With the daily barrage of data breaches and companies paying billions of dollars in penalties, Smith & Howard
is doing something incredibly rare and cutting-edge to help companies and organizations protect their data and client information.
Last week, the top Atlanta-based accounting firm earned a coveted accreditation to help businesses achieve ISO/IEC 27001certification
. Smith & Howard is among just 20 firms accredited by the ANSI-ASQ National Accreditation Board
(ANAB) to help a business or organization attain the prized certification. ISO/IEC 27001 is the gold standard for showing a company has a globally-recognized and understood information security management system (ISMS) in place.
The internal controls maximize information security for sensitive information, financial data, intellectual property and employee records, to name a few examples.
“Our Enterprise Risk Security team, led by Marvin Willis, has worked incredibly hard to earn this rigorous accreditation that not only allows us to audit a client’s information security system but helps us guide them to ISO/IEC 27001 certification,” said Sean Taylor
, Managing Partner of Smith & Howard. “We are committed to being at the forefront of the challenging issue of information security, one that is facing every business and organization around the world.”
The certification signals to the worldwide business community a company has implemented an ISMS process that effectively identifies material risks confronting digital information and paper records, and has a comprehensive suite of controls aimed at addressing those risks. The business or organization is recognized as a reliable steward of sensitive information.
The certification from Smith & Howard offers businesses and organizations, as well as their clients and partners, the highest level of assurance that the ISMS approach has been examined critically and independently. The recommendations also allow an organization to avoid potentially substantial non-compliance fines related to other data privacy laws and regulations, such as SOC 2 and HIPAA.
“Implementing the highest level of information security is critical,” said Marvin Willis
, Smith & Howard Enterprise Risk Security practice leader. “ISO/IEC 27001 certification is a commitment to customers and partners that a company or organization has systematic and uniform information security controls across all offices and platforms. Every company that needs to protect sensitive data and improve the maturity of their information security program should look at achieving this certification.”