Each year, our sister publication Computer Dealer News hosts the Channel Elite Awards to recognize IT Solution Provider for their innovation, leadership, and commitment for creating value for their customers. As Canada’s leading IT channel publication, CDN invited solution providers to submit their best work to nine different categories for 2013’s awards. Here, we present the case studies these award nominees put forward to us. Find out who the big winners are on Sept. 11 when CDN presents them at the CEA Awards Gala.
Learn more about CDN’s Channel Elite Awards 2013
Nominee: IPS from Vancouver, British Columbia
Describe the solution or service provided
IPS has provided a variety of solutions and services to client’s, including a leading SaaS Market Research company, including the design and implementation of the client’s network infrastructure and application delivery network. IPS has also provided vulnerability assessments, penetration testing, ISO (International Organization for Standardization) audits as well as network and application assessments to the client. However, the solution that will be the focus of this submission is the annual SOC 2 Audit for security and compliance that IPS provided to the client. The Audit was an end-to-end review of the client’s controls and infrastructure from a security and compliance perspective, which IPS conducted to identify the gaps in the company’s current infrastructure and help them meet the requirements of SOC 2. SOC 2 is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. The client was seeking a SOC 2 audit with the purpose of assuring their customers that their technology, systems, and controls provide security, confidentiality and availability, processing integrity, and privacy.
What makes this solution original and innovative?
IPS provided a SOC 2 Audit for security and compliance to the client. The Audit was an end-to-end review of the client’s controls and infrastructure from a security and compliance perspective, which IPS conducted to identify the gaps in the company’s current infrastructure and help them meet the requirements of SOC 2, which is a report on controls at a service organization relevant to security, availability, processing integrity, confidentiality or privacy. The client was seeking a SOC 2 audit with the purpose of assuring their customers that their technology, systems, and controls provide security, confidentiality and availability, processing integrity, and privacy. The Director of IT for the client, says that the solution provided was innovative because it was provided to a SaaS organization that is rapidly changing and growing, and also due the fast changing landscape for data governance and cloud application security. IPS provided exceptional customer service and in-depth quality reporting. IPS also showed superior understanding of both the technical aspects as well as the business aspects of the project. Another reason that the solution provided by IPS went above and beyond the accepted norm is because SOC 2 is a relatively new security standard and is in the early stages of acceptance, so most IT security services companies are not able to provide the expert level of analysis that IPS provided. IPS’ security consultants were highly trained and up to date on the latest security trends and standards, including SOC 2, and were therefore able to provide analysis that most organizations were up to speed on.
What were the benefits to the customer’s sales, revenues, and/or efficiency? Provide measurable evidence.
The SOC 2 Audit allowed the client to assure their customers that their technology, systems, and controls provide security, confidentiality and availability, processing integrity, and privacy. “The SOC 2 Audit gave us the ability to provide confidence in our product line, as we venture into new markets, by guaranteeing that we meet compliance standards for data management.” says the client’s Director of IT. “It also enabled us to acquire customers with less friction in certain verticals such as retail, healthcare and finance”. The client’s Director of IT reports that the company has been able to reduce their period of new market inception from 1 year to only 3 months, and that this solution provided by IPS was a contributing factor. He also points out that an important benefit was that “We (the company) gained an understanding of the risks, and we are now able to provide evidence to customers that the company is on a structured roadmap to prevent risk.” The client has also reaped the general benefits from having a secure product. The SOC 2 Audit identified gaps in the company’s current infrastructure and allowed them to perform remediation functions to close those gaps.
How did your organization achieve customer satisfaction and how was this demonstrated by the customer?
