ Employees

Service
IT Audit and Assessment
IT Security Consultation
System Development and Support Services

Challenge
Many overseas offices with different mission critical trading systems. Such systems have to be in compliance with different regulatory in different countries. Some offices without IT personnel or IT team.

To begin with, our client is a multinational finance house with over 200 employees distributed worldwide. As a global financial institute, our client globally runs over 6 different real-time trading systems at any one time. These mission critical systems run non-stop 24 hours a day and 5 days a week. Our challenge, is not only to mitigate system down time and maintain a healthy network, but also to run regular IT audit checks in compliance with different regulatory in different countries and reinforce data security. Any incidental failure may cause our client a direct money loss impact.

Our client has the head office in Hong Kong and limited resources for IT personnel for oversea branches. Our role is to centralize their IT management in Hong Kong and introduce systematic IT governance throughout to all oversea branches.

Solution
Centralization of IT management of all overseas offices to Hong Kong head office. Workflow Management System implemented for global use. Document Management System implemented for systematic storage of electronic resources. Establish Disaster Recovery Plan and Business Continuity Plan.

Result
Throughout the process of IT Audit, our team has grasped the business goals and directions of our client on the fast expansions of businesses on overseas branches. An introduction of policies and guidelines was brought in order to centralize the monitoring and controls in coping for the new and further expansions of systems and network.

A management report was issued to our client upon our findings. Some highlights include findings on security precautions, firewall rules, IT procedures and handling along with specific recommendations such as an introduction of different policies, Document and Workflow Management System, Disaster Recovery Plan and Business Continuity Plan.

Follow-up
Remote support services in overseas with IT management. Customized applications development services. On-going IT Audit.

Based on the in-depth study and findings of the operation procedures, Ringus provides a customized on-going IT audit package including continuous consultations and support for local and overseas offices. Monthly management report is issued to our client in order to allow our client to be updated on the performance and progress of their IT development.
 
Benefit
Even with the fast expansion growth of our clientโ€™s business both onshore and offshore, our client was able to benefit from the different implementations of policies, guidelines and systems all centralized in Hong Kong. Our team continues to work closely with our client, providing the best technical implementations and advisory in coping with our clientโ€™s business goals.

More Updates

Further reading

๐—ก๐—ฒ๐˜„ ๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—œ๐—ป๐—ณ๐—ฟ๐—ฎ๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—Ÿ๐—ฎ๐˜„

