Columbia Advisory Group Adds Extended Detection and Response to IT Managed Service Portfolio with Abacode Partnership

"In this time of increasing global attacks, it is critical to have around-the-clock eyes on the network.”

— David McLaughlin, President and CEO, Columbia Advisory Group Tweet

DALLAS, TEXAS, UNITED STATES, June 13, 2022 /EINPresswire.com/ — Dallas-based Columbia Advisory Group (CAG), a leading provider of IT Managed and Cybersecurity Services, today announced the expansion of its services via a partnership with Abacode, a leading provider of managed Extended Detection and Response (XDR).

The partnership between CAG and Abacode will allow clients to one-stop-shop for specialized IT Managed Services, Governance, Risk Management, and Compliance (GRC), Virtual CISO services and managed XDR services to analyze data breaches as they occur.

As organizations face increasing threats of ransomware, data breach, and phishing, they must simultaneously upgrade their governance and compliance activities to minimize risk while simultaneously detecting and responding to breaches as they arise to understand, contain and prevent them. This capability requires increasingly scarce competent cybersecurity leadership and specialized, virtual Security Operations Center (vSOC) services that can investigate problems in real-time and provide visibility across the enterprise of controls compliance.

“Our many public-sector, educational, manufacturing, and health care clients already rely upon CAG for cybersecurity guidance and IT expertise. CAG is pleased to bolster our leading Cybersecurity practice by offering 24x7x365 SOC 2 Type 1 and 2 XDR services via our partner, Abacode. In this time of increasing global attacks, it is critical to have around-the-clock eyes on the network,” said David McLaughlin, President and CEO of Columbia Advisory Group.

“Abacode is constantly striving to push the technology industry forward by partnering with top-notch leaders in the MSP space,” said Greg Chevalier, Senior Vice President – Partners and Sales Strategy for Abacode. “Partnering with Columbia Advisory Group ensures that clients not only have their information technology operations humming along at peak efficiency with their managed services but now includes Abacode’s Managed Detection and Response and Security Operations Center support.”

About Columbia Advisory Group:

Columbia Advisory Group (CAG) is a well-respected Information Technology (IT) consulting firm. CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments, including many institutions of higher education, state agencies, and Fortune 500 customers. By focusing on practical solutions and straightforward analysis, CAG’s team supports many regulatory and economic environments and organizations of all sizes. Practice specialty areas include Cybersecurity, Infrastructure, IT Service Management, Application Management and A/V Services. Whether a client is high-growth or economically challenged, CAG can improve business outcomes with IT insight and support. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com.

About Abacode

Abacode combines leading technologies and professional services to implement Cybersecurity and Compliance programs for clients throughout the world. Abacode enables clients to implement a Cyber Capability Maturity Model and benefit from our expert Extended Detection and Response capabilities. Offices in the Americas and Europe. Learn more at Abacode.com or connect with us at insight@abacode.com

Ransomware Incident Response Planning

Ransomware attacks are ever-increasing globally. Here’s how to evaluate your cyber security partners and be resilient, when preparing for the worst.

Colonial Pipeline, Kaseya, Solar Winds, Microsoft… the list goes on and on. In the past 12 months alone, more than one third of all organizations globally have faced some type of ransomware incident, according to a recent survey by research firm IDC.

The ransomware industry has evolved in sophistication. Malicious actors even subscribe to Ransomware as a Service (RaaS), whereby criminal organizations lease ransomware variants the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a service.

RaaS kits allow malicious actors, lacking these skills or time, to easily develop their own ransomware variants that can be up and running quickly and affordably. Such RaaS kits are easy to find on the dark web. A RaaS kit may include 24/7 support, bundled offers, user reviews, forums, and other features identical to those offered by legitimate SaaS providers. The price of RaaS kits ranges from $40 per month to several thousand dollars – trivial amounts, considering that the average ransom demand in Q3 2020 was $234,000.

A threat actor doesn’t need every attack to be successful in order to become rich. RaaS is big business, with total ransomware revenues in 2020 of around $20 billion—up from $11.5 billion in 2019.

Clearly, ransomware incidents are not going away any time soon. In fact, they are accelerating. It is vital to create a digitally resilient institution that can absorb the impact yet not be crippled by the attack, in order to recover quickly without significantly impacting students, faculty, and research. Digital resilience represents the ability to continue to operate through an impairment and stay in business while minimizing institutional harm, reputational damage, and financial loss.

