Protecting your organization’s most important assets
- Posted on March 7, 2018
- Estimated reading time 3 minutes
The most important assets for any organization are its people, data and its clients/customers. At Avanade, when an incident jeopardizes the safety of our employees or our corporate information – or any client data we’ve been entrusted with – our internal teams spring into action.
Our Avanade Asset Protection (AAP) team manages incidents while supporting security policies and standards to mitigate impacts. The team has seen it all – from natural disasters and terror attacks to misdirected emails and phishing attempts. The AAP team has regular sessions with various leaders across our organization to practice and refine the Avanade Global Incident Response Plan, Security Incident Response Plan and Business Continuity Plan.
The proactive rehearsals and continuous improvement activities undertaken by AAP make the local and global Crisis Management Teams confident that the appropriate Incident Response Management steps are taken to address any event that may occur.
Avanade is also proactive when it comes to safeguarding client data. Each of our clients brings unique security requirements, and we are committed to protecting our clients’ data and systems across all client service delivery engagements.
Every Avanade client delivery requires implementation of our Client Data Protection (CDP) program, an Information Security Management System (ISMS) framework of policies and procedures. This mandatory program ensures that a security process is undertaken and signed off before the start of a client project and continuously adhered to during the ongoing delivery of it.
The Avanade CDP program is a two-part effort consisting of a risk assessment to determine where a client’s risk lays in relation to the project, and based on the risk assessment score, a mitigation phase that uses a CDP plan comprised of more than two dozen security control categories operated by the client service delivery team – most of which are used by default on client projects. These controls are regularly checked internally for issues, and continuously monitored for compliance by independent internal teams across the globe.
Our industry-leading CDP program is ISO 27001 certified. This certification means that auditors have assessed our program and have validated that it has met the demanding standards of the International Organization for Standardization (ISO)and the International Electrotechnical Commission (IEC).
We are protecting data by default using our CDP controls. The encryption control, for example, places an obligation on Avanade to use encrypted hard drives, mobile media and certain data at rest. The Least Privileged Access control makes our project participants privy only to data or systems that are relevant to their roles.
Our CDP controls serve as the baseline for our efforts around data protection globally. For example, this year added new regulations in Australia and the European Union, the Notifiable Data Breaches (NDB) which went into effect on Feb. 22nd, and the General Data Protection Regulation (GDPR) which begins enforcement on May 25th. Avanade augmented its CDP controls to accommodate the requirements of both regulations. This example shows that additional compliance requirements can be met readily with modifying existing or adding new CDP controls.
A complex regulation like GDPR means that we strengthen our existing controls with the addition of a half-dozen control groups. Even if your organization is not under the purview of privacy laws like NDB or GDPR, CDP controls for projects ensure security processes are taken seriously.
At Avanade, we are committed to ensuring the safety and security of all our critical assets and safeguarding both company and client data, in the ever-changing landscape of risks, threats and regulations.