๐Ÿ” ๐—ช๐—ต๐—ผ ๐—œ๐˜€ ๐—œ๐—ป๐˜ƒ๐—ผ๐—น๐˜ƒ๐—ฒ๐—ฑ ๐—ถ๐—ป ๐—›๐—ผ๐—ป๐—ด ๐—ž๐—ผ๐—ป๐—ดโ€™๐˜€ ๐—ก๐—ฒ๐˜„ ๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—œ๐—ป๐—ณ๐—ฟ๐—ฎ๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—–๐˜†๐—ฏ๐—ฒ๐—ฟ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—Ÿ๐—ฎ๐˜„?Since ๐Ÿญ ๐—๐—ฎ๐—ป๐˜‚๐—ฎ๐—ฟ๐˜† ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ, the ๐˜—๐˜ณ๐˜ฐ๐˜ต๐˜ฆ๐˜ค๐˜ต๐˜ช๐˜ฐ๐˜ฏ ๐˜ฐ๐˜ง ๐˜Š๐˜ณ๐˜ช๐˜ต๐˜ช๐˜ค๐˜ข๐˜ญ ๐˜๐˜ฏ๐˜ง๐˜ณ๐˜ข๐˜ด๐˜ต๐˜ณ๐˜ถ๐˜ค๐˜ต๐˜ถ๐˜ณ๐˜ฆ๐˜ด (๐˜Š๐˜ฐ๐˜ฎ๐˜ฑ๐˜ถ๐˜ต๐˜ฆ๐˜ณ ๐˜š๐˜บ๐˜ด๐˜ต๐˜ฆ๐˜ฎ๐˜ด) ๐˜–๐˜ณ๐˜ฅ๐˜ช๐˜ฏ๐˜ข๐˜ฏ๐˜ค๐˜ฆ (๐˜Š๐˜ข๐˜ฑ. 653) has come into force. The law establishes a comprehensive framework to protect essential services from cyber threats.Under Cap. 653, designated ๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—œ๐—ป๐—ณ๐—ฟ๐—ฎ๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ (๐—–๐—œ) ๐—ข๐—ฝ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ผ๐—ฟ๐˜€ are organizations whose computer systems are essential to maintaining critical societal or economic activities in Hong Kong.๐Ÿ— ๐—ฆ๐—ฒ๐—ฐ๐˜๐—ผ๐—ฟ๐˜€ ๐——๐—ฒ๐—ณ๐—ถ๐—ป๐—ฒ๐—ฑ ๐—ฎ๐˜€ ๐—–๐—ฟ๐—ถ๐˜๐—ถ๐—ฐ๐—ฎ๐—น ๐—œ๐—ป๐—ณ๐—ฟ๐—ฎ๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—œ๐—ป๐—ฐ๐—น๐˜‚๐—ฑ๐—ฒ:1. Energyโšก2. Information Technology๐Ÿ’ป3. Banking & Financial Services๐Ÿฆ4. Air Transportโœˆ5. Land Transport๐Ÿš†6. Maritime Transportโš“7. Healthcare Services๐Ÿฅ8. Telecommunications & Broadcasting๐Ÿ“กIn addition, any other infrastructure the damage, loss of functionality or data leakage of which may hinder or otherwise substantially affect the maintenance of critical societal or economic activities in Hong Kong may also fall within scope.These operators are now legally required to establish cybersecurity governance frameworks โ€” from maintaining dedicated computer-system security management units to reporting incidents, conducting periodic risk assessments and audits, etc.Besides the CI Operator, there are ๐˜€๐—ผ๐—บ๐—ฒ ๐—ผ๐˜๐—ต๐—ฒ๐—ฟ ๐—ž๐—ฒ๐˜† ๐—ฅ๐—ผ๐—น๐—ฒ๐˜€ ๐˜‚๐—ป๐—ฑ๐—ฒ๐—ฟ ๐—–๐—ฎ๐—ฝ. ๐Ÿฒ๐Ÿฑ๐Ÿฏ:๐Ÿ‘ฅ๐Ÿ”น ๐—–๐—ผ๐—บ๐—ฝ๐˜‚๐˜๐—ฒ๐—ฟ-๐˜€๐˜†๐˜€๐˜๐—ฒ๐—บ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—จ๐—ป๐—ถ๐˜Responsible for managing and safeguarding critical computer systems and ensuring compliance with the Ordinance.๐Ÿ”น ๐—ฆ๐˜‚๐—ฝ๐—ฒ๐—ฟ๐˜ƒ๐—ถ๐˜€๐—ผ๐—ฟ ๐—ผ๐—ณ ๐˜๐—ต๐—ฒ ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜ ๐—จ๐—ป๐—ถ๐˜An appointed employee with sufficient cybersecurity expertise, responsible for supervising the unit and notifying the regulating authority of the appointment.๐Ÿ’ก ๐—–๐—ฎ๐—ฝ. ๐Ÿฒ๐Ÿฑ๐Ÿฏ ๐—บ๐—ฎ๐—ฟ๐—ธ๐˜€ ๐—ฎ ๐˜€๐—ถ๐—ด๐—ป๐—ถ๐—ณ๐—ถ๐—ฐ๐—ฎ๐—ป๐˜ ๐˜€๐—ต๐—ถ๐—ณ๐˜ ๐—ณ๐—ฟ๐—ผ๐—บ ๐—ฏ๐—ฒ๐˜€๐˜ ๐—ฝ๐—ฟ๐—ฎ๐—ฐ๐˜๐—ถ๐—ฐ๐—ฒ ๐˜๐—ผ ๐—น๐—ฒ๐—ด๐—ฎ๐—น ๐—ผ๐—ฏ๐—น๐—ถ๐—ด๐—ฎ๐˜๐—ถ๐—ผ๐—ป.If your organization operates within a potentially designated sector, early preparation is essential.
๐—ง๐—ต๐—ฒ ๐—ฅ๐—ฒ๐˜€๐˜‚๐—ฟ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ผ๐—ณ ๐—ฃ๐—ผ๐—ธ๐—ฒฬ๐—บ๐—ผ๐—ป