Resilient organizations:

  • know their networks and data
  • set targets, measurements, and goals for cybersecurity
  • employ best practices in change management
  • prioritize risks and intelligence for better decision-making
  • respond rapidly to incidents while maintaining operational readiness, reducing the risk of data loss, and preventing additional harm

Given this “new normal,” what attributes should you consider when selecting a partner to help you minimize your risk and create a ransomware playbook to maintain resilience?

Not all cybersecurity services are created equal. Consider this checklist as one way to evaluate cybersecurity partners:

1. As the old adage says, “You cannot determine where you are going until you know where you are.”

Select a partner that is able to baseline and assess your current information security program. Typically, reputable cybersecurity services begin with a detailed policy assessment AND vulnerability assessment. What do we mean by that? A policy assessment analyzes your organization’s cybersecurity controls and its ability to remediate vulnerabilities. These risk assessments should be conducted within the context of your organization’s objectives, rather than in the form of a checklist as you would for a cybersecurity audit.

A vulnerability assessment is a systematic review of security weaknesses in an information system. It evaluates whether the system is susceptible to any known vulnerabilities, assigns severity levels to those vulnerabilities, and recommends remediation or mitigation, if and when needed.

Any cybersecurity service that doesn’t include both assessments will leave your institution exposed and more vulnerable to ransomware attacks. Vulnerability scans are like a photograph and show a snapshot in time, and that picture can change daily. Therefore, vulnerability scans should be provided continuously (e.g., daily, weekly or monthly).

2. Ask your cybersecurity partner…

…how they will assist in improving cyber hygiene in the form of patch management, to prevent ransomware attacks from having an access point into your network.

3. Hire a partner to help you create and routinely update your risk register in cooperation with your Board and Office of Risk Management.

Access control and governance issues must be scrutinized by all involved parties. Cybersecurity risk management is comparable to other forms of risk management and is therefore a Board-level issue. For example, did you know an institution can lose access to federal financial aid if it’s found to be out of compliance with national standards, such as National Institute of Standards and Technology (NIST) 800-171?

4. Find a partner who will assist your institution in creating your unique ransomware incident response playbook.

Think of this as your ransomware crisis plan. Off-the-shelf playbooks are fine for understanding concepts, but since your organization’s network architecture, data, and faculty requirements are unique, your institution needs a customized playbook handy should the need arise.

5. Ensure your vendor partner performs or arranges for an annual third-party penetration test.

This “pen test” includes scanning your network for weaknesses and, optionally, attempting to exploit any vulnerabilities that can enable attackers to gain entry. This is critical as new vulnerabilities are discovered every day, and what was thought to be secure may no longer be.

6. An effective partner will audit your security controls against relevant cybersecurity frameworks…

…like TAC § 202 or NIST 800-53 R5, in addition to your state-specific frameworks that may govern data security. This is a regulatory environment that is constantly changing, and your partner should proactively provide you with compliance requirements and discrepancies.

7. Partner with cyber staff who routinely communicate with governmental and law enforcement agencies…

…to provide relevant alerts and trends to your CIO for remediation.

8. Every capable vendor should also be auditing your organization randomly…

…to confirm its compliance with your cybersecurity plan.

“Organizations face a clear and present danger, but the more salient truth is that boards and C-Suite leaders face a clear and present certainty since they bear liability for the failure.” Digital Resilience: Is Your Company Ready for the Next Cyber Threat? Ray Rothrock, 2018.


Via the E&I Columbia Advisory Group (CAG) contract, CAG is available to assist your institution with cybersecurity services, audits, planning, and to help with your ransomware incident response playbook.

The Cybersecurity “Perfect Storm” of 2020

The year 2020 brought us all incredible challenges as we coped with the impact of COVID-19, and cybersecurity is no exception. 2020 created the “perfect storm” for cybersecurity when you consider how each of these trends has created enormous opportunity for cybercriminals:

We are all online more, even inexperienced users.

As students, staff, parents, and grandparents navigate networks, devices, passwords, and classroom experiences, there are many opportunities for security gaps. How are networks being accessed? How secure is the student’s computer? Who is using the computer at home? What network are they working on? Do each of these people know how to spot and react to a phishing attempt so that they don’t divulge sensitive information about themselves or their online work? Cybercriminals know that phishing works, and they prey on inexperienced or inattentive users.

