Recent projects

Click through the industry tabs below to see some of the services we’ve rendered thus far:

Consumer markets

Service line

Service summary

IT Governance We reviewed the technical and functional quality of the various ERP systems in operation at the various businesses within a large diversified group primarily in the agriculture and manufacturing industries.  The overall objective of the assessment was to determine whether the existing systems were fit-for-purpose and affordable for the overall business.  Through this exercise we also needed to consider the clients strategic objectives of becoming more IT-orientated over the next 5 years, identification of cost savings by potentially consolidating systems and resources, utilising systems to provide more business functionality, and to embed more controls and standards in the systems rather than relying on manual controls.
IT Governance We assessed the current state of IT governance of a large hotel chain against the Mobius Consulting IT governance framework in order to identify areas of improvement from an efficiency and risk management perspective.  The resulting roadmap identified various projects which the Exco could consider and showed the relative priorities, dependencies, and estimated duration of each of the remediation projects.  The Exco proceeded to engage Mobius Consulting to assist with the implementation of these projects.
IT Governance With the objective of aligning to the requirements of the King III code of corporate governance, we performed a detailed maturity assessment (using ISO38500 for guiding IT governance principles) and prioritised a variety of IT governance remediation activities to introduce relevant IT governance into the IT function and broader business of a large hospitality organisation.We also designed elements of IT governance including an IT governance framework and charter, the IT executive committee structure, IT Risk Management, and IT policies for Head Office. These have been adopted and are in the process of being implemented by the IT function.
IT Risk We assisted a leading retail group in performing a risk assessment of its technology and information management processes and infrastructure in order to assist management in implementing efficient and effective controls to mitigate these risks. The deliverable from this assessment included a risk register.
Information Security We assisted a leading retail group  in performing a quarterly review of user access to core applications. This service was provided as the client did not have any available resource capacity to fulfill its service obligations and Mobius was able to provide a skilled resource as an interim measure until additional resources had been arranged.
Information Security We were contracted to use deception and social engineering techniques to gain access to the physical and virtual environments of the Head Office environment of a hospitality organisation. The exercise identified potential risks to which the organisation may be exposed.  Subsequent to the exercise these risks were recognised and addressed by both business and IT representatives.
Information Security We assisted a leading retail group in performing a pre-implementation review of an intended Microsoft Exchange 2010 installation. Mobius Consulting reviewed the design and implementation documentation and ran automated tools against the installed configuration in the test environment in order to assess whether the implementation was ready to be rolled out to production systems.
Information Security We assisted a large retailer in designing a server hardening strategy
POPI We assisted a leading retail group in mapping their business processes in order to perform a POPI risk assessment. The business functions within the retailer did not have a documented understanding of their business processes. The benefit realised by the client was the documenting of current business processes (and therefore the opportunity to analyse, understand and improve business processes) and a POPI risk assessment that identified the key POPI gaps that required remediation.
POPI We assisted a leading retail group in reviewing their current record retention policy. The review included providing the retail group guidance on record retention periods required by various legislation in South Africa, including retention requirements related to personal information.
BCM Initially scoped as a project to perform a review and provide recommendations to enhance the business continuity plan of a member company of a listed conglomerate. We were further requested to update the plan to effect the recommended changes and issue an updated plan.
BCM A vehicle car hire company owned by a listed entity requested us to develop the business continuity plan for their Head Office and a critical branch located at the OR Tambo airport in Johannesburg.
BPI We performed an assessment of a newly acquired entity for a leading retail group in order to identify key risks that required further investigation and to enhance managements’ understanding of the operating environment.
BPI We assisted a leading retail group in mapping and documenting the customer journey in their digital environment. We provided a documented understanding of the customers experience utilising the service offerings, identified and provided recommendations for mitigating risk in a highly complex operating environment and provided management with an end to end understanding of the interfaces and infrastructure that the environment was comprised of.
BPI We assisted a leading retail group in mapping and documenting the customer journeys in their digital environment. Mobius’s work provided a documented understanding of the customer’s experience utilising the service offerings, identified and provided recommendations for mitigating risk in a highly complex operating environment and provided management with an end to end understanding of the interfaces and infrastructure that the environment was comprised of.
BPI We assisted a leading retail group in performing a pre-implementation review of a banking product that was intended to be implemented by their financial services division. The pre-implementation review comprised of a design document assessment and UAT testing of the implemented solution.
Project Management & Assurance We assisted the project team of a leading retail group with various project management services to enhance the team’s project management capability.
IAG We were appointed by a large retailer to develop a strategy and roadmap for identity and access management (IAM).  The six month project comprised two phases – the first being the development of a strategy and roadmap where a gap assessment was conducted using the Mobius IAM framework and capability maturity model.  The strategy and roadmap highlighted the areas of improvement from a risk management and efficiency perspective as well as recommended remediation activities/projects with priorities, dependencies and estimated duration.  The second phase of the project was to design the future state IAM environment through developing policies, standards, procedures and processes as well as assisting with the remediation of immediate pain points.
Financial services and banking