Through the services provided to the client, IPS achieved outstanding customer satisfaction. The client’s Director of IT provided IPS with a testimonial which was published in an editorial in the July 2013 Top 100 issue of BCBusiness Magazine. The article includes the following quote: “Protecting the security of our Insight Communities and our client data is a critical focus for our business and for gaining the confidence of our clients. We (the company) rely on IPS’ security services and expertise to provide peace of mind so we can focus on our innovation and growth”. The client also demonstrated their satisfaction through ongoing repeat business. The solution IPS provided also benefited the client in terms of improving their customer satisfaction. The Director of IT says that the services performed by IPS as part of the SOC 2 Audit and resulting benefits has helped reduce friction when doing initial security audits. The SOC 2 Audit helped the client to assure their customers that their technology, systems, and controls provide security, confidentiality and availability, processing integrity, and privacy. He also says that it “helped generate repeat business for us (the company) because we do a yearly audit with existing clients, exposing us to the risk that these clients may decide not to renew their contract if they feel that the company is not secure. The audit shows our customers that we are still a viable solution.”
Describe the benefits of this solution to your organization in terms of new skills, certifications, products, and services.
The Director of IT for the client, says that a significant benefit that resulted from this solution was “the understanding and awareness at the executive top level of a security challenge and what is required from our product development and product management teams. Since the Audit, they have introduced SSDLC (Secure Software Development Life Cycle) practices across all our product teams, ensuring that security is a practice as opposed to an afterthought.”
How did the solution improve your customer’s ability to serve its internal and external clients?
The client provides SaaS market research solutions to their clients, so the company is responsible for protecting their clients’ sensitive data. Over 600 organizations around the globe, including a third of the top 100 brands, have come to rely on the private online communities developed and supported through the client’s cloud based software and global services. The SOC 2 Audit improved the company’s security posture, which is both a benefit to the company as well as their customers. The Director of IT for the client, says that “given the specific verticals and type of data that we manage on behalf of our customers, improving our security posture improves our customer’s security posture. Furthermore, it also reduces our client’s security exposure by protecting their customer’s personally identifiable information.” He also reports that the company has had a 0% rate of data loss/data exposure for both corporate and client data and that the SOC 2 assessment performed by IPS was a contributing factor.
How does the solution or service go above and beyond industry norms and expectations?
Having received the SOC 2 assessment and the resulting benefits of improved security posture and the ability to demonstrate the client’s dedication to security to its clients goes above and beyond industry norms and expectations for a SaaS offering. The Director of IT for the client says that “given the unique and disruptive space that we are in online market research, this does go above industry norms in that we are breaking new ground in the collection and management of our clients’ customers’ data in SaaS offering”. SOC 2 is a relatively new security standard and is in the early stages of acceptance, so most IT security services companies are not able to provide the expert level of analysis that IPS provided. IPS’ security consultants were highly trained and up to date on the latest security trends and standards, including SOC 2, and were therefore able to provide analysis that most organizations were up to speed on. The fast changing landscape for data governance and cloud application security, as well as providing this solution to a dynamic and rapidly growing SaaS organization presented additional challenges. IPS exceeded the customer’s expectations in satisfying all of their requirements and providing an outstanding level of service quality. In addition, IPS provided exceptional customer service and in-depth quality reporting. IPS showed superior understanding of both the technical aspects as well as the business aspects of the project.
How does the solution further your customer’s green or environmentally friendly plans?
The client is a SaaS market research firm. “An inherent benefit of a Saas solution is that you reduce the carbon footprint of any on premise solution – energy costs, operating the equipment. By offering our service globally, we have an environmentally friendly impact on a global scale”, says the client’s Director of IT. IPS strives to reduce the environmental footprint of our company, and our client’s organizations, as much as possible. By providing eco-friendly services to our clients, we also help other organizations, such as the client’s to be environmentally friendly. For example, all reports and event triage notifications are provided electronically, thereby reducing printing and other associated cost related to infrastructure. In addition, both IPS and the client utilize low power usage infrastructure to reduce energy consumption as well as reduce costs. As a company, whenever possible, IPS uses environmentally preferable products, services and practices. IPS regularly recycles or donates all its old electronic and physical equipment. IPS encourages staff to use public transportation or non-auto transportation for their commute to work and to client sites. This initiative has been successful in that 80% of IPS’ staff use non-auto transportation to work and the majority of their client sites.
