Name of Organization/Company: Tinuiti, New York, NY USA
Category: Compliance or Safety Team of the Year
In the early stages of Tinuiti’s growth, Information Security was always a priority. The organization had an individual appointed to manage and maintain IT Security as well as a privacy consultant on demand. Leadership quickly realized that in order to properly safeguard internal and client data, Tinuiti needed to quickly develop and implement plans to scale security operations from a start-up structure to formalized business processes during a time of rapid growth to address the critical business need of IT Security & Compliance.
We took immediate action to ensure that our IT Security would be led by someone with industry expertise and experience who could effectively build out a compliance program along with an internal security council. Our team provided the leadership and guidance ensuring the elevation of a high-performance security and compliance program that achieved SOC2 Type1 attestation while providing a world-class employee experience for over 850+ staff nationwide on a subject that is typically uninteresting to those not in the security industry.
-Developed innovative communications tactics to engage with all employees in a fun way, getting them to latch onto the importance of security/compliance efforts (usually a dull and dreaded topic). These tactics included a series of short videos called “The SOC Drawer” which were a few minutes in length, discussing security and compliance efforts to keep Tinuiti on track for SOC certification.
-Achieved SOC2 Type 1 certification with zero major exceptions.
-Creation and implementation of an entire suite of Information Security and governance policies that adhere to industry standard guidelines
-Established support SLA’s across IT team with over 97% adherence to resolve issues within 2 business days
-Implemented change management through Jira allowing us to approve configuration changes, avoid risk and track through completion
-Implemented Identity management via Jumpcloud, 2FA and password policies resulting in a 99% increase in identity protection across the enterprise.
-Remediated two of the major shared account vulnerabilities
-Implemented secure file sharing solution (FTP Today) to adhere to both SOC and Client, secure file sharing requirements
-Implemented 2FA via text to slack replacing an unsecured mass text message solution with one that meets compliance guidelines and sends code to secured and managed slack channels, moderated by approved individuals, adapting to be in compliance while meeting all client team requirements.
-Having a secure environment, including our SOC2 Type1 attestation, provides Tinuiti with a competitive advantage as a leader in the digital marketing space for compliance
-Implemented several internal audits including privileged access
Information Security is at the forefront of today’s digital age. The importance of safeguarding both internal and client data cannot be overstated. Tinuiti has a distinct advantage over many of the players in the industry in that we have a structured Information Security team, process and governance model as well as an emphasis and focus from our executive team on protecting Tinuiti and all of its clients.
Having a SOC2 Security attestation comes with a promise (and requirement) that Tinuiti will focus (and provide evidence) on continuous improvement in the Information Security realm, consistently building upon the current foundation we set in 2020-2021.
- The SOC Drawer video series was sent via Slack and email to the entire company. https://vo-general.s3.amazonaws.com/a1ab4161-9c30-4e28-88fc-d6ad384e3fe2/4617d3b8-0727-480c-90a9-76a6df4c4258?AWSAccessKeyId=AKIAJ4PRWO26HAX3IOCA&Expires=1720392268&response-content-disposition=inline%3B%20filename%3D%22The%20SOC%20Drawer%20-%20Shared%20Accounts-.mp4%22&response-content-type=video%2Fmp4&Signature=pNM%2B36vEYFS%2BGQlR%2BeGKhIy2pe0%3D
- FAQ page for employees: https://vo-general.s3.amazonaws.com/a1ab4161-9c30-4e28-88fc-d6ad384e3fe2/e8d1c95f-73f9-44b7-bc79-eed1ca365898?AWSAccessKeyId=AKIAJ4PRWO26HAX3IOCA&Expires=1720392268&response-content-disposition=inline%3B%20filename%3D%22SOC2%20FAQ.pdf%22&response-content-type=application%2Fpdf&Signature=9Gzs4UVR8IqiUdBZvVud5rh2SOs%3D
- Photo of official plaque: https://vo-general.s3.amazonaws.com/a1ab4161-9c30-4e28-88fc-d6ad384e3fe2/3079fb12-0b63-4a09-9c89-2c6923c147d0?AWSAccessKeyId=AKIAJ4PRWO26HAX3IOCA&Expires=1720392268&response-content-disposition=inline%3B%20filename%3D%22SOC%20Plaque.jpg%22&response-content-type=image%2Fjpeg&Signature=B2GtfblpsHgoh6KoCdHFaE3rUFM%3D