Service line

Service summary

Information Security We assisted a professional services client by performing an ISO 27000 Information Security current state assessment at one of their clients in order for them to identify areas of significant risk to the information security assets as input to the formulation of an overall IT remediation strategy.
Information Security We provided a resource to assist an administrator of medical aid schemes in project managing the development of access certification tools and processes for the implementation of quarterly access reviews of core systems.
Information Security We performed a technical review to assist a financial services provider with a data discovery and classification exercise in support of a POPI project, in order to identify sensitive personally identifiable information (PII) residing within the company’s Databases. The output of this engagement provided the client with the storage locations containing sensitive data along with any vulnerabilities associated with these databases.
Information Security We performed a high-level assessment of the state of information security in place at a financial services client.  Elements of information security considered included governance, people, process and technology.
Information Security We were responsible for the creation of the information security risk dashboard for the Group Information Security function in one of South Africa’s largest bank. This dashboard was used at the group executive and board level reporting committees for decision making on information security related risks.
Information Security We developed a reporting framework for the Executive Committee of the Group Information Security function in one of South Africa’s largest banks. This framework was designed to consolidate the reporting information aimed at the Group and Board level committees of the organisation. We developed the associated reporting template to facilitate the implementation of the framework.
Information Security We were involved in performing information security risk assessments for IT projects across one of South Africa’s largest financial services organisations. The risk assessments were based on the ISO27002 standard for Information Security. We also assisted the client with the development of a workflow based assessment tool for executing risk assessments as well as to standardise the control checks across the ISO27002 domains.
Information Security A financial services organisation located in the UK and South Africa, requested us to perform a simulation exercise based primarily on a fictitious information security incident. The exercise involved the design and facilitation of workshop that tested the awareness of the key IT stakeholders that would typically be involved in responding to an information loss/leakage incident in the organisation in order to identify any weaknesses / gaps.
Information Security We assisted a bank in their third party governance process by identifying, following up and obtaining completed third party questionnaires and Non-Disclosure Agreements (NDAs) for third parties.  Mobius Consulting followed up with the vendors to ensure that third party questionnaires, per the client’s policy, were complete and accurate.
Information Security We assisted a business unit at a bank in the management of physical access control and segregation of duties by matching and aligning access control profiles within the various systems to the master access control matrix. The key output from this exercise was that individuals that should not have access to sensitive areas were identified and their access rights were removed.
Information Security We assisted a financial services client in updating their Data Centre policy, aligning it to best practice frameworks and developing a detailed procedure to support the policy. As a result an audit issue was resolved and stricter controls were placed on the data centre due to the implementation of a more robust and standardised policy and procedure.
Information Security We assisted a financial service provider’s Information Security Officer by performing a vulnerability assessment of their external facing infrastructure. The output of the assessment provided them with a view of the critical vulnerabilities which could have potentially resulted in an information security breach.
Information Security We performed a Web Application Security review of the a client investor portal developed by a financial services provider. The output of the assessment provided input into the security design and build of the application.
Information Security We assessed the current state of the vulnerability management in place at a large financial services group using the Mobius vulnerability management framework which includes vulnerability identification, assessment, remediation and reporting. We determined the extent to which each of these activities was currently in place at the client and identified gaps and improvements areas.  We then presented these together with proposed recommendations and an associated implementation roadmap for the client.
