Earlier this year, CDW Canada successfully secured certifications for compliance with ISO/IEC 27001:2013 and NIST Cybersecurity Frameworks. Safety and security of both our own and our clients’ data continue to be top priorities of ours, and in an effort to stay ahead of the cybersecurity threat landscape, we are doubling down in our expertise by obtaining these internationally recognized standards and codes of practice.
What is ISO/IEC 27001:2013?
ISO/IEC 27001:2013 is a security management standard specifying best practices and comprehensive security controls, with a focus on requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of an organization. We have adopted this approach in order to manage our security in a holistic, comprehensive manner.
Our compliance with these internationally recognized standards and code of practice is evidence of our commitment to information security at every level of our managed services organization. A list of the services that are covered under this certification can be found here.
What is the NIST Cybersecurity Framework (CSF)?
The NIST CSF consists of standards, guidelines and best practices to manage cybersecurity-related risk. This Framework’s prioritized, flexible and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.
This Framework was published in 2014 and has relied upon multiple public workshops, requests for comment or information and thousands of direct interactions with stakeholders with the intention to improve critical infrastructure cybersecurity. Achieving this certification allows us to stay at the forefront of industry best practices, and to better position ourselves to adapt to the ever-changing cybersecurity threat landscape.
The Payment Card Industry Data Security Standard (PCI DSS)
In addition to our ISO/IEC 27001:2013 and NIST CSF certifications, we also hold PCI DSS which is an information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, Mastercard and Visa. PCI DSS applies to all entities that store, process or transmit cardholder data or sensitive authentication data, including merchants, processors, acquirers, issuers and service providers.
For our customers, holding this certification means that they can rely on our technology infrastructure as they manage their own PCI DSS compliance certification, as CDW does not directly store, transmit or process any customer cardholder data. This certification also further demonstrates our commitment to information security at every level and confirms that our security management program is comprehensive and follows leading industry practices.
Why Should Organizations Get Certified?
There are many benefits to adopting an internationally recognized standard like ISO, NIST CSF or PCI DSS. Adopting an information security risk framework like the ISO/IEC 27000 series prepares organizations to manage the security of their assets such as financial information, intellectual property, client or employee details or third-party information. These standards help you to elevate your organization’s security program and differentiate yourself from competitors in the marketplace.
Not only does the actual certification benefit you in the long run, but the certification process does as well. The implementation process will help you to build a strategic roadmap for continuous improvement and prioritize what initiatives and investments will offer the greatest impact on your organization’s cyber risk posture. In the end, your security initiatives will align with your enterprise risk and leave you in an effective position to protect your most critical assets.
If you are looking for guidance on your organization’s adoption of the ISO or NIST frameworks, visit cdw.ca/security to learn more about our readiness assessments and implementation services.