CASE STUDY

The AA: supporting a modern motoring experience

The AA is one of Britain’s oldest motoring associations, providing vehicle insurance, breakdown cover, driving lessons and other motoring-related services. Having previously launched new services to meet present-day needs and to enhance its already-established business model, The AA wanted to offer a modern motoring experience using cutting-edge technology.

Helping The AA offer a modern motoring experience

Founded in 1905, The AA is one of Britain’s oldest motoring associations. More recently, the business has expanded to include accommodation, travel, and restaurant reviews.

Having previously launched new services to meet present-day needs, and to enhance their already-established reputation and business model, The AA wanted to offer a modern motoring experience using cutting-edge technology. This meant building a new platform, one which The AA envisioned as the ‘ultimate car care companion’.

To achieve this, The AA needed to merge governance and risk management with technological innovation, and carefully plan to ensure that any new technology met all relevant industry and government regulations from the ground up.

Services

GRC Consultancy
Professional Services
Cyber

Industry

Transport

Organisation size

150 people

Completion Date

June 2022

Challenge

The AA wanted to create and launch a cutting-edge mobile app called AA-X to revolutionise and simplify the way motorists can review and maintain their vehicle’s health.

The app was built to collect data from vehicles and use artificial intelligence (AI) to help drivers keep everything running smoothly. If a problem was detected, the app could book the car into a garage, or schedule an AA Mobile Mechanic to attend. As well as many other functions, AA-X would allow drivers to improve their understanding of battery and engine maintenance and recognise small issues before they become costly repairs.

This innovative approach to vehicle maintenance required careful planning and design. Although the app development could be outsourced, it became clear during its creation that The AA needed to look outside for the necessary expertise in information security governance, risk, and compliance (GRC).

Approach

We delivered information security consultancy in alignment with The AA’s GRC requirements, which included first digesting The AA’s suite of information security policy suite and supporting documentation.

Once this was completed, our consultant could act as an extension of The AA’s Information Security function, ensuring that application development conformed to the business’ own security standards and was within its risk appetite and tolerance.

Within the advisory role, the primary aim was to help communicate and advise upon good security practices – balancing the business’ objectives with appropriate risk management to ensure the project stayed secure-by-design and default. This also supported technical security assurance, helping to build in processes where the application was subjected to vulnerability management during its development lifecycle.

We developed a structured approach to identify and articulate specific security requirements associated with the project and collaborated with key client business and technical stakeholders to support the delivery of objectives.

Solution

Deploying one of our expert GRC Consultants meant that we were able to:

  • Act as The AA’s primary security advisor offering guidance and recommendations throughout the project.
  • Review and analyse security policies to ensure a comprehensive understanding of the client’s security framework.
  • Relay information and guidance around good practices and regulatory requirements to the project team.
  • Respond to information security-based questions raised by the project team to offer clear understanding of security implications and considerations.
  • Provide structure for AA-X security requirements and communicated these to the third-party application developer.
  • Conduct risk assessments, develop risk mitigation strategies and implement appropriate controls to address threats and vulnerabilities.

Outcomes

Ultimately, the key outcome based on our GRC Consultant’s work was the release of a secure application which was verified as such through independent third-party testing.

By working closely with the delivery teams and other key stakeholders every step of the way through AA-X’s lifecycle, we established the principle of security by design which meant that no nasty security-related surprises arose in the final stages of development.

This eliminated the need for last-minute security fixes which inevitably result in delays and additional overheads – something The AA was keen to avoid.

The Future

Following the completion of our GRC consultancy, The AA launched AA-X on both the Google Play and Apple App Store.

Should The AA require additional support for a major release of the app or for any other consultancy, Advania’s GRC Consultancy Team will be on hand again to act as an extension to its internal information security function.

Advania’s consultant Raghbir joined as an extension of the InfoSec team at a time when we were under-resourced and needed an experienced security consultant.

Imran Knight

Senior Information Security Consultant, Group Risk and Compliance

The AA

Raghbir picked up The AA’s security policies and standards quickly and was invaluable during this period; his broad and deep knowledge of security was evident. It was the right person and the right time, and the result has been the successful launch of the MVP app with little engagement needed from the core information security team.

Imran Knight

Senior Information Security Consultant, Group Risk and Compliance

The AA

Our Impact

Take a look at some of the results that stood out for The AA.

Delivered in accordance with accepted security good practices

Independently testing application security via a third party and validated as secure

Successful security testing by the Google Play Store and Apple’s App Store

No last-minute security bugs or security fixes required delaying the release of the application

Let’s find out how we can help you

Whether you’re facing similar challenges to peers across your industry, or you have a unique need for something different – speak to us to find out what we can do.

Related Reading

Discover how we helped a large university campus migrate to a hybrid cloud environment to bring their technology offering on par with their extensive academic record.
See how we helped a provider serve one million learners with a highly available, scalable platform that met both existing and growing demands without issue.
Impellam was looking to pursue its technology strategy with Microsoft technologies and a modern, flexible and reliable IT infrastructure. It needed to support a geographically dispersed workforce, keeping them connected, productive and able to work to the best of their abilities.