In the Spotlight: Data Security
Rod McLeod, Vice President of Information Technology Solutions, shares his experience maintaining high security standards in the Global Mobility industry.
Understanding that keeping sensitive personal information about clients and employees secure is a topic of global interest, which client concerns drive BGRS’s data security capabilities?
Rod: By the very nature of mobility, our clients share the most sensitive information they have about the people they employ, and obviously they have a very serious responsibility to ensure the information is protected. That is exactly what drives us and everything we do. We want to make sure that we are doing everything necessary to keep their employees’ and that vital personal information safe. We are exceeding requirements with many layers of defense, training, controls, and lock-downs; no one procedure is enough and we have built up a fort around the information protecting everything to the highest level of security.
As part of our process, we use our vetted global network of suppliers, which we govern closely, setting standards, auditing, measuring and ensuring all of our partners are doing everything necessary to protect the information. We monitor their processes to ensure they look after the data the same way we look after the data; they are obligated to follow all of our same strict procedures and our security controls, and they are equipped with the same technology necessary to meet our high standards.
Technology is ever-evolving and so security measures must be more innovative to guarantee its efficacy; how does BGRS ensure its security measures standup to technology changes?
Rod: That’s the constant challenge, isn’t it? Our team engages a set of vendors on the security side who automatically update key signatures for viruses, and we work with an industry standard training partner that provides our staff with what they need to stay apprised of the latest security advances. We keep our people plugged into current developments in security, constantly maintaining a high level of awareness in this fast-paced arena.
Not to mention, in 2015, our parent company, Brookfield Asset Management, developed a Security Council, comprised of 30-40 members from various BGRS-owned companies. So, we not only benefit from our own people’s and company’s knowledge and development, but from the many companies present on the council, sharing security understanding and awareness and what we all know to fortify our systems and processes. Furthermore, our portfolio is comprised of large multinational clients; these partnerships enable an ongoing evolution of our security measures. Each one of our clients plays a great role in pushing us to elevate and constantly evolve our current programs.
As regulations and legislation continue to evolve globally, how does BGRS ensure that we are fully compliant regarding information and data security requirements?
Rod: BGRS has a strong Legal and Compliance team, and a network of trusted legal resources around the globe, that ensures we stay up-to-date with data privacy laws. Additionally, we engage local counsel, especially in the countries that are setting the standards for security, such as Germany and Switzerland – where they have some of highest security and data privacy requirements in the world. Our team stays informed of legislative changes, e.g. the recent Privacy Shield, and they lead the charge for data privacy around the world, making sure that our corresponding processes, policies, approaches and programs are meeting those requirements.
How is BGRS shaping the role of security in Global Mobility?
Rod: BGRS is in the distinct position of being a major supplier to both the Canadian and U.S. Government whose standards of security are among the highest (i.e. NIST, FIPS, FISMA, and Canada’s ITSG-33) and that is where our security measures begin. When providing our corporate clients with security we have the experience and knowledge of servicing the public sector and we apply that knowledge to the private sector. We are certainly contributing to the awareness of security in the mobility industry. I think that by doing what we have been doing over the past few years, improving and strengthening the programs we’ve been implementing with our suppliers, we’re not only elevating our standards but bringing everyone who is in partnership with us to that same level.
Security doesn’t just begin and end with our clients; we are wholly supported by all of our leaders and drive these standards with all of our employees. We have implemented a mandatory annual awareness training program for all of our employees including topics about ethics, data and cyber security, and the program is always expanding to include additional topics. We encourage our employees to utilize the information they learn not only at work but to take it home with them as well. Security is 24/7 and we continue to elevate our understanding and raise the standard to which we hold ourselves accountable.