Information Security We provided an Outsourced Information Security Manager to assist a large short-term insurer with managing their Information Security Programme in the absence of a permanent Information Security Manager. This engagement has been renewed and expanded to assist the client with the formulation of an Identity and Access Governance framework.
Information Security We performed a vulnerability assessment of the technical security controls within the database and operating systems for a leading financial services company in order to determine if they are configured securely and in line with leading global practices (such as NIST, CIS, etc.).
Information Security We assisted a bank in performing a high-level assessment of the design of their Information Security controls against the ISO 27001 (Information Security Management System) and ISO 27002 (Code of Practice) international standards.
Information Security We provided a consultant on a secondment basis to a financial services client to perform technical vulnerability testing for internal and external facing systems, and report and manage the remediation activities for these vulnerabilities with business.
IT Risk We assisted a leading risk finance company in identifying their IT risks and assessing these against their current IT governance capability maturity.The outputs of this engagement were an IT governance and risk remediation roadmap for the client to follow, as well as an IT risk register which the client could update on an ongoing basis.
IT Risk We were appointed by a major bank in South Africa to perform a pre-implementation risk review of a new mobile application prior to it being launched.We gained an understanding of the business requirements for the new application, processes supporting the business requirements, the key control points within these processes, and the technology supporting the processes (including functionality, architecture and interfaces) through workshops with the project team, vendor and review of project documentation.We performed a risk assessment to determine key risks and issues from a people, process and technology perspective and then workshopped these risks with the client to arrive at a final risk list.  We then prioritised the risks according to a defined ranking criteria in order to allow the client to ensure that they were adequately addressing the key risks prior to go-live.
IT Risk We provided expert resources to support the internal audit function of a large short-term insurer to assess the IT general controls (including system access, systems development lifecycle, change management) of a subsidiary company.
IT Risk We assisted a financial services organisation in performing a risk assessment of its technology and information management processes and infrastructure in order to assist management in implementing efficient and effective controls to mitigate these risks. The deliverable from this assessment included a risk register and assurance with regards to IT governance.
IT Governance A leading asset management company consulted us to assess their current systems development lifecycle processes and technology in order to provide independent assurance to that aspect of the IT strategy.
IT Governance We developed a set of IT principles for a leading asset management company which were relevant for the level of maturity and size of the IT team.   These principles were designed as a precursor to the IT strategy in order to galvanise the IT team around a set list of behaviours and to communicate these principles to their customers.
IT Governance We assisted a leading asset management company to develop an IT strategy which would allow the IT function to improve their support to the business.  This strategy focused around improvements in IT governance, systems development lifecycle, IT risk management, and utilisation of technology.
IT Governance We developed an IT governance framework and charter for a leading asset management company which operationalised the requirements of King III and identified the roles and responsibilities of the various parties responsible for IT governance and risk management.
IT Governance We assisted a leading asset management company in assessing their current IT governance capability maturity against the Mobius Consulting IT governance framework.  In addition to the IT governance review, we performed an IT risk review in order to determine the key IT risks facing the organisation.  The outputs of this engagement were an IT governance and risk remediation roadmap for the client to follow, as well as an IT risk register which the client could update on an ongoing basis.
IT Governance We provided appointed to develop a software licensing policy for a large financial services group and to outline the roles and responsibilities from a management and technical operations perspective.
IT Governance We developed a framework for the reporting of IT operational risk across the Group Information Technology function in one of South Africa’s largest banks. This reporting framework was based on the BASEL II framework for operational risk management in financial institutions. We also developed a reporting tool which accompanied the framework to facilitate the implementation of the framework.
