By Eleanor Bennett
2 min read
For the next installment in our series of interviews asking leading security and compliance specialists about their achievements in their field, we’ve welcomed Rhia Dancel, Lead Auditor and CMMC Registered Practitioner with the NSF.
Rhia Dancel is an ISO/IEC 27001 and 9001 Lead Auditor for NSF-ISR as well as a CMMC Registered Practitioner and has previously held several auditing and technical positions in information security and pharma quality sectors.
Tell us about the business you represent, and what is their vision & goals? NSF International Strategic Registrations (NSF-ISR) is part of NSF, an organization whose mission for more than 75 years is to protect and improve human health. NSF-ISR is a leading global management systems certification body known for its superior technical expertise and high levels of customer satisfaction.
NSF-ISR is built on integrity and focused on public health and safety while facilitating a socially and environmentally responsible operation. We’re committed to offering a comprehensive portfolio of management systems registrations to internationally accepted standards for quality assurance and environmental protection for the automotive, aerospace, chemical, energy, medical and manufacturing industries.
We also have a strong focus on information security as this type of work is imperative to protect public health, especially with the increase of cyberattacks on our critical infrastructure.
What inspires and energises you within your work?
Whether I’m working with a two-person manufacturing shop, a startup, or an established Fortune 500 company, I’m always energized by helping my clients to improve their cybersecurity.
Even though resources, business objectives or risks may be worlds apart from one organization to another, our engagement naturally results from the fundamental desire to achieve the same goal: to protect the organization and its stakeholders. When it comes to the successful implementation and longevity of security principles within an organization, it’s truly a team effort.
Can you share a little bit about yourself and how you got into cybersecurity?
My career path has always focused on technical support. In my past life, I was a chemist conducting analytical method development and validations on Abbreviated New Drug Applications in the pharma industry. After nearly two decades, I decided to dip my toe in the infosec pool. Since then, I have been fascinated by the multiple layers of cybersecurity, the abundance of knowledge sharing, and the earnest support within the security community.
What one vital tip would you give to companies who are reviewing their cyber security?
Conduct a risk assessment to identify where the threats and vulnerabilities lurk within your organization. On a fundamental level, training and education for every employee throughout the organization are just as valuable. The team must always be your first line of defence.
Can you describe why the CMMC is important, in your own words?
CMMC provides assurance to the DoD (Department of Defense) that a company holding federal contracts has appropriate measures in place to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI) and to account for and protect how that information flows.
This is crucial when it comes to protecting information within our nation’s defense supply chain. Safeguarding on this level is a priority when it comes to our country’s defensive strategy.
If you enjoyed this article then why not check out our post on what is Cobit or our Linux cheat sheet?