Power your Marketing.

The Perpetual Race: Beyond the Information Security Audits

Chris Van Houtte

In case you missed some of our blog posts, IWCO Direct’s compliance and security team has been keeping busy. As we announced last year, achieving ISO 27001:2013, PCI DSS v3.1 and HIPAA certification is part of our job. But even knowing that “compliant” is where we aim to be, you might not know the work that goes into the information security audits that get us there, and more importantly, the year-round effort that goes into keeping us there.

Why we do it

Data security and compliance is critical to all of our customers, but especially to those in highly-regulated industries such as finance and healthcare. Clients in these verticals tend to demand rigorous information security practices from their business partners—and rightfully so. This is why IWCO Direct has focused its compliance and certification efforts on industry-recognized best practices such as ISO 27001 (information security management systems), PCI DSS (payment card industry data security standard) and HIPAA (health information protection). These disciplines are laser-focused on the areas of information security that are of greatest concern to our company and our customers.

How we do it

Successfully completing a proper compliance audit is about more than just answering “yes” to an auditor’s question. To earn that “yes,” everything in question must be supported by policies, procedures and, of course, action. A good auditor will demand that the auditee “practice what they preach.” Satisfying a checklist won’t cut it; today’s security assessments demand mature processes. Getting to that point doesn’t happen overnight. It takes effort to build a successful security practice, one control at a time, with leadership to support it and engaged employees to implement it. Security is an ongoing process and must be part of a company’s strategic plan and culture. There is no finish line at the end of the information security audit; rather, it’s just one hurdle in a perpetual race that is always evolving.

How it’s evolving

As security threats evolve, so too must information security practices and the standards that support them. PCI DSS is expanding this year with version 3.2. ISO standards are continually maturing, and more and more healthcare companies are demanding compliance with Health Information Trust Alliance (HITRUST). While change increases pressure on security teams (and security budgets), it also means better data security and stronger security professionals, which means a better industry for us all. Whatever the future brings, IWCO Direct will be there to meet increasing security requirements.

If you would like to learn more about our certifications or how we conduct information security audits, please feel to contact us. We’d be happy to discuss them in greater detail.

link https://www.iwco.com/blog/2016/05/31/information-security-audits-at-iwco-direct/
Chris Van Houtte

Author

Chris Van Houtte

Vice President of Information Technology. Graduate of Minnesota State University – Moorhead and IWCO Direct team member for more than 10 years. Favorite award or recognition: Fatherhood. Personal business philosophy: “Patience, listening and a dose of common sense are key to successful outcomes.” Loves fishing and participating in/coaching his kids’ activities. Detroit sports lover – Lions, Tigers, Red Wings and Michigan Wolverines.

More Posts by Chris

Subscribe

Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.

Bob Rosser Has Been Elected MTAC Industry Vice ChairRead More
keyboard_arrow_upBack to top