Year-end is a time for all of us, regardless of industry, to take stock of how our departments and companies have performed over the past 12 months. This includes reflecting on new achievements, such as IWCO Direct adding SOC2, a report on the implementation and efficacy of controls, to our certification roster.
Our SOC2 report comes on top of our existing security accreditations that include:
- ISO 27001:2013 – the framework for our security program;
- PCI DSS – focused on protecting credit card data; and
- HITRUST – focused on protecting health care data.
Security is an Everyday Commitment
A year-end review also means looking at every aspect of your program, even those that are performing well, to identify areas where you can be even better. While our Information Security team will certainly be joining in this time of reflection, it will be as part of the everyday commitment that is required to deliver effective security.
We often point to our certifications as evidence of a strong security practice, but it’s important to note that attaining and maintaining them is not a matter of being successful at just one point in time. Information Security requires monitoring, analysis, and improvement not just at audit time or year-end, but continually, every day of the year. From new certifications and improved tools to enhanced testing and focused training opportunities, improvements to a security program can take any form and occur any time they are needed.
Training Supports the Security Journey
In addition to adding SOC2 this year, another example of how we’ve improved our security practices is by adding more training. While annual security awareness training is great, employees can always benefit from additional security training. The Information Security team has developed enhanced, focused training on some of the most pressing issues in security today, such as social engineering and incident response. It’s another way we foster the “security is everyone’s responsibility” and “security is a journey” ethos within every part of the organization so that we can be “audit-ready” every day of the year.
The daily goal of our security program is to protect our data and the data of our clients. To do this, we take input from our clients throughout the year on ways to improve and invariably become stronger every year due to our clients’ insights.
Want to know more about IWCO Direct’s commitment to deliver effective data security? Contact me here.
Subscribe to SpeakingDIRECT to have new articles delivered to your inbox as they post. We promise to keep it fresh and interesting.