Launching the cybersecurity compliance initiative

James Smith, Environics Analytics’ Chief Compliance and Privacy Officer, is an experienced professional with an extensive background in compliance.  Back in 2016, he recognized the importance of cybersecurity compliance in the market and saw how security audits were crucial to govern the data that organizations across Canada rely on every day.

“Data security and integrity is top of mind for Canadian businesses across every sector,” said James. “Organizations rely on us to manage data securely. Audits are essential to providing the assurance that our team is maintaining the highest operational standards.”

Environics Analytics (EA) is a leading data analytics and marketing services company, helping clients achieve results through evidence-based decisions. As the leading source for data in Canada, EA wanted to establish a process that would keep EA at the forefront of compliance. James was responsible for executing the procurement piece of the audit process and immediately began a competitive process to find the best partner for this critical work.

“Compliance audits are extensive, and critical in today’s environment,” said James while comparing compliance to an insurance policy. “Like insurance policies, they provide the assurance that your organization is equipped to effectively govern and manage its day to day operations with confidence.”

Finding the right fit

The first call James made was to their data center supplier located in Toronto, Canada. “I knew our data center supplier was SOC 2 compliant, so I wanted to better understand their approach – the examination, process, and recommended providers,” he said.  “A-LIGN came up immediately in the conversation and they had nothing but great things to say about the auditing firm. They then sent over their issued SOC 2 report, which was well executed and highly detailed.”

James had reservations about the initial audit and knew he needed a firm that could guide him through the process. “I knew I would be using EA’s first audit as a training session not only for myself but also for our company as a whole,” said James. “The processes and procedures that we would establish would be felt everywhere in our organization, and support our security-first culture.”

After speaking with A-LIGN, James felt confident he found the right fit in an auditing firm and decided to move forward with their first endeavor, a SOC 2 gap assessment.

Kicking off a gap assessment

Beginning the compliance journey with a gap assessment allowed EA to ease into the process by understanding what areas they were excelling in, and where they could use improvement.  “The gap assessment increased my confidence and I felt more prepared to attempt our first audit,” said James. “Once the gap assessment was complete, I used our list of remediation items as a first step to better align our business and increase our security posture.” 

A gap assessment is a great way to start the compliance process because the pressure is off, so to speak – allowing you to address potential gaps prior to undergoing an audit that will be presented to your organization’s executive board and/or potential clients. 

Earning additional certifications

Following the initial gap assessment in 2016, Environics Analytics went on to earn their CSAE 3416 certification, SOC 1 report, SOC 2 report, HIPAA certification and conducted penetration testing.

“A-LIGN has a very consultative approach to auditing and truly provides the human element,” said James. “As the saying goes, ‘don’t know what you don’t know’ and that was very true for us throughout the various audits. The auditors are happy to provide guidance along the way and I have always found them to be fair.”

EA has found value in consistency over the years with the ability to pick up where they left off with the A-LIGN team, resulting in a seamless auditing experience. A large factor in the ability to easily move from one audit to the next is, A-SCEND, A-LIGN’s end-to-end compliance management platform.  “A-SCEND enables the stakeholder team to deduplicate efforts across multiple audits and therefore, save a great deal of time and resources,” said James. “It’s very helpful to look back at evidence gathered in past years and reapply to the current audit.”

Staying at the forefront of change

It’s no secret that the need for cybersecurity compliance is increasing. SOC 2 reports and other compliance programs are standard practice in both business development and day to day operations, and are often requested to support wider business initiatives.  “In 2018, I produced our audit reports about 50 times,” he said. “And counting, I’ve delivered over 300 reports to our clients”. As a compliance professional, this is something I wholeheartedly support and encourage.”

James knows that change is the new normal and advises anyone in the technology industry to be ready. “Its important to find an auditing firm who acts as a partner and will help keep you apprised of change. This way, you’re not treading water but instead, setting the path,” he said.

Next steps

To learn more about how A-LIGN can help your organization through a variety of cybersecurity compliance assessments and audits, please visit www.a-lign.com/services or complete this form and an A-LIGN expert will reach out to you within 24 hours.

About Environics Analytics

Environics Analytics (EA) is the premier marketing and analytical services company in Canada, helping thousands of customers across every industry sector turn data and analytics into strategy, insights and results. Established in 2003, the company specializes in using best-in-class data, analytics expertise and purpose-built software to address key challenges in areas such as consumer profiling and segmentation, multichannel media planning and execution, trade area analysis, merchandising strategies and site location decision-making. Environics Analytics is owned by Bell Canada.

For more information, visit https://environicsanalytics.com/en-ca.