The past few months have been busy ones for our Information Security team. This is the time of year when many of our clients update their documentation on their vendors’ information security practices. Our team has been completing surveys and meeting with client audit teams to help them understand our Information Security Management System (ISMS) and just how seriously we take security.
At IWCO Direct, information security is about more than just certifications and compliance―although we do have those:
- We achieved ISO/IEC 27001 ISMS certification, the only auditable international standard which defines the requirements for an ISMS, through BSI Group America Inc.
- We are in full compliance with Level 1 PCI DSS v3.1 standards issued by an independent certified Quality Security Assessor (QSA).
- We received a third-party certificate of HIPAA compliance across all of our facilities by independent assessor, Crimson Security Inc., in support of our HIPAA-regulated customers.
While we’re proud to maintain high standards, our dedication to information security doesn’t end once we get the certification. We’ve built security awareness into our culture with new-hire training, ongoing messaging that highlights best practices, and annual security refresher training. Our comprehensive security practice ensures the confidentiality, integrity, and availability of our clients’ information. Our ISMS meets, and often exceeds, established benchmarks relating to the physical plant, information technology, and internal process controls.
12 Ways Our ISMS Keeps Data Safe
We chose to build our ISMS in such a robust manner because information security is constantly evolving, and we want to be on the leading edge to stay ahead of emerging threats. Our best-in-class ISMS focuses on 12 elements that help us protect the data in our care:
- Security policies to guide our efforts;
- Dedicated information security staff to keep us on track;
- Human resources training to build awareness into our culture;
- Asset management to direct acceptable use of hardware and data;
- Information access controls to drive accountability and accurate privilege assignments;
- Cryptography to guard data at risk;
- Physical and environmental security to protect our facilities;
- Operations security to protect our systems and identify and remediate vulnerabilities;
- Incident management to investigate and mitigate any security incidents;
- Supplier relationship management to validate our partners;
- Business continuity plans to avoid business disruption;
- Compliance certifications to ensure we are meeting the highest standards.
With clients in highly regulated industries, such as finance, healthcare, and insurance, our security practices go beyond the baseline to deliver a truly integrated ISMS to meet our clients’ complex security needs.
Still have questions about what makes information security at IWCO Direct best-in-class? Feel free to drop us a line.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.