Industry Fund Services (IFS) has empowered profit-to-member super funds in Australia since 1994, helping nearly six million Australians retire with confidence and dignity. It offers financial advice, tools and education, unpaid super recovery, and consulting services.
With the financial landscape increasingly focusing on stringent data security and compliance, IFS recognised the urgent need to bolster its
information security measures by achieving ISO 27001 accreditation. IFS selected Canon Business Services ANZ (CBS) as its strategic partner, given its extensive experience and a trusted relationship that began in July 2014.
“It’s truly been a long-term partnership, and I think this really speaks volumes about our trust in CBS’ commitment and reliability,” says David Saunders, Head of Technology at IFS.
The challenge: Meeting regulations and boosting data security
The Australian superannuation industry is tightly regulated, and APRA’s guidelines set rigorous standards for information security, including
CPS 234. IFS faced a substantial resource drain due to annual third-party security compliance checks, eroding confidence among business partners and clients.
David underscores the need for accreditation: “Our clients started asking for detailed security questionnaires, leading to a continuous cycle of follow-up queries. Achieving the internationally accredited ISO 27001 – which aligns closely with CPS 234 – was crucial for streamlining these interactions, enhancing IT governance and information security framework and improving client engagement and assurance levels.”
As IFS’ in-house expertise in
data security accreditation was limited, David turned to CBS, the company’s existing managed service partner. We had a proven track record and robust handling of technology controls, including change management and secure account administration practices like encryption and antivirus protections, crucial for IT system integrity and security.
IFS’ relationship with CBS gave it confidence in CBS’ ability to manage the complex requirements of the ISO 27001 accreditation process.
The solution: Tailored strategy and collaborative execution
CBS and IFS collaborated to tailor a strategy specific to IFS’ needs. This involved assessing its security practices against ISO 27001 standards and identifying critical gaps. CBS provided expert guidance, helping develop essential security management documentation such as risk assessments and statements of applicability.
“The ISO accreditation process involves consolidating artifacts that support our security management system. This includes everything from risk registers to statements of applicability and even the framework documents that underpin our entire information security management system,” David explains.
“The team provided us with templates and expert insights from their own ISO experiences, which significantly eased our audit preparations. This was immensely helpful, as it meant we weren’t starting from scratch, putting us ahead of the game in the accreditation process. CBS’ support helped ensure our IT systems and controls met international standards.”
David Saunders, Head of Technology at IFS
“We proactively engaged our internal governance and compliance team to validate our in-house skill sets,” says Robert Williams, CBS Account Manager. “Drawing from our own successful ISO 27001 accreditation journey and our knowledge of IFS’ systems as its Managed Services partner, we collaborated closely with the governance team to craft a comprehensive program of work to guide IFS through its ISO 27001 accreditation journey.”
“CBS helped identify key issues auditors typically focus on. They ensured that we’d addressed them before our audit, which significantly strengthened our position,” David adds.
Achieving ISO 27001 accreditation involved meticulous planning and adapting CBS internal practices to meet IFS’ specific needs.
David highlights the efficiency brought by CBS’s involvement: “Having CBS handle the technology controls meant we could focus on internal policy adjustments without getting bogged down by the data collection and compliance tracking that CBS was expertly managing.”
Results: Securing data and expanding business opportunities
The accreditation transformed IFS’ operations, enhancing its data security framework and compliance processes. This streamlined compliance boosted client confidence and expanded business opportunities by qualifying IFS to partner with more funds.
“Implementing ISO 27001 gives IFS customers confidence they’re partnering with a company deeply committed to data security. This eliminates the need for multiple third-party risk assessments, saving our team valuable time,” David explains.
“Certification unlocks new business opportunities for IFS and significantly enhances cyber resilience by adopting a risk-based approach and securing top-level management commitment,” he adds.
“One of the top outcomes I value most from our partnership is the technical and ISO expertise CBS brought to the table. The ISO standard involves managing 83 controls and having experts explain what each one aims to achieve was invaluable,” David says. “The team could pinpoint exactly what the auditors would look for and where we might have gaps. So, having their expertise on hand, especially not needing to grasp every detail immediately ourselves, was a significant advantage.”
With ISO 27001 accreditation in place, IFS plans to continually maintain and enhance its security measures. CBS’ ongoing ISO 27001 support is crucial for IFS to remain aligned with evolving security standards and uphold its leadership in data security within the superannuation industry.
“Our new ISO 27001 support contract with CBS will cover everything from infrastructure management to proactive support for maintaining ISO accreditation, such as preparing for upcoming surveillance audits. This isn’t just about one-off support; we see it as a continuous partnership to help us stay on track with our ISO requirements.”
The partnership between IFS and CBS exemplifies how strategically important expert guidance and collaboration are in achieving critical industry certifications. The successful project met compliance requirements and positioned IFS as a leader in data security, ready to face future challenges in a continually evolving regulatory landscape.