๐ŸŽฎ ๐—ง๐—ต๐—ฒ ๐—ฅ๐—ฒ๐˜€๐˜‚๐—ฟ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ผ๐—ณ ๐—ฃ๐—ผ๐—ธ๐—ฒฬ๐—บ๐—ผ๐—ป: ๐—›๐—ผ๐˜„ ๐—ข๐˜‚๐˜๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€ ๐—˜๐—ป๐—ฎ๐—ฏ๐—น๐—ฒ๐˜€ ๐—ค๐˜‚๐—ถ๐—ฐ๐—ธ ๐—ฎ๐—ป๐—ฑ ๐—ฅ๐—ฒ๐—น๐—ถ๐—ฎ๐—ฏ๐—น๐—ฒ ๐—ข๐—ฝ๐—ฝ๐—ผ๐—ฟ๐˜๐˜‚๐—ป๐—ถ๐˜๐˜† ๐—–๐—ฎ๐—ฝ๐˜๐˜‚๐—ฟ๐—ฒ๐—ง๐—ต๐—ฒ ๐—ฅ๐—ฒ๐˜€๐˜‚๐—ฟ๐—ด๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ผ๐—ณ ๐—ฃ๐—ผ๐—ธ๐—ฒฬ๐—บ๐—ผ๐—ป ๐—ฎ๐—ป๐—ฑ ๐—ง๐—–๐—š'๐˜€ ๐—ก๐—ฒ๐˜„ ๐—ฅ๐—ถ๐˜€๐—ฒSince launching Pokรฉmon Red and Pokรฉmon Green in 1996, the Pokรฉmon series has been a global favorite. Recently, the craze has resurged, driven by the ๐—ง๐—ฟ๐—ฎ๐—ฑ๐—ถ๐—ป๐—ด ๐—–๐—ฎ๐—ฟ๐—ฑ ๐—š๐—ฎ๐—บ๐—ฒ (๐—ง๐—–๐—š)'s explosive growth.Data shows TCG sales soaring, with billions of players worldwide, especially in Hong Kong and Asia, buzzing about new packs and online battles. This phenomenon offers vast business opportunities - companies must act swiftly to engage fans in this fast-paced market.๐Ÿ”Ž ๐—–๐—ฎ๐˜€๐—ฒ ๐—œ๐—ป๐˜€๐—ถ๐—ด๐—ต๐˜: ๐—ง๐—ฃ๐—–๐—ถ'๐˜€ ๐——๐—ถ๐—ด๐—ถ๐˜๐—ฎ๐—น ๐—˜๐˜ƒ๐—ฒ๐—ป๐˜ ๐—Ÿ๐—ผ๐—ฐ๐—ฎ๐˜๐—ผ๐—ฟFacing fan anticipation before Pokรฉmon Day (February 27), The Pokรฉmon Company International (TPCi) needed a ๐——๐—ถ๐—ด๐—ถ๐˜๐—ฎ๐—น ๐—˜๐˜ƒ๐—ฒ๐—ป๐˜ ๐—Ÿ๐—ผ๐—ฐ๐—ฎ๐˜๐—ผ๐—ฟ app to link players with global events.Traditional development couldn't keep up with the surge. OutSystems, a low-code platform for rapid app building, stepped in, showcasing its speed and reliability in this project.๐Ÿš€ ๐—ข๐˜‚๐˜๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€' ๐—ฆ๐—ฝ๐—ฒ๐—ฒ๐—ฑ ๐—”๐—ฑ๐˜ƒ๐—ฎ๐—ป๐˜๐—ฎ๐—ด๐—ฒ๐˜€TPCi adapted an existing location tool for the new Pokรฉmon Day API under tight deadlines. Using OutSystems, the team and partner valantic met security and performance needs in 10 days, deploying in under a month. The app supports 7 languages, works on desktops, tablets, and mobiles, and includes a backend for easy event updates. Unlike months-long traditional methods, this low-code approach enabled quick iteration, connecting 14,000 players to events and raising attendance by 70%, capitalizing on the TCG wave.๐Ÿ›ก ๐—ข๐˜‚๐˜๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€' ๐—ฅ๐—ฒ๐—น๐—ถ๐—ฎ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜† ๐—”๐—ฑ๐˜ƒ๐—ฎ๐—ป๐˜๐—ฎ๐—ด๐—ฒ๐˜€The app handles global traffic and multilingual demands reliably. Load tests simulated 300,000 users in 12 minutes without crashes. Its' UX emphasizes scalability and reusability, embeddable in marketing pages for future use. Backend ensures real-time data accuracy, boosting satisfaction and efficiency, establishing TPCi as a digital leader in TCG's rise.๐Ÿ’ก ๐—–๐—ผ๐—ป๐—ฐ๐—น๐˜‚๐˜€๐—ถ๐—ผ๐—ป: ๐—›๐—ฎ๐—ฟ๐—ป๐—ฒ๐˜€๐˜€ ๐—ข๐˜‚๐˜๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€ ๐—ณ๐—ผ๐—ฟ ๐—•๐˜‚๐˜€๐—ถ๐—ป๐—ฒ๐˜€๐˜€ ๐—”๐—ด๐—ถ๐—น๐—ถ๐˜๐˜†OutSystems' speed and reliability empower enterprises to navigate dynamic markets and drive digital transformation. In fast-paced environments like Hong Kong, it enables rapid app development for customer engagement and operational efficiency.This TPCi case exemplifies low-code platforms' power, delivering scalable solutions that position businesses as innovation leaders.
๐—ฃ๐—ฟ๐—ถ๐—ป๐—ฐ๐—ถ๐—ฝ๐—น๐—ฒ๐˜€ ๐—ณ๐—ผ๐—ฟ ๐—ฃ๐—ฟ๐—ผ๐˜๐—ฒ๐—ฐ๐˜๐—ถ๐—ป๐—ด ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ฎ๐—ฐ๐˜†

