Skip to main content Skip to footer
Case Study
Information Security at Accenture

Certified secure

Enhancing our information security management systems helped us meet the pre-eminent international standard—and keeps our clients even safer.

Call for change

Our clients count on us to keep their information—and their customers’ information—safe.

Part of that is making sure we’re meeting global standards for security. In 2023, our organization achieved and maintains enterprise-wide certification to ISO/IEC 27001:2022 standard, which is the only auditable international standard. In alignment with this certification, we regularly identify opportunities to improve policies and procedures, as well as data privacy and information security tools and platforms.

That’s why we decided to undertake a phased certification plan to develop and enhance our global and local information security management systems—and meet the pre-eminent international standard for information protection.

When tech meets human ingenuity

Our approach to achieving BSI certification involved team collaboration with Information Security, Global Data Privacy, and Information Security leadership as well as the creation of a Privacy information Management System (PIMS) Committee.

We restructured our security framework and controls to meet Information Security Management System (ISMS) standards and enhanced our information security posture with a 700+-person-strong Information Security organization.

We also conducted benchmark assessments against leading industry controls, and in March 2020 attained certification to ISO 27701 across Enterprise and Client Service Business by British Standards Institute (BSI). ISO 27701 was established to protect personally identifiable information and uphold international data privacy regulations.

In doing this, we are the first global organization to be ISO 27701 certified by BSI globally across both Enterprise and Client Service Business further validating Accenture’s processes and security controls.

Building a culture of security

Through continuing efforts throughout our organization to improve performance against benchmarks, we have built on our internationally recognized reputation for high standards in security—and been recognized for those programs.

Evolving with each release

Our team has garnered industry recognition for our secure frameworks, controls, and practices that evolve with every version released.

Continuous internal efforts

Regular employee testing, tailored training, and awareness campaigns bolster our internal resilience to security risks with proven results.

Recognition at Cannes

We received accolades for our custom Information Security employee learning content, winning Cannes Corporate Media & TV Awards in two categories.

An award-winning program

Our Information Security Advocate program received awards from the Brandon Hall Group and the Association for Talent Development.

Adding to our certifications

The prestigious ISO 27701 certification further validates Accenture’s processes and security controls for protecting client and company information, along with other certifications.

CIS Critical Security Controls Version 8

Maintains at or above industry peers across all control areas, validated by third-party assessment and benchmarking.

ISO 27701

Maintains certification for data privacy standards.

NIST Cyber Security Framework (CSF)

Assessed as operating industry-leading cybersecurity systems at the Highest NIST Implementation Tier by BSI.

CSA Security, Trust & Assurance Registry (STAR)

Awarded, and maintains, the highest Gold-level certification for Accenture-managed cloud infrastructure.

A valuable difference

By regularly benchmarking ourselves against leading industry controls and frameworks, the Information Security organization can validate the measures and programs we have in place to secure the information entrusted to Accenture by clients.

Certifications such as these assure our commitment to leadership in international standards for information protection. We’re proud to say that recent top-tier third-party security benchmarking results affirm that we outperformed even the most stringent peer group.

Our certification to ISO 27701 across Enterprise and Client Service Business by BSI not only validates our ongoing commitment to global data protection requirements, but also provides assurance for clients that Accenture protects PII data in accordance with recognized international standards.

"By maintaining the highest levels of certification, Accenture reaffirms that processes and security controls continue to provide an effective framework for securing information."

— Paul Kunas, Lead – Governance, Risk, and Compliance

Setting the standard

First global organization ISO 27701 certified by BSI globally across the Enterprise and Client Service Business, a global Standard by ISO/IEC for privacy information management.

Keeping clients safe

Certifies Accenture client engagement functions that process personal data globally, as well as personal data controllership of Accenture’s internal enterprise.

Meet the team

Paul Kunas

Lead – Information Security Governance, Risk and Compliance
LinkedIn

Wei Liu

Director – Information Security, Governance, Risk and Compliance
LinkedIn

Related capabilities

How Accenture does IT

Find out how our global IT organization stays at the forefront of innovation, providing the best infrastructure and services to serve our clients.