Tell us a bit about yourself
I’m Cathy D’Amato. I’m Vice President, Compliance. My role is to identify client requirements for certifications and assessments, liaise with all external auditors, ensure our lines of business are prepared for all regulations in compliance with documented due dates.
What does your company do?
Extreme Reach is the global leader in creative logistics powering brands and agencies everywhere with an all-in-one platform for the activation of omnichannel campaigns. In addition to supporting marketers with global rights management that is fully integrated with creative asset management, we also partner with entertainment and media organisations to manage their crew and vendor payments, production payroll, and accounting solutions.
Where are you based and how big is the business?
Our headquarters is in Dedham, Massachusetts. We operate in 140 countries and 45 languages, with 1,100 team members serving 93 of the top 100 global advertisers and enabling $150 billion in video ad spend around the world. More than half a billion creative brand assets are managed in Extreme Reach’s creative logistics platform.
What was your motivation for getting ISO 27001?
We initially sought ISO certification as a customer requirement to cover part of our operations in the UK. However, given our organisational growth and resulting increasing complexity across operations, the Compliance Department is using it to revisit policies, procedures, and risk management to drive consistently high security and processing functions across the organisation.
How did you implement it?
Extreme Reach’s initial ISO certificate relied on the support of an internal auditor. On a go-forward basis, this effort will be supervised by our VP of Compliance who attends training as required based on her professional licensing. We began by revisiting our risk assessment and registrar, assessing functional operations throughout our organisation and fine tuning/adding efficiencies as identified through our multiple control layers.
What was the most challenging part of implementing 27001
Truing up ISO 27001 and other standards such as AICPA (American Institute of Certified Public Accountants) and ensuring that we met both frameworks without building overly onerous/efficiency impacting controls.
What are the benefits of having ISO 27001?
ISO 27001 has been a differentiator for us for our customers and has helped us to win and retain clients as it provides us an independent assessment of our design and operational effectiveness. Additionally, the ISO and AICPA standards are foundational for risk management and help to drive other control framework requirements throughout our organization. The ISO and AICPA standards help to ensure that we are ready to meet any additional framework requirements such as Media Rating Council, Trusted Partner Network, and other Secure Supplier profiles.
What would your advice be to other companies who are also thinking about implementing ISO 27001?
Ensure that nothing is merely a check-the-box process. If our clients or personnel are not realising efficiencies or consistency through a control requirement, the requirement should be revisited.
The ISO 27001 Information Security Management System is the ideal mechanism for enhancing information security in your organisation. To find out more about this internationally recognised best practice standard, get in touch with the Technical Sales Team at Alcumus ISOQAR.