As companies continue to optimize their operations by going digital, information has become one of the most valuable assets that helps properly streamline your organizational processes.
Whether it be how the data integrity of your data acts as the foundation of proper automation implementations or how accurate digital records help ensure that generated reports are relevant and take into account your company’s holistic standing, the way you organize and secure your company’s information affects your optimization efforts, credibility within the industry, and reliability for clients.
As your company scales or diversifies further – alongside continuous technological innovation - the risks associated with data security also increase.
Because of this, Information Security Management System (ISMS) governing bodies are now as important as ever in helping organizations:
As a finance and accounting outsourcing company, we at D&V Philippines understand that the nature of information entrusted to us is confidential and sensitive. Keeping this in mind, we have data security as one of our top priorities – putting in the time, effort, and other resources needed to keep both internal and external information safe from any risks or vulnerabilities.
At its core, Information Security Management Systems (ISMS) refers to being able to systematically and holistically approach safeguarding an organization’s information. This is done by identifying, assessing, and managing security risks and developing a company-wide culture of data security awareness and implementing robust, up to date, and organizationally integrated information security measures.
Scenarios like unauthorized data access or data loss caused by malware are some of the risks considered when implementing ISMS strategies. Failure to mitigate these risks immediately can cause significant harm – not just within the company but also to its clients, resulting in serious repercussions such as unauthorized transactions or even data breaches.
To combat this, D&V Philippines adheres to ISM's three fundamental principles: confidentiality, integrity, and availability.
Despite common misconception, effective Information Security Management is not solely dependent on technology.
While staying up to date with the latest software does help protect your information from advanced risks, safeguards such as establishing secure systems, clear control of access through proper monitoring tools are essential. In these capacities, everyone in the organization plays a role. When these elements work together, organizations are better equipped to manage risks proactively rather than reactively.
As digital transformation increases the volume, speed, and complexity of our information and of data flows across organizations, information security has expanded from only being confined and applied to a limited location and processes to needing to safeguard your company's information on various platforms and online information centers – such as the cloud, exposing company and client information to an increasing variety of cybersecurity threats.
With D&V Philippines employing remote and hybrid work arrangements, we have had to go beyond the traditional boundaries of information security. Alongside this, our diverse client base requires us to be consistently compliant with various rules and regulations set by industry and country-specific governing bodies. Clients conducting due diligence now expect us to be able to have robust data protection practices and, as we are constantly committed to providing not just quality finance and accounting support but also quality service delivery process, we have taken the proactive steps to employ advanced ISMS strategies.
D&V Philippines first began to prioritize its Information Security Management efforts in 2023 as the need for a more structured approach to information security arose as our numbers grew. With the increasing trust that our clients gave us, we wanted to make sure that we not only passed their due diligence checks but completely assure them of any reservations they may have.
As we began our Quality Management System (QMS) initiatives last 2024, the company recognized the need not just for robust data protection practices but also to implement an ISMS that is aligned with the changing global technological landscape and standards and meet internationally recognized certifications. As we work towards obtaining ISMS certification, we are able to show that data practices have reached operational maturity.
Rather than treating ISMS as a standalone initiative, we integrated it into our broader management systems. ISM became a natural extension of our ongoing QMS efforts, reinforcing D&V Philippines’ commitment to quality, governance, and continuous improvement and ensuring alignment across policies, controls, and operational practices – all while avoiding duplication and inefficiencies.
Recognizing the need to protect client and company information regardless of our employees’ location, D&V Philippines implements globally recognized standards for securing data, whether the employee is working onsite or at home. External cybersecurity assessors routinely evaluate the company's hybrid work policy and set-up and rate our efforts well above the median security benchmark. These assessments confirm that we are able to appropriately secure data and protect against threats regardless of employee location.
For our clients, they are informed well before the engagement that protecting off-premises data is a core requirement of ISM and is one of our utmost priorities. In fact, D&V Philippines would not have adopted a hybrid work policy without full confidence in its ability to safeguard information. The systems and controls in place ensure that flexibility in work arrangements does not come at the expense of security.
Alongside our efforts to secure our clients’ information, we also make it a point that our ISM efforts extend beyond client data to protect employees and even applicant information. We recognized that personal data must be handled with the same level of care and diligence as client information.
Because of this, D&V Philippines complies with the National Privacy Commission of the Philippines, having a Data Protection Officer and a registered Data Processing System that validates the company's data privacy and processing practices and ensures compliance with Philippine data protection regulations.
What does this look like?
For applicants, the moment they submit resumes or personal information through the organization’s systems, controls are in place to protect that data. External forms display the Data Protection Officer seal as a visible indication of compliance and accountability. This approach reinforces D&V Philippines’ commitment to protecting all stakeholders’ information, not just that of the clients.
Similar to our Quality Management System (QMS) efforts, D&V Philippines places great importance in organizational controls – believing that it forms the foundation of any effective organizational strategy. For ISMS adoption, these controls define how information security responsibilities are assigned, how company policies will be established, and how compliance is enforced, monitored, and improved.
Our information security policies are clearly defined and communicated across the organization. This governance-driven approach strengthens our compliance efforts while also embedding accountability across the organization. As employees, management, and relevant project teams are aligned, the company ensures sustained successful implementation and allows for risks to be identified early and addressed systematically.
Organizational controls form the foundation of any effective Information Security Management System. These controls define how information security responsibilities are assigned, how policies are established, and how compliance is monitored and enforced.
People play a critical role in information security. Even the most advanced systems can be compromised if individuals are unaware of risks or fail to follow established protocols. Recognizing this, D&V Philippines places significant emphasis on people controls as part of its ISM efforts.
One of the first touchpoints for information security awareness occurs during onboarding. The onboarding process for new hires is designed to ensure that employees develop a strong foundation in data privacy, security protocols, and organizational controls from the outset. This early exposure helps reinforce the importance of information security as a shared responsibility.
Beyond onboarding, D&V Philippines invests in continuous training initiatives. Quarterly cybersecurity awareness training ensures that employees remain informed about emerging threats, best practices, and evolving security requirements. This continuous learning approach keeps knowledge evergreen and supports a proactive security posture across the organization.
By empowering employees with knowledge and awareness, D&V Philippines strengthens its first line of defense against information security risks.
Alongside people controls, physical controls are put in place to protect physical assets, facilities, and infrastructure from unauthorized access, damage, or interference.
At D&V Philippines, physical security measures are aligned with both QMS and ISM requirements. Access to facilities and sensitive areas is controlled and monitored to ensure that information remains protected at all times. These controls support the broader objective of safeguarding information regardless of whether it exists in physical or digital form.
We also have technology controls in place to protect information systems and digital assets. These controls are managed internally by the organization’s IT department, with no external parties involved — an approach that helps maintain confidentiality and reduces exposure to third-party risks.
Technology controls are designed to support secure access, data protection, and system resilience. By managing these controls in-house, D&V Philippines retains full visibility and control over its information security environment, ensuring that client and organizational data remain protected.
While controls lay the foundation for proper implementation, D&V Philippines recognizes that successful and continuous integration and improvement are largely due to employee willingness to embrace change. Policies and controls alone are not enough if employees do not understand or support them.
With both management and employees being well-accustomed to embracing change – a cultural mindset that has been positively recognized by ISO auditors during our QMS external audit held last 2025.
In this audit, they acknowledged D&V Philippines’ willingness to invest in process improvements, sustainability initiatives, and operational optimizations, saying that our cultural readiness makes it easier to implement new controls, adopt to evolving standards and help steer the company in the right direction.
When information security is embedded into organizational culture, it becomes a shared responsibility rather than a compliance exercise. This cultural alignment strengthens the effectiveness and longevity of our current and future ISM initiatives.
D&V Philippines provides scalable finance and accounting solutions that can adapt to any landscape. If you’re interested in learning more about our services, schedule a free consultation with us or you may download our Your Talent Sourcing Partner Whitepaper to see how we value our talents!
This article has been written in collaboration with Aly Tagamolila, a content specialist at D&V Philippines.