Smith + Howard Accredited as an ISO/IEC 27001 Certifying Body

Smith + Howard is an accredited certification body (CB) for Information Security Management System standard ISO/IEC 27001. The ANSI National Accreditation Board (ANAB) accredits certification bodies (CB) that demonstrate competence to audit and certify organizations conforming with management system standards ISO/IEC 17021-1, the international standard for CBs. Accreditation by ANAB ensures the impartiality and competence of the CB and fosters confidence and acceptance of the CB’s certifications by public and private sector end users.

The top Atlanta-based accounting firm earned a coveted accreditation to help businesses achieve ISO/IEC 27001 certification. Smith + Howard is among just 29 firms accredited by ANAB in the United States to help a business or organization attain the prized certification. ISO/IEC 27001 is the gold standard for showing a company has a globally-recognized and understood information security management system (ISMS) in place.

The internal controls maximize information security for sensitive information, financial data, intellectual property and employee records, to name a few examples.

“Our Cyber Risk Management + Compliance Security team, led by Marvin Willis, has worked incredibly hard to earn this accreditation that not only allows us to audit a client’s information security system but helps us guide them to ISO/IEC 27001 certification,” said Sean C. Taylor, Chief Executive Officer of Smith + Howard Advisory, LLC. “We are committed to helping businesses around the world manage the challenging issue of information security.”

The certification signals to the worldwide business community a company has implemented an ISMS process that effectively identifies material risks confronting digital information  and has a comprehensive suite of controls aimed at addressing those risks. The business or organization is recognized as a reliable steward of sensitive information.

The certification from Smith + Howard offers businesses and organizations, as well as their clients and partners, the highest level of assurance that the ISMS  has been examined critically and independently. The recommendations also allow an organization to avoid potentially substantial non-compliance fines related to other data privacy laws and regulations, such as SOC 2 and HIPAA by demonstrating organizational due diligence.

“Implementing the highest level of information security is critical,” said Marvin H. Willis, Smith + Howard Advisory, LLC’s Cyber Risk Management + Compliance practice leader. “ISO/IEC 27001 certification is a commitment to customers and partners that a company or organization has systematic and uniform information security controls across all offices and platforms. Every company that needs to protect sensitive data and improve the maturity of their information security program should look at achieving this certification.”