Our networks have new vulnerabilities.

Working, schooling, and researching from home means accessing campus networks from home on a variety of user-owned devices, and the workarounds can leave institutions vulnerable to hacking.

The allure of student data is irresistible to cybercriminals.

Hackers have always sought student data because it provides a lifetime of opportunities to use, manipulate, sell, and otherwise profit from identity details. In this exposed environment, the prospects are increasing exponentially, and cybercriminals are taking advantage. Schools and colleges are more than twice as likely as the average organization to be hit by a business email compromise attack.

University research data is like catnip for hackers.

That cutting-edge research your institution is doing is stored online somewhere, and hackers know how valuable it is. Expect them to try to crack your cyber vault. If your research includes COVID-19 studies, you’re at the top of the target list.

People overreact to messages that reference COVID-19.

Phishing attempts, spoofing, and malicious download links trick many users with phrases like “New COVID-19 Protocols – click here to download” or “Update your account with COVID-19 acknowledgement.” Hackers and cybercriminals know we have heightened attention to such requests, and they prey upon our fears and desire to cooperate.

IT departments are busier than ever and budgets are tight.

With so many new users to support, hybrid classrooms to set up, devices to deploy and maintain, and new issues to resolve, it’s likely your IT staff is stretched thin, while your institution may have frozen or reduced IT budgets to cope with tuition revenue reductions.

So, what can your institution do to combat these threats?

  1. Prioritize IT helpdesk support to help users navigate their online world and set up safety protocols for themselves. If your IT team is stretched thin, consider an outsourced helpdesk that is white-labeled to appear as a seamless part of your IT team. At CAG, one of our support desks handles 515 tickets a week for a regional university, allowing IT staff to focus on other urgent, critical, or strategic projects.
  2. Conduct a cybersecurity vulnerability assessment so that you know exactly where your gaps are.
  3. Update your institution’s cyber risk register and prioritize accordingly.
  4. Consider the cost of a breach, and then consider the cost of hiring cybersecurity support. (Each breach can cost an institution tens of thousands to millions of dollars, in addition to reputational damage.)
  5. Educate your community on cyber hygiene. This is a never-ending battle. CAG’s virtual CISOs can assist with strategies to help your campus communities.

If your institution needs assistance with your cybersecurity strategy, assessment, remediation, or a virtual CISO, please contact us here.

Learn more about E&I’s Columbia Advisory Group contract and get started today.

CAG clients rank in top tier for COVID-readiness

The Dallas Business Journal recently published the rankings for COVID-related instructional readiness for Texas colleges and universities as ranked by the non-profit Educate to Career. This year, these national rankings indicate how robust the software and systems for distance learning are at each higher-education institution. Two of the Tier 1-ranked Texas institutions, Texas A&M University – Commerce and Texas Woman’s University, are Columbia Advisory Group IT service customers.

Six North Texas universities scored in the highest tier and two in the lowest tier on a ranking of how adaptable they are to life and learning during the COVID-19 crisis.

Educate to Career, a California-based education nonprofit, ranked four-year schools into tiers based on factors including in-classroom instruction, quality and experience with online learning and other factors.

To be in Tier 1, the highest group, schools had to be able to deliver their full curricula online and in-classroom and have a minimum of three years of experience in delivering online curricula. Educate to Career also weighed each school’s tuition and fees.

The North Texas schools in Tier 1 were University of North Texas in Denton, Texas Woman’s University in Denton, the University of Texas at Arlington, Dallas Baptist University, Texas Wesleyan University in Fort Worth, and Texas A&M University-Commerce.

Other Tier 1 requirements include a physical campus for in-classroom instruction should health authorities allow colleges to open in September, robust software and systems to support distance learning programs, faculty experience in teaching online and reasonable tuitions and fees on a relative basis, according to the rankings.

Tier 2 universities have the systems required to deliver curriculum online and in-classroom. However, college faculty have less experience in delivering online curriculum than Tier 1 colleges.

In North Texas, Southern Methodist University and the University of Texas at Dallas (in Richardson) ranked in the second tier, according to Educate to Career.

No North Texas universities ranked in Tier 3, which is described as universities and colleges that “strongly emphasize in-classroom education over online teaching, and may not offer full curriculum online.”

Two North Texas schools ranked in Tier 4, described as colleges and universities that have “limited systems and experience in delivering online curriculum.”

