Power your Marketing.

How We Define Our Best-in-Class Information Security Management System

Chris Van Houtte

The past few months have been busy ones for our Information Security team. This is the time of year when many of our clients update their documentation on their vendors’ information security practices. Our team has been completing surveys and meeting with client audit teams to help them understand our Information Security Management System (ISMS) and just how seriously we take security.

At IWCO Direct, information security is about more than just certifications and compliance―although we do have those:

  • We achieved ISO/IEC 27001 ISMS certification, the only auditable international standard which defines the requirements for an ISMS, through BSI Group America Inc.
  • We are in full compliance with Level 1 PCI DSS v3.1 standards issued by an independent certified Quality Security Assessor (QSA).
  • We received a third-party certificate of HIPAA compliance across all of our facilities by independent assessor, Crimson Security Inc., in support of our HIPAA-regulated customers.

While we’re proud to maintain high standards, our dedication to information security doesn’t end once we get the certification. We’ve built security awareness into our culture with new-hire training, ongoing messaging that highlights best practices, and annual security refresher training. Our comprehensive security practice ensures the confidentiality, integrity, and availability of our clients’ information. Our ISMS meets, and often exceeds, established benchmarks relating to the physical plant, information technology, and internal process controls.

12 Ways Our ISMS Keeps Data Safe

We chose to build our ISMS in such a robust manner because information security is constantly evolving, and we want to be on the leading edge to stay ahead of emerging threats. Our best-in-class ISMS focuses on 12 elements that help us protect the data in our care:

  1. Security policies to guide our efforts;
  2. Dedicated information security staff to keep us on track;
  3. Human resources training to build awareness into our culture;
  4. Asset management to direct acceptable use of hardware and data;
  5. Information access controls to drive accountability and accurate privilege assignments;
  6. Cryptography to guard data at risk;
  7. Physical and environmental security to protect our facilities;
  8. Operations security to protect our systems and identify and remediate vulnerabilities;
  9. Incident management to investigate and mitigate any security incidents;
  10. Supplier relationship management to validate our partners;
  11. Business continuity plans to avoid business disruption;
  12. Compliance certifications to ensure we are meeting the highest standards.

With clients in highly regulated industries, such as finance, healthcare, and insurance, our security practices go beyond the baseline to deliver a truly integrated ISMS to meet our clients’ complex security needs.

Still have questions about what makes information security at IWCO Direct best-in-class? Feel free to drop us a line.

link https://www.iwco.com/blog/2017/03/31/information-security-management-system/
Chris Van Houtte


Chris Van Houtte

Vice President of Information Technology. Graduate of Minnesota State University – Moorhead and IWCO Direct team member for more than 10 years. Favorite award or recognition: Fatherhood. Personal business philosophy: “Patience, listening and a dose of common sense are key to successful outcomes.” Loves fishing and participating in/coaching his kids’ activities. Detroit sports lover – Lions, Tigers, Red Wings and Michigan Wolverines.

More Posts by Chris


Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.

Bob Rosser Has Been Elected MTAC Industry Vice ChairRead More
keyboard_arrow_upBack to top