With cyber threats a constant presence, building a strong security posture is a must. For global enterprises like Accenture, an organization with over half a million employees and several thousand clients, that means ensuring the appropriate security systems, protocols, and controls are in place to protect our clients, our employees, and our own data and operations.
With threats constantly evolving, becoming riskier and more consequential, we must remain proactive, continually enhancing our approach to information security. Our security defenses need to span across the enterprise, protecting all areas of the business.
Our clients expect nothing less.
When tech meets human ingenuity
To meet our clients’ unique security expectations and address today’s dynamic regulatory issues, our Information Security team operates a global Client Data Protection (CDP) program. This program provides client engagement teams with the tools and processes necessary to identify and mitigate security risks over the lifecycle of a client project.
Our CDP process begins with the initial client sales discussions, when we work with the client to identify any inherent risks or security concerns that need to be addressed within our scope of service and solution.
These collaborative talks also focus on identifying and mitigating potential weaknesses within the client environments, clarifying accountability and removing any ambiguity regarding operational security controls and processes.
The results of each risk assessment and client discussion are then factored into our solutions so that they are secure from the start.
Creating a safer operational environment
Once actual project work starts, the CDP approach is implemented across all active contracts. This helps our client teams work with clients to drive a security governance and operational environment that addresses the unique security risks of each client engagement. We build a client-specific CDP plan for each client that includes:
Agreed-upon accountability for information security.
Security controls to be used to protect client data when accessed, handled, transmitted, hosted or stored, as well as the controls in place for potentially high-risk work assignments.
Technologies used such as hard drive encryption, workstation configuration scanning, USB storage device encryption, hard drive scanning and data loss prevention protection tracking.
Client team-specific training that incorporates unique client requirements and addresses project-specific risk factors.
Embedded subject matter expertise that shares leading practices and regularly reviews the effectiveness of client team security processes and controls.
Monthly review of key CDP metrics by our senior leadership including the CEO and COO.
Setting high standards
Our CDP program adheres to the highest and strictest standards for information security, including full compliance with ISO27001 certification standards. This international distinction, awarded by the British Standards Institution (BSI), serves as recognition for our client work from engagement inception to engagement completion.
Always up to date
Maintaining such high standards requires a continual refresh of our CDP program.
Going above and beyond
We embedded data privacy controls in the CDP framework that meet the requirements of the European Union’s General Data Protection Regulation (GDPR).
Working with our clients for GDPR
Our client teams must now confirm with their clients that an appropriate GDPR solution is in place for relevant areas of the account.
Strengthening our overall approach is the CDP program’s connected network of Accenture leaders to drive key information security objectives.
A valuable difference
The CDP program serves as one of our most effective risk management platforms, maintaining a strong security posture for our organization and our clients.
Given its success, CDP serves as a critical extension of our Information Security organization. An example is CDP’s alignment with the Security Operations Center (SOC), a centralized, in-house resource for real-time threat monitoring. With the SOC’s broad insight into risk compliance and potential threats, the CDP program helps drive improved, enterprise-wide compliance through its established security controls.
This approach provides the ability to mitigate such risks, preventing them from impacting our own internal environment or that of a client.
Through regular assessments and refinements to the CDP program, and a workforce that takes accountability for putting security first, we continue to improve how we protect the data of our organization and operations, and that of our employees and our clients.