Certifications

This Framework consists of standards, guidelines and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

Originally published in 2014, this Framework for Improving Critical Infrastructure Cybersecurity has relied upon multiple public workshops, Requests for Comment or Information, and thousands of direct interactions with stakeholders from across all sectors of the United States along with many sectors from around the world.

ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls. This Standard specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) within the context of an organization.

CDW Canada has certification for compliance with ISO/IEC 27001:2013. This certification is performed by independent third-party auditors. Our compliance with these internationally-recognized standards and code of practice is evidence of our commitment to information security at every level of our managed services organization.

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard administered by the PCI Security Standards Council, which was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. 

PCI DSS applies to all entities that store, process or transmit cardholder data (CHD) or sensitive authentication data (SAD), including merchants, processors, acquirers, issuers, and service providers. The PCI DSS is mandated by the card brands and administered by the Payment Card Industry Security Standards Council.

CDW has compliance with both the SOC 1 and SOC 2 audits. A SOC 2 Type 2 report is an internal controls report capturing how a company safeguards customer data and how well those controls are operating. These reports are issued by independent third party auditors covering the principles of Security, Availability, Confidentiality and Privacy. Additionally, A SOC1 Type 2 report is an internal controls report, evaluating the effectiveness of implemented controls for financial reporting. These audits are completed annually and validate our commitment to delivering high quality, secure services to our clients.