Customers rely on Calian when they can’t fail
When a cybersecurity company achieves ISO 27001 certification there’s good reason to celebrate. ISO certification is a demanding standard that instils confidence in the ability of an MSSP (Managed Security Service Provider) to run a world-class and trusted IT and cyber operation A reputable company operating on a global scale needs to have confidence in their partner’s ability to meet accredited standards for managing information security and the ISO 27001 certification validates that.
“The ISO 27001 is an intense process that many organizations can’t complete. It requires cross-functional alignment and drives continuous improvement around standards, SLAs and policies,” says Faisal Bhutto, SVP, Cloud and Cybersecurity at Calian. In fact, fewer than 1,300 organizations across the US and Canada held the ISO 27001 certificate as of 2020.
When the Calian IT and Cyber Solutions (ITCS) US facility achieved ISO 27001 certification, it was the culmination of a team effort that involved 25 employees, referred to as “Brainware”, and took six months of internal and external efforts to achieve. In the process, the team put into place the checks and balances necessary to meet the ISO standards and recommendations and implemented best practices that benefit Calian beyond satisfying the requirements for certification.
“It adds credibility and external validation for our clients that our structure and rigour around cloud operations and cybersecurity are solid—we are a trusted brand,” says Sacha Gera, President of ITCS at Calian. “It also positions us in the future for increased global scale and operational maturity,” he adds.
The ISO 27001 certification has even more benefits. It helps Calian comply with other frameworks, standards and legislation as well, including the EU General Data Protection Regulation (GDPR), HIPAA and the NIST SP 800 series. Exceeding standard security requirements demonstrates a proactive approach that is especially important for a successful MSSP.
“It is important for an MSSP that manages customer environments to have its own house in order before we can tell customers what to do with theirs,” says Bhutto. “This showcases that we are mature in security control and that practice can be aligned with our customers.”
Certification is Not a “One-and-Done”
The drive for quality and consistency doesn’t stop once the ISO certification is achieved. It must be maintained, and this requires diligence and consistent dedication to security, compliance and continuous improvement. It can also make it easier to achieve additional accreditation.
“This builds on our SOC 2 Type I accreditation and will help us move forward later this year with SOC 2 Type 2 certification,” says Gera.
To maintain ISO 27001 certification, organizations must conduct internal audits at planned intervals to provide confirmation that the information security management system (ISMS) conforms to the organization’s internal requirements as well as the requirements of the ISO standard. And it requires ongoing participation by all involved employees from senior leadership to staff level.
It's a lot of work, but the ISO 27001 certification sets Calian apart from its competitors. “I am really proud of the fact we have this industry certification,” says Bhutto. “It showcases that we don’t have major security and operational gaps and we passed all our audits with flying colours. It showcases the maturity of our organization and allows me the confidence to get in front of our customers to let them know they are in good hands.”
May 31, 2022
CANSEC 2022: The Calian Defence Journey
This article will examine the evolution of the Calian defence story across multiple business units—leading to the “all-up” defence solutions strategy offered today.
May 30, 2022
Meet the Experts - Kevin de Snayer
In today’s edition of Meet the Experts, we have an interview with Kevin de Snayer, Director of Cyber Solutions, ITCS, Calian.
May 27, 2022
Cybersecurity Mesh: Why is Everyone Talking About it?
A mesh platform ties security tools together to close security gaps across the organization, but it won’t happen overnight.