๐Ÿ” ๐Ÿณ ๐—ž๐—ฒ๐˜† ๐——๐—ฎ๐˜๐—ฎ ๐—ฃ๐—ฟ๐—ผ๐˜๐—ฒ๐—ฐ๐˜๐—ถ๐—ผ๐—ป ๐—ฃ๐—ฟ๐—ถ๐—ป๐—ฐ๐—ถ๐—ฝ๐—น๐—ฒ๐˜€ ๐—ณ๐—ผ๐—ฟ ๐—ฃ๐—ฟ๐—ผ๐˜๐—ฒ๐—ฐ๐˜๐—ถ๐—ป๐—ด ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ฎ๐—ฐ๐˜†The EU General Data Protection Regulation (GDPR) came into force on ๐Ÿฎ๐Ÿฑ ๐— ๐—ฎ๐˜† ๐Ÿฎ๐Ÿฌ๐Ÿญ๐Ÿด, which is the one of the world's strictest privacy laws. It aims to standardize data protection rules across the digital single market, enhance individual control over personal information, and adapt governance due to the technological developments and digitalization.The GDPR introduces 7 key data protection principles to ensure organizations handle data legally, securely, and with full transparency and responsibility:โœจ๐—Ÿ๐—ฎ๐˜„๐—ณ๐˜‚๐—น๐—ป๐—ฒ๐˜€๐˜€, ๐—™๐—ฎ๐—ถ๐—ฟ๐—ป๐—ฒ๐˜€๐˜€, ๐—ง๐—ฟ๐—ฎ๐—ป๐˜€๐—ฝ๐—ฎ๐—ฟ๐—ฒ๐—ป๐—ฐ๐˜†: Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject.โœจ๐—ฃ๐˜‚๐—ฟ๐—ฝ๐—ผ๐˜€๐—ฒ ๐—Ÿ๐—ถ๐—บ๐—ถ๐˜๐—ฎ๐˜๐—ถ๐—ผ๐—ป:  Personal data can only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.โœจ๐——๐—ฎ๐˜๐—ฎ ๐— ๐—ถ๐—ป๐—ถ๐—บ๐—ถ๐˜€๐—ฎ๐˜๐—ถ๐—ผ๐—ป:  Processing should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.โœจ๐—”๐—ฐ๐—ฐ๐˜‚๐—ฟ๐—ฎ๐—ฐ๐˜†: Personal data must be accurate and, where necessary, kept up to date with reasonable steps taken to erase or rectify inaccuracies.โœจ๐—ฆ๐˜๐—ผ๐—ฟ๐—ฎ๐—ด๐—ฒ ๐—Ÿ๐—ถ๐—บ๐—ถ๐˜๐—ฎ๐˜๐—ถ๐—ผ๐—ป: Personal data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.โœจ๐—œ๐—ป๐˜๐—ฒ๐—ด๐—ฟ๐—ถ๐˜๐˜† ๐—ฎ๐—ป๐—ฑ ๐—–๐—ผ๐—ป๐—ณ๐—ถ๐—ฑ๐—ฒ๐—ป๐˜๐—ถ๐—ฎ๐—น๐—ถ๐˜๐˜†: Personal data must be processed in a manner that ensures security of the personal data using appropriate technical or organisational measures.โœจ๐—”๐—ฐ๐—ฐ๐—ผ๐˜‚๐—ป๐˜๐—ฎ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜†: The controller shall be responsible for, and be able to demonstrate compliance with the principles.The GDPR extends its reach beyond the EU by explicitly requiring compliance from organizations established outside the EU in certain situations. Given the variety of business and transaction models, it is essential for the businesses in Hong Kong to assess whether the GDPR applies to them and to stay informed about ongoing regulatory developments.๐Ÿ’ก ๐—ฃ๐—ฟ๐—ถ๐˜ƒ๐—ฎ๐—ฐ๐˜† ๐—ฐ๐—ผ๐—บ๐—ฝ๐—น๐—ถ๐—ฎ๐—ป๐—ฐ๐—ฒ ๐—ถ๐˜€ ๐—ป๐—ผ ๐—น๐—ผ๐—ป๐—ด๐—ฒ๐—ฟ ๐—ผ๐—ฝ๐˜๐—ถ๐—ผ๐—ป๐—ฎ๐—น โ€” ๐—ถ๐˜โ€™๐˜€ ๐—ฎ ๐—ฏ๐˜‚๐˜€๐—ถ๐—ป๐—ฒ๐˜€๐˜€ ๐—ถ๐—บ๐—ฝ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ถ๐˜ƒ๐—ฒ.

Contact Us