How CDW Helped a Professional Services Firm Attain ISO 27001 Certification
As a critical step in ensuring its information security management systems were aligned with industry standards, the firm sought an expert team to aid its internal security teams with structured and proven guidance during the certification process.
The customer is a leading global professional services firm providing accounting, assurance, tax and consulting services to clients across a variety of sectors and segments. With a commitment to building long-term client trust and advancing their digital innovation strategy, achieving ISO 27001 certification marked a strategic milestone to reinforce the firm’s position as a market leader.
As a critical step in ensuring its information security management systems (ISMS) were aligned with industry standards, the firm sought an expert team that could aid its internal security teams with structured and proven guidance during the certification process.
“We were looking for a team who could complement our internal capabilities with deep ISO 27001 expertise and guide us through the certification process,” said a senior manager at the firm.
After delivering several successful ISO certifications for Canadian organizations and having previously worked on other projects with the customer, CDW’s Risk Advisory Services (RAS) team was chosen as their preferred partner for this undertaking.
In an engagement that lasted over 18 months, CDW enabled the firm to achieve the ISO 27001 certification with excellence. “Our expectation was to bring in a team with leading expertise and credentials in ISO 27001. The CDW team exceeded our expectations with their depth of expertise and seamless execution,” said the chief information officer at the firm.
The ISO 27001 certification
ISO 27001 is an internationally recognized security standard that focuses on securing information and managing risks related to the confidentiality, integrity and availability of data.
The certification process involves documenting and supporting a secure environment for handling sensitive information across the organization. For the firm, this meant a comprehensive review and restructuring of their internal processes to align with these standards.
How CDW collaborated with the customer’s security teams
As the engagement began, CDW’s RAS team members actively collaborated with the firm’s security professionals to scope out the project and address their needs. Drawing from experience from similar projects, CDW developed effective strategies and demonstrated foresight for delivering a phase-wise implementation that would maximize value.
Before embarking on the ISO 27001 certification process, the firm already had a dedicated and skilled IT team. “We have talented people with strong technical experience and institutional knowledge, so we focused on finding a team that could help us structure our approach to security to an industry standard,” said a security stakeholder at the firm.
To fulfill the certification requirements, the firm pointed out the following areas as their key needs:
Formalize security standards
While the firm’s IT team had significant ability and experience, they felt the need to formalize their existing security protocols as per the industry standards. They sought help in navigating the stringent requirements of ISO 27001 and the corresponding adjustments that they needed to make to their current security practices.
Implement process changes
The firm had to rethink its security processes that had matured over several years of careful progress. The internal team was accustomed to existing workflows and there was a need for expert guidance to help them embrace change, particularly in how they documented security processes and policies.
As a senior manager at the firm explained, “We knew there would be change. This project was a great opportunity to strengthen our security posture and keep building on the culture of continuous improvement that’s so important to us.”
Audit readiness
The firm was focused on ensuring the team was well-prepared for the internal and external audits that would scrutinize their security processes at a new, rigorous level.
Scope management
With several offices across Canada, the firm required a strong action plan. Selecting which offices and IT services to include in the certification was a critical decision. They sought to balance value with practicality, selecting six offices as the initial focus.
Delivering strategic security outcomes
From audit to advisory, CDW’s expertise played a crucial role in bridging the customer’s security needs.
Building an ISO-compliant structure
CDW provided the necessary expertise to help the customer structure its security practices according to ISO 27001. CDW’s RAS team helped translate the firm’s existing practices into formalized, repeatable and documented processes, ensuring they met the ISO standard’s requirements.
By closely working with the customer’s IT team, CDW was able to guide them through the changes needed to meet the certification requirements. CDW’s RAS team enabled their IT team to adapt to new documentation practices and security controls.
Proactive, hands-on support
CDW focused on delivering incremental guidance and regular knowledge transfer, ensuring that the customer’s team understood the rationale behind every decision. CDW’s RAS team was always available for consultations, whether for clarifications or resolving complex queries.
“Whenever we had a question, whether it was a technical detail or a strategic decision, the CDW team was quick to respond with clear, thoughtful guidance. Their accessibility made a real difference throughout the project,” said a security manager at the firm.
CDW also worked with the customer to identify the most critical areas for certification, focusing on the key offices to ensure they were able to bring the most value while managing the scope effectively. This approach allowed the firm to expand the certification across additional offices in future phases.
The impact of ISO 27001 certification on the customer
The ISO 27001 certification has already started paying dividends for the firm. With the certification in place, the firm now stands out in the market as an organization that meets high security standards.
The ISO certification has reduced the volume of time-consuming security assessments and questionnaires the firm needs to complete for clients and vendors, allowing them to focus on more strategic initiatives. This strategic advantage has allowed the firm to streamline client onboarding and win new contracts without lengthy security assessments.
How CDW’s expertise shone through
The success of the ISO 27001 implementation showcased CDW’s technical expertise. The CDW team’s ability to provide concise and clear answers to complex security queries was instrumental in guiding the customer through the certification. “Whenever we had questions about how to implement ISO for organizations of our size, CDW was quick to provide expert guidance,” said a security stakeholder at the firm.
The road ahead
Looking ahead, the customer plans to continue its collaboration with CDW. They have already engaged CDW for continued maintenance and external audit support after the completion of the ISO 27001 certification. This ongoing partnership will help the firm maintain their ISO certification and further mature their security processes.
“We gained valuable insights throughout this journey. CDW played a pivotal role in guiding us through the certification process, providing extensive knowledge transfer that will continue to benefit our firm for years to come,” said the chief information officer at the firm.