Why Organizations Should Prioritize Cybersecurity Certifications

Earlier this year, CDW Canada successfully securedcertifications for compliance with ISO/IEC 27001:2013 and NIST CybersecurityFrameworks. Safety and security of both our own and our clients' data continueto be top priorities of ours, and in an effort to stay ahead of thecybersecurity threat landscape, we are doubling down in our expertise byobtaining these internationally recognized standards and codes of practice.

What is ISO/IEC27001:2013?

ISO/IEC 27001:2013 is a security management standardspecifying best practices and comprehensive security controls, with a focus onrequirements for establishing, implementing, maintaining and continuallyimproving an information security management system within the context of anorganization. We have adopted this approach in order tomanage our security in a holistic, comprehensive manner.

Our compliance with these internationally recognizedstandards and code of practice is evidence of our commitment to informationsecurity at every level of our managed services organization. A list of the servicesthat are covered under this certification can be found here.

What is the NISTCybersecurity Framework (CSF)?

The NIST CSF consists of standards, guidelinesand best practices to manage cybersecurity-related risk. This Framework'sprioritized, flexible and cost-effective approach helps to promote theprotection and resilience of critical infrastructure and other sectorsimportant to the economy and national security.

This Framework was published in 2014 and hasrelied upon multiple public workshops, requests for comment or information andthousands of direct interactions with stakeholders with the intention toimprove critical infrastructure cybersecurity. Achieving this certificationallows us to stay at the forefront of industry best practices, and to betterposition ourselves to adapt to the ever-changing cybersecurity threatlandscape.

The Payment CardIndustry Data Security Standard (PCI DSS)

In addition to our ISO/IEC 27001:2013 and NIST CSF certifications, wealso hold PCI DSS which is an information security standard administered by thePCI Security Standards Council, which was founded by American Express, DiscoverFinancial Services, JCB International, Mastercard and Visa. PCI DSS applies toall entities that store, process or transmit cardholder data or sensitiveauthentication data, including merchants, processors, acquirers, issuers andservice providers.

Forour customers, holding this certification means that they can rely on ourtechnology infrastructure as they manage their own PCI DSS compliancecertification, as CDW does not directly store, transmit or process any customercardholder data. This certification also further demonstrates our commitment toinformation security at every level and confirms that our security managementprogram is comprehensive and follows leading industry practices.

Why ShouldOrganizations Get Certified?

There are many benefits to adoptingan internationally recognized standard like ISO, NIST CSF or PCI DSS. Adoptingan information security risk framework like the ISO/IEC 27000 series preparesorganizations to manage the security of their assets such as financialinformation, intellectual property, client or employee details or third-partyinformation. These standards help you to elevate your organization's securityprogram and differentiate yourself from competitors in the marketplace.

Not only does the actual certificationbenefit you in the long run, but the certification process does as well. The implementationprocess will help you to build a strategic roadmap for continuous improvementand prioritize what initiatives and investments will offer the greatest impacton your organization's cyber risk posture. In the end, your securityinitiatives will align with your enterprise risk and leave you in an effectiveposition to protect your most critical assets.

If you are looking for guidance on your organization's adoption of the ISO or NIST frameworks, visit cdw.ca/security to learn more about our readiness assessments and implementation services.