Challenge

To meet the pre-eminent international standard for information protection, Accenture decided to undertake a phased certification plan to develop and enhance its global and local information security management systems.

What Accenture did

Accenture restructured its security framework and controls to meet Information Security Management System (ISMS) standards and enhanced its information security posture with a 700+-person-strong Information Security organization. In 2014, the organization achieved, and now maintains, enterprise-wide certification to ISO 27001:2013 standard, which is the only auditable international standard. In alignment with this certification, Accenture regularly identifies opportunities to improve policies and procedures, as well as data privacy and information security tools and platforms.

Accenture also conducts benchmark assessments against leading industry controls, and recently attained certification to ISO 27701 across Enterprise and Client Service Business by British Standards Institute (BSI). ISO 27701 was established to protect personally identifiable information and uphold international data privacy regulations such as GDPR. In doing this, Accenture is the first global organization to be ISO 27701 certified by BSI globally across both Enterprise and Client Service Business further validating Accenture’s processes and security controls.

CIS Critical Security Controls Version 7.1

Maintains at or above its peers and industry verticals in all 20 categories, validated by third-party assessment and benchmarking

ISO 27701

Maintains certification for data-privacy standards

NIST Cyber Security Framework (CSF)

Assessed as “at” or “exceeding” in all categories against its peer and industry verticals by BSI

CSA Security, Trust & Assurance Registry (STAR)

Awarded, and maintains, the highest Gold-level certification for Accenture-managed cloud infrastructure

View All

People and culture

Through continuing efforts to improve performance against benchmarks, Accenture has gained international recognition, building a reputation for high standards in security. Accenture garnered industry recognition for its secure frameworks, controls, and practices that evolve with every version released. Regular employee testing, tailored training, and awareness campaigns bolster Accenture’s internal resilience to security risks with proven results.

Accenture has also received accolades for its custom Information Security employee learning content, winning Cannes Corporate Media & TV Awards in two categories. Accenture’s Information Security Advocate program received a Brandon Hall Group Gold Award for Excellence in Learning, as well as an Excellence in Practice award from the Association for Talent Development.

Value delivered

By regularly conducting third-party benchmark assessments against leading industry controls and frameworks, the Information Security organization seeks to validate the measures and programs it has in place to secure the information entrusted to Accenture by clients. Certifications such as these assure Accenture’s commitment to leadership in international standards for information protection, and recent top-tier third-party security benchmarking results affirm that Accenture outperformed even the most stringent peer group.

Most noteworthy, recent certification to ISO 27701 across Enterprise and Client Service Business by BSI not only validates Accenture’s ongoing commitment to global data protection requirements, but also provides assurance for clients that Accenture protects PII data in accordance with recognized international standards.

"By maintaining the highest levels of certification, Accenture reaffirms that processes and security controls continue to provide an effective framework for securing information."

— Paul Kunas, Lead – Governance, Risk, and Compliance

First global organization ISO 27701 certified by BSI globally across the Enterprise and Client Service Business, a global Standard by ISO/IEC for privacy information management

Certifies Accenture client engagement functions that process personal data globally, as well as personal data controllership of Accenture’s internal enterprise

View All

Meet the team

Subscription Center
Stay in the Know with Our Newsletter Stay in the Know with Our Newsletter