It demonstrates that a firm has walked away from a serious security event acknowledging what happened and taking steps to mitigate the identifiedrisks going forward.
The regulator said it had concerns related to the effectiveness of the trust's board, due to a failure to quickly address identifiedrisks in achieving some of these targets.