CASE STUDY
The AA is one of Britain’s oldest motoring associations, providing vehicle insurance, breakdown cover, driving lessons and other motoring-related services. Having previously launched new services to meet present-day needs and to enhance its already-established business model, The AA wanted to offer a modern motoring experience using cutting-edge technology.
Founded in 1905, The AA is one of Britain’s oldest motoring associations. More recently, the business has expanded to include accommodation, travel, and restaurant reviews.
Having previously launched new services to meet present-day needs, and to enhance their already-established reputation and business model, The AA wanted to offer a modern motoring experience using cutting-edge technology. This meant building a new platform, one which The AA envisioned as the ‘ultimate car care companion’.
To achieve this, The AA needed to merge governance and risk management with technological innovation, and carefully plan to ensure that any new technology met all relevant industry and government regulations from the ground up.
Services
GRC Consultancy
Professional Services
Cyber
Industry
Transport
Organisation size
150 people
Completion Date
June 2022
The AA wanted to create and launch a cutting-edge mobile app called AA-X to revolutionise and simplify the way motorists can review and maintain their vehicle’s health.
The app was built to collect data from vehicles and use artificial intelligence (AI) to help drivers keep everything running smoothly. If a problem was detected, the app could book the car into a garage, or schedule an AA Mobile Mechanic to attend. As well as many other functions, AA-X would allow drivers to improve their understanding of battery and engine maintenance and recognise small issues before they become costly repairs.
This innovative approach to vehicle maintenance required careful planning and design. Although the app development could be outsourced, it became clear during its creation that The AA needed to look outside for the necessary expertise in information security governance, risk, and compliance (GRC).
We delivered information security consultancy in alignment with The AA’s GRC requirements, which included first digesting The AA’s suite of information security policy suite and supporting documentation.
Once this was completed, our consultant could act as an extension of The AA’s Information Security function, ensuring that application development conformed to the business’ own security standards and was within its risk appetite and tolerance.
Within the advisory role, the primary aim was to help communicate and advise upon good security practices – balancing the business’ objectives with appropriate risk management to ensure the project stayed secure-by-design and default. This also supported technical security assurance, helping to build in processes where the application was subjected to vulnerability management during its development lifecycle.
We developed a structured approach to identify and articulate specific security requirements associated with the project and collaborated with key client business and technical stakeholders to support the delivery of objectives.
Deploying one of our expert GRC Consultants meant that we were able to:
Ultimately, the key outcome based on our GRC Consultant’s work was the release of a secure application which was verified as such through independent third-party testing.
By working closely with the delivery teams and other key stakeholders every step of the way through AA-X’s lifecycle, we established the principle of security by design which meant that no nasty security-related surprises arose in the final stages of development.
This eliminated the need for last-minute security fixes which inevitably result in delays and additional overheads – something The AA was keen to avoid.
Following the completion of our GRC consultancy, The AA launched AA-X on both the Google Play and Apple App Store.
Should The AA require additional support for a major release of the app or for any other consultancy, Advania’s GRC Consultancy Team will be on hand again to act as an extension to its internal information security function.
Imran Knight
Senior Information Security Consultant, Group Risk and Compliance
The AA
Imran Knight
Senior Information Security Consultant, Group Risk and Compliance
The AA
Take a look at some of the results that stood out for The AA.
Whether you’re facing similar challenges to peers across your industry, or you have a unique need for something different – speak to us to find out what we can do.