IT Governance We assisted a large banking organisation in developing and implementing a reporting framework to ensure that a standardised, effective and efficient process was followed for reporting within Group Information Security. This further ensured that reporting to Executive and Board level takes place in a consistent and effective manner and there is limited duplication of reporting and miscommunication of information.
BCM We provided a consultant on a secondment basis to a financial services client to assist them in updating their business impact assessments, risk assessments and business continuity plans.
BCM The internal audit function of a Cape Town based financial services organisation requested an independent and specialist review of the IT continuity capability currently in place for the organisation. The review involved the observation of the scheduled IT recovery test as well as the related documentation used to support the recovery processes. Shortcomings and risks were highlighted in a report which was issued to IT executives for remediation.
IAG We were appointed by the Information Management department of a large financial services company to assist with an analysis, review and cleanup of user access data for all the key systems. During the analysis, a number of risks were identified such as dormant, rogue and orphan accounts residing on these systems.  These were provided to Line Management for review and the review feedback was provided to IT operations for clean up/remediation.
IAG We developed a re-usable Identity & Access Management (IAM) framework for a large financial services (banking) organisation, which included a risk and maturity assessment method. Using the framework on a pilot, we assessed the IT solution supporting a key digital channel of the organisation and created a report highlighting all access points for IT users and provided a potential risk indicator for each component involved in the solution including operating system, database, application, and authentication stores.
POPI We performed a POPI gap assessment for a leading financial services provider. The gap assessment consisted of a review of policies and procedures of the clients customer life cycle for their products and the project deliverable included a report of key POPI non-compliance risks, recommendations for remediation of the identified gaps, identification of suitable gap owners, and a remediation roadmap to pull all the elements together.
POPI We provided expert resources to assist a leading financial services provider in documenting their Customer life-cycle Merchant life-cycle, Insurance, Fraud and Marketing business processes.
POPI We performed a POPI gap assessment for a leading asset management organisation. The gap assessment covered client related business areas as a first priority.We also assessed the business processes in place and the applicable legislative requirements for the insurance industry against the POPI bill.The project deliverable included a report detailing recommendations for achieving POPI compliance and identification of suitable gap owners.
POPI An investment and asset management organisation requested assistance with their POPI remediation, where we devised a plan to implement the identified gaps required for compliance that aligned with the organization’s regulatory risk appetite.We assisted with remediation of  these gaps including creating/updating organisational policies (related to information security, privacy, and information retention policies), business process review and identification information handling touch points, and review and updating of client application forms.
POPI We performed a POPI gap assessment for a leading insurance provider. The gap assessment was performed for business functions that were deemed to be a high risk in the organisations value chain. We assessed the business processes in place and the applicable legislative requirements for the insurance industry against the POPI bill and provided detailed recommendations for achieving POPI compliance.
POPI We assisted a large financial services organisation with the assessment of their environment and preparing a roadmap for the organisation to comply with the requirements of POPI.  We then devised a plan to implement the controls required for compliance that aligns with their regulatory risk appetite.  We have developed many POPI remediation artifacts for this client during the two years that we’ve been involved in the project.
POPI We determined the high level impacts of POPI on a medical aid administrator by performing local and international research and performing a desktop review of the administration processes relating to a pilot medical aid scheme.
POPI We performed a POPI gap assessment for a leading insurance provider. The gap assessment was performed for business functions that were deemed to be a high risk in the organisations value chain. We assessed the business processes in place and the applicable legislative requirements for the insurance industry against the POPI bill and provided detailed recommendations for achieving POPI compliance. This project was an extension to additional functions in the organisations business chain.
Education

