CASE

GarBo Strengthens Information Security with a Flexible and Long-Term Delivery Model

As regulatory requirements continue to increase and the need for control over sensitive information grows, insurance provider GarBo faced an extensive information security initiative. Together with Consid, the organization established a modern framework for information management focused on compliance, traceability, and long-term security.

About the client

GarBo is an insurance company regulated by the Swedish Financial Supervisory Authority (Finansinspektionen) and operates in an industry where high standards of information security are a fundamental part of daily operations.

A Growing Need for Control and Compliance

With new regulations such as DORA and GDPR, the need to strengthen control over the organization’s data, information flows, and security processes became increasingly important.

The challenge was not only technical—it was also about creating a sustainable way of working where security efforts could continuously evolve alongside business needs.

A Flexible Partnership Focused on Long-Term Development

The collaboration between GarBo and Consid began in November 2025 and has since been managed as an ongoing partnership within information security. Through a flexible delivery model based on a service-hour bank, initiatives could be prioritized and developed progressively without being constrained by traditional project structures.

Several specialists from Consid have been involved throughout the engagement, contributing both technical implementation expertise and strategic advisory services.

The collaboration with Consid has provided us with both structure and flexibility in our security efforts. We know where we stand—and what we need to do next.

– Gustav Aspengren, CTO at GarBo

Microsoft Purview Created Structure and Traceability

As part of the engagement, Consid implemented Microsoft Purview to establish a clearer and more controlled approach to information management. The work included:

  • Information classification
  • Data Loss Prevention (DLP)
  • Retention policies
  • Audit logs and traceability

In addition to the implementation, phishing simulations were conducted using Microsoft Attack Simulation Training to strengthen security awareness across the organization and assess preparedness against cyber threats.

The initiative combined technical solutions with strategic guidance on key decisions and priorities within information security.

Improved Security and Greater Control Over Organizational Data

Through the partnership, GarBo has strengthened its compliance with both DORA and GDPR while gaining greater visibility into its information flows and potential risks.

The flexible delivery model has enabled a long-term and continuous approach to security management, providing better control over both priorities and costs.

“This has not been a project—it has been the beginning of a new way of working. We feel more secure and have greater control over our information security.” – Gustav Aspengren, CTO at GarBo

Want to know more? 

Send us a message and we will get back to you shortly.

Fields marked with an asterisk (*) are required.
Privacy Policy
Previous