Use a Framework to Map Client Requirements to Your Security Practices
- Adopting a recognized security framework that has been tested and vetted enables a security posture that translates directly to client requirements.
- A framework serves as a basis for quickly complying with new regulatory requirements without having to start from scratch.
“When you adopt a framework that has been developed over the years, and vetted by many experts, it’s highly unlikely that a new standard can trip you up.”
As a leading provider of early education, preschools, and employer-sponsored childcare, Bright Horizons is expected to protect sensitive information about clients’ employees and their children. Javed Ikbal, who is the chief information security officer (CISO) and VP of information security, risk management, and compliance, says, “We are audited by our financial-services clients as if we are providing financial services to them. We are audited by our defense clients as if we are another defense contractor. Part of this is about securing client data, and part of it is about complying with regulations. We’re not simply complying with regulations that apply to us. Clients expect us to comply with the same regulations that apply to them.”