Scalability Across Complexities
With the idea now to implement a common control framework, those at ZS got to work. The idea was to create something that would be audit-ready—“something we could prepare once and leverage,” says Khan. But that idea wasn’t without its hurdles. “We wanted to ensure that our entire service delivery model was being secured across the board. So, be it a consulting project, be it a technology project, are we able to have some level of security delivered to our client? Because at the end of the day, good quality and a good compliance solution are tied to strong customer satisfaction.”
Though the new priority was the ISMS for their ISO 27001 obligation, ZS’s previous SOC 2 for their Javelin platform paved the way for some control overlap. “We had to enhance our policies and procedures, apply more reporting metrics, and sort our documentation. That’s where we added in some flavor to our common control framework related to ISO,” explains Khan.
Having provided several services and participated in scoping discussions for various compliance initiatives at ZS, Schellman personnel were impressed with their client’s dedication. “From what we’ve seen in the marketplace, everybody wants to put together a common control framework. It’s a big need, but we find it oftentimes hard for organizations to implement, because usually, controls are not a onesize-fits-all approach and must allow for some kind of flexibility, depending on the type of service,” explains Tylka. “But ZS has found that baseline of commonalities, and what they have in place now really sets them apart from their competitors.”