Service line

Service summary

IT Governance We assessed the current state of IT governance of a South African university against the Mobius IT governance framework in order to identify areas of improvement from an efficiency and risk management perspective.  The resulting roadmap identified various projects which the CIO could consider and showed the relative priorities, dependencies, and estimated duration of each of the remediation projects.  The CIO proceeded to engage with us to assist with the implementation of these projects.
IT Governance We developed a set of IT principles for a South African university which were relevant for the level of maturity and size of the IT team.  These principles were designed as a precursor to the IT strategy in order to galvanise the IT team around a set list of behaviours and to communicate these principles to their customers.
IT Governance We provided input to a leading tertiary institution for the completion of a high-level IT governance capability maturity review and the determination of a set of principles to serve as a strategic plan for the organisation.
IT Governance We reviewed the technical and functional quality of a number of key systems in operation at a University in order to provide input into the leadership team as to whether these systems should be maintained, enhanced, re-written or replaced.  Linked to the findings of the assessment was a recommended strategy for the institution based on the current state and future risks.
IT Governance We assisted a tertiary education Public Benefits Organisation (PBO) in drafting the policies and procedures for the implementation of an operational governance framework for the organisation.
IT Governance We facilitated the definition of a leading tertiary education institution’s ICT strategy and guiding principles. We defined the ICT organisational structure and supporting Terms of Reference.
IT Governance We assisted a tertiary education Public Benefits Organisation (PBO) in defining an operational governance framework based on the organisations value chain.Key deliverables of the project were a list of the policies, procedures and RACI responsibilities per policy and procedure as well as a roadmap prioritising the drafting and implementation of the policies and procedures.
BCM One of South Africa’s leading universities required assistance with the ICT function’s business impact assessment and risk assessment processes. The exercise was the pilot for the institution. The institution later acquired a tool to facilitate the creation of the business continuity plan (BCP), and we were asked to assist with the completion of the required information in order to deliver a comprehensive BCP.
Project Management & Assurance We were appointed by a tertiary institution to provide project / progam management services for a major multi-divisional project.  We played the program management role on the project leading 6 stream leads and stepping into the stream lead role when necessary in order to ensure that the project runs smoothly.  The project has a budget of over R95m and we fulfilled the program management role for two years. Roles fulfilled by us include project planning and coordination, budgeting and tracking the budget, progress reporting and presenting at stakeholder meetings.
Project Management & Assurance We assisted a leading tertiary institution in assessing key project documents.
Information Security We assisted a tertiary education institution in assessment the current state of their Information Security programmed and developed a 3 year roadmap to assist the institution in achieving a CMMI level 4 maturity within 3 years.
Information Security We assisted a South African university by providing the services of an Outsourced Information Security Manager (OISM)  to formalise and mature the information security governance posture along with facilitating the implementation of technical information security controls within the organisation in order to ensure the confidentiality, availability and integrity of data.
Information Security We provided a consultant on a part-time basis to work directly with the management of this University to manage an information security program that incorporates security governance, users and structures, technological solutions and monitoring across business processes; applications and systems; data; platforms and hosts; networks; physical access and hardware.  The objective over the duration of this engagement was to perform the operational information security tasks and projects which needed completion, but on a broader basis to implement information security governance practices which are sustainable on an ongoing basis.
Information Security We performed a Web Application Vulnerability assessment of the main website of a South African University in order to assist them in understanding the exposure of their hosted web application to external based threats emanating from the Internet.  The output of the assessment provided input into the redesign of the website application.
Other We assisted a leading university in assessing the current state of IT laboratory facilities offered to students. We utilised the data obtained to establish a baseline for IT services offered to students and identified outliers from the baseline.
Oil and gas

Service line

Service summary

Information Security We performed a Biometric product selection exercise for a petroleum company. The purpose was to determine what the best Biometric identification and authentication mechanism would be for terminals providing statistics to operators within the manufacturing environment.
Information Security Mobius consulting developed the artefacts needed to operationalize an information security incident management process as well as a vulnerability management process for a large multinational in the oil and gas industry. The artefacts were developed based on the clients existing processes and included supporting artefacts needed at key steps within each process. For the incident management process an incident repository, priority matrix, incident categorization guide and incident management reporting Artefacts were developed. For the vulnerability management process a vulnerability repository, remediation priority matrix and remediation timeline matrix as well as vulnerability management report templates were developed.
Information Security We developed an Information Security policy framework as well as the related policies and standards for a large multinational in the oil and gas industry. The work included the development an Information Security policy framework that is aligned to ISO27000 and other good practice frameworks, development of key Information Security policies including Access Management, Configuration Management, Third Party Management, Infrastructure and Protection, Physical and Environmental Security, and Prohibited Software as well as the development of 20 Information Security Standards, in support of the above policies, for key technology infrastructure across the group.
IAG We conducted a capability maturity assessment of the current identity and access environment within a multinational oil & gas company in line with the Mobius IAG framework.  This current state assessment was then used as input to determine a holistic high-level strategy for Identity and Access Governance as well as a roadmap for remediation which included governance, people, process and technology aspects.  We developed an IAG policy for the client based on the Mobius IAG framework.  We outlined the necessary functional and technical requirements for an IAG technology solution based on the redesigned IAG strategy and policy as well as industry best practices.
IT Governance Mobius Consulting developed an IT Governance Framework as well as IT Governance Artefacts including policies and practice notes for a large multinational in the oil and gas industry. The IT Governance Framework included an operating mandate, decision authority framework, value governance, risk management and a governance Artefact framework. Policies developed included an asset management policy, backup and recovery policy and a supplier and contract management policy. In support of the asset management policy, practice notes were developed for network management, printing management and software management. All of which were developed based on best practices such as ISO 27000, CobIT, ITIL, King III and TOGAF.
IT Governance Mobius Consulting developed an IT governance, risk, controls and security operating model and policy framework for a large multinational in the oil and gas industry.  The work included the development of an documented operating model for the organisation, the development of a policy framework that aligns to the organisational requirements and operating model defined, and the design of a high-level reporting dashboard that aligns to the operating model defined.
Parastatal

Service line

Service summary

Information Security A large City in South Africa consulted us to perform a high-level Information security current state and maturity assessment of the information security environment against the ISO 27001 (Information Security Management System) and ISO 27002 (Code of Practice) international standards. The output of this assessment provided them with direction into the overall IT security strategy.
BCM We facilitated workshops with the management committee of a government department to enable them to identify the critical steps of their business continuity management programme.  The workshops included the importance of performing business impact assessments and risk assessments to identify specific business continuity risks and the likelihood and impact of an incident occurring, determining the most appropriate and cost effective business continuity strategy, developing a response by means of having a dedicated incident response structure, communication plan and business continuity plans in place, maintenance of business continuity plans and supporting documentation; and testing, review and awareness programmes around being able to proactively respond to a disruption
Special project services We assisted a transaction advisor in advising a provincial government on the broadband requirements for successfully implementing an e-Learning environment. In addition, we assisted the transaction advisor in assessing the appropriateness and challenges of providing every learner in the province with a mobile learning device.

Service line

Service summary

Information Security A global IT infrastructure and services client contracted us to deliver technical security services to the Ghanaian operating unit of a global telecommunications giant. Our technical security testing resulted in us identifying underlying root causes that revolved around security governance rather than technical security, leading to an extension of scope and further assistance in preparing information security awareness campaign (12 months), an updated security incident process (linking into broader incident management processes), and a revised organisational structure for management of information security within the organisation.
Information Security We assisted a leading ISP in the risk assessment phase of their ISO 27000 certification project. We aided in running workshops throughout the organisation to determine information flows within the organisation as well as to identify risks associated with business critical information. The reports arising from the workshops were used in risk calculations to identify the critical information requiring security safeguards within the organisation.
IT Risk We were appointed to perform an IT risk and governance assessment for a software service provider.  The key deliverables included an IT risk register and as well as a detailed project plan and high level roadmap for implementation.
IT Risk We assisted a telecommunications provider in identifying their IT risks and assessing these against their current IT governance capability maturity.  The outputs of this engagement were an IT governance and risk remediation roadmap for the client to follow, as well as an IT risk register which the client could update on an ongoing basis.