In case you missed some of our blog posts, IWCO Direct’s compliance and security team has been keeping busy. As we announced last year, achieving ISO 27001:2013, PCI DSS v3.1 and HIPAA certification is part of our job. But even knowing that “compliant” is where we aim to be, you might not know the work that goes into the information security audits that get us there, and more importantly, the year-round effort that goes into keeping us there.
Why we do it
Data security and compliance is critical to all of our customers, but especially to those in highly-regulated industries such as finance and healthcare. Clients in these verticals tend to demand rigorous information security practices from their business partners—and rightfully so. This is why IWCO Direct has focused its compliance and certification efforts on industry-recognized best practices such as ISO 27001 (information security management systems), PCI DSS (payment card industry data security standard) and HIPAA (health information protection). These disciplines are laser-focused on the areas of information security that are of greatest concern to our company and our customers.
How we do it
Successfully completing a proper compliance audit is about more than just answering “yes” to an auditor’s question. To earn that “yes,” everything in question must be supported by policies, procedures and, of course, action. A good auditor will demand that the auditee “practice what they preach.” Satisfying a checklist won’t cut it; today’s security assessments demand mature processes. Getting to that point doesn’t happen overnight. It takes effort to build a successful security practice, one control at a time, with leadership to support it and engaged employees to implement it. Security is an ongoing process and must be part of a company’s strategic plan and culture. There is no finish line at the end of the information security audit; rather, it’s just one hurdle in a perpetual race that is always evolving.
How it’s evolving
As security threats evolve, so too must information security practices and the standards that support them. PCI DSS is expanding this year with version 3.2. ISO standards are continually maturing, and more and more healthcare companies are demanding compliance with Health Information Trust Alliance (HITRUST). While change increases pressure on security teams (and security budgets), it also means better data security and stronger security professionals, which means a better industry for us all. Whatever the future brings, IWCO Direct will be there to meet increasing security requirements.
If you would like to learn more about our certifications or how we conduct information security audits, please feel to contact us. We’d be happy to discuss them in greater detail.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.