To celebrate Clari’s ISO 27001:2013 information security certification, their CTO, Venkat Rangan wrote a blog post about their path to success. Venkat asked our team at Ekko, an ISO 27001 consulting firm, to work closely with Clari throughout the certification process, and to offer my perspective on their successful effort.
Getting Started with ISO 27001
From the start, it was clear security was a priority for the Clari management team. As they explained, their customers trust them with critical sales data and the Clari team believed (correctly) that the certification discipline would strengthen their security regime.
But anyone who has completed ISO 27001 certification knows a commitment to security is only the starting point. Clari came to us at Ekko looking for a partner to help them navigate the many technical details of the process — an effort that puts demands on every person in the company. Certification forces organizations to implement and document management and governance processes to ensure security controls are appropriately applied and maintained.
Process Design and Challenges
EKKO assisted Clari over nine months to assess the risks to customer data, looking in depth at real-world use cases. Although their pre-certification security was solid, we worked together to develop a security program and plan to become ISO 27001 certified in 2015. Together, we accomplished that mission, achieving certification in the first audit.
Throughout the program design and implementation, the Clari team and management staff supported all of our recommendations. Along the way, Clari educated us about the processes and platform architecture that support their very agile environment.
As with any agile and fast moving environment, unique security challenges are presented and this led to interesting discussions with Clari. We held weekly program management status meetings over the entire period and the Clari team remained engaged and committed. Thanks to our detailed and collaborative process analysis, Clari’s final implementation delivers all ISO 27001-recommended controls without limiting the ability of the business to run with the flexibility and agility it needs.
Certification Success and Data Security Confidence
Looking forward, a successful ISO 27001:2013 certification, with an associated security control environment and management framework, gives Clari a strong foundation to make additional compliance and security decisions as they grow. Their program will also support future regulatory requirements Clari may face, such as HIPAA, PCI, FedRamp, ISO 27018, SSAE16 SOC reporting and others.
In the end, the combination of Clari’s expertise developing technology solutions and EKKO’s strong process and governance approach created a winning team. Clari’s current and future customers can have the confidence ISO 27001 certification sets a high bar for the protection and governance of their valuable information assets.