Those were Texas Christian University and the University of Dallas in Irving.

Spokespeople for those two universities did not immediately respond to an email requesting comment about the rankings.

Improving Student Services and Recruitment Through Enhanced ERP

Improving Student Services and Recruitment through Enhanced ERP, SIS and CRM Integration

As higher education institutions strive to maximize actionable insights and student services across existing data pools, the need for complex data integrations continues to grow. When multiple campuses collaborate with curriculum and enrollment processes, the need for systems integration becomes even more critical.

As an IT provider to educational institutions across the country, our Enterprise Resource Planning (ERP) and Student Information System (SIS) teams are seeing increased interest in strategic enrollment partnerships, especially within college and university systems and community college districts. These partnerships require data clearinghouses to allow shared entities to recruit, enroll, receive tuition payments, advise students, and view student grades and course schedules at a central location for access by multiple higher education institutions, and despite variations in the software used at each member institution.

An excellent recent example is the RELLIS campus of the Texas A&M University System. The campus was created to feature high-tech, high-impact research facilities for technology development, testing and commercialization. The campus also features a collaborative education complex which offers multiple academic degrees from many universities within the A&M System as well as from Blinn College campuses, and offers opportunities for workforce skills training to the surrounding communities. CAG’s ERP specialist team was engaged to create a recruiting and candidate tracking system along with a complex data clearinghouse to facilitate enrollment and tuition payments across 10 colleges and universities.

“CAG’s team of IT experts are accustomed to the aggressive timelines and rigorous and evolving demands that an innovative project of this type will naturally entail. Their higher-ed focused IT services team will enable us to move quickly to provide integrated service to both our students and our member campuses,” said Mark Stone, Chief Information Officer for the Texas A&M University System.

In cooperation with leaders from each campus, the CAG team created data feeds from each institution that aggregate in Salesforce to allow students to take courses from any of their universities. The Salesforce CRM front-end allows RELLIS recruiting and marketing staff to drive student enrollment while back-end data feeds are unique to each institution due to disparate Student Information Systems at each university. This allows advisors to manage data from these universities and enter advisory notes that are pushed back to the system of record for each student. To achieve student authentication, CAG also integrated “single sign-on” for the institutions.

It was important to the Texas A&M University System to improve student service by simplifying the tuition payment process. The data solution CAG created allows payments to be made to the central location at RELLIS, and agreed revenue splits are subsequently sent to each institution. The clearinghouse gives students a single system login to view their course schedules and grades, thereby creating a seamless student experience.

For more information or a consultation on your data integration projects, please contact info@columbiaadvisory.com.

Spearphishing Defense Tips for Students

Cyber Criminals Conducting Successful Spearphishing Campaigns Against Students at Multiple College and Universities

Tips to share with students

By David Maxwell, Chief Information Security Officer & Director of the Information Security Practice at Columbia Advisory Group

The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. The Department of Education identified a similar spearphishing campaign targeting multiple Universities. In this attack, the cybercriminals sent spearphishing emails requesting students’ login credentials for the University. The email invited them to view and confirm their updated billing statement by logging into the school’s student portal. After gaining access, cybercriminals changed the students’ direct deposit destinations to bank accounts.

Protecting Yourself

For a phishing attack to work, the bad guys need to trick you into doing something. Fortunately, there are clues that a message is an attack. Here are the most common ones:

  • It is becoming much easier for cybercriminals today to find or purchase personal information so expect more personalized scams.
  • The email creates a sense of urgency, demanding “immediate action” before something bad happens, like closing your account. The attacker wants to rush you into making a mistake without thinking.
  • You receive an email with an attachment that you were not expecting or the email entices you to open the attachment. Examples include an email saying it has an attachment with details of Financial Aid or a letter from the IRS saying you are being prosecuted.
  • The email requests highly sensitive information, such as your credit card number or password.
  • The email says it comes from an official organization or uses a personal email address like @gmail.com, @yahoo.com or @hotmail.com.
  • The link looks odd or not official. One tip is to hover your mouse cursor over the link until a pop-up shows you where that link really takes you. If the link in the email doesn’t match the pop-up destination, don’t click it. On mobile devices, holding down your finger on a link gets the same pop-up.
  • You receive a message from someone you know, but the tone or wording just does not sound like him or her. If you are suspicious, call the sender to verify they sent it. It is easy for a cyber attacker to create an email that appears to be