Knowledge

1/24/2023

Security assurances and ISO-27001 certification with third-party MSSP, Digital Edge

Case Study - teamDigital Promotions, Inc.

About Client:

teamDigital Promotions is a digital marketing agency based in Bethel, Connecticut. For over 25 years, teamDigital has led long-tenured industry-leading brands in various verticals including Financial Services, Sports/Entertainment, and Travel to drive their marketing engagements through creative digital-first promotional marketing campaigns. The firm dedicates their expertise to helping their clients solve business challenges via digital touchpoints.

Challenge:

As an organization that works on highly visible client engagements that can involve large information processing and data exchanges, including large volumes of consumer PII, they needed to assure clients that security is of paramount importance. They needed to implement an updated management system for governance of information security.  ISO 27001 is the leading international standard for information security and it focuses on the identification, assessment and management of risks to information handling processes.  Gaining the ISO27001 certification would ensure rigorous data security best practices are in place, which in turn sends a strong signal internally as well as to their customer base that there was an independent external evaluation and confirmation of the effectiveness of their Information Security Management System. Most importantly, the diligence required to achieve and maintain ISO certification helps to significantly mitigate tremendous risk at a time data security has never been more important.

Solution:

Initially, teamDigital realized that although it is not an industry requirement, it could be best served to exceed industry standards by investing to partner with a third party with expertise to help them attain ISO certification.  They engaged Digital Edge to provide guidance on a step-by-step compliance process which involved scoping and development of a roadmap for the project.  The key steps that Digital Edge guided them on was as follows:

  1. Scoping the boundaries of the Information Security Management System (ISMS)
  2. Establishing an ISMS governing body composed of senior management and key stakeholders from throughout the company
  3. Performing a risk assessment and gap analysis
  4. Effectively implementing the lSMS
  5. Performing an internal audit to assess the organization’s ISMS and its implementation
  6. Aligning with stakeholders as a partner while undergoing the ISO audit with an external third-party auditor

Customer Benefit

Through the certification process teamDigital was able to have a customized Information Security Management System that clearly outlines how their company integrates information security into their business processes.

Additional benefits to teamDigital

-       Streamlined internal processes

-       Alignment of key stakeholders throughout the process

-       Orchestration of the third-party audit

-       Facilitation and acceleration of time to certification - done within 16 months.

-       24/7 production support around Information Systems

-       Dedicated “Dev-Ops” with a team of highly competent cloud-engineers and professionals

-       Ability to exceed clients’ expectations as a best practice partner with ISO certification, which yields a competitive advantage

-       Mitigating data security risk through rigorous diligence to ISMS structure and best practices, along with timely ongoing monitoring

The experience of working with Digital Edge couldn’t have been better.  They partnered with us and provided guidance into the compliance process to lead us to an efficient and successful completion of the certification process and ongoing data security”

Says Kevin Conklin, teamDigital Information Security Manager

Business Impact:

As a result of the relationship established between teamDigital and Digital Edge, Digital Edge continues to provide counsel on all compliance concerns as well as additional IT support on a case by case basis.

●      Vulnerability testing and scanning

●      Preparation for surveillance Audits - additional audits as a result of the ISO 27001

●      Penetration Testing required by clients on a quarterly basis.

●      24/7 production support for tactical engagement and help desk matters on AWS related issues and problem solving.

Digital Edge continues to provide ongoing engineering, production and governance support that enables teamDigital to offer security and confidence to their clients.

Michael Petrov
Founder, Chief Executive Officer

Michael brings 30 years of experience as an information architect, optimization specialist and operations’ advisor. His experience includes extensive high-profile project expertise, such as mainframe and client server integration for Mellon Bank, extranet systems for Sumitomo Bank, architecture and processing workflow for alternative investment division of US Bank. Michael possesses advanced knowledge of security standards such as ISO 27001, NIST, SOC and PCI that brings into any solutions delivered by Digital Edge. Security solutions and standards are expended into public cloud such as AWS and Azure.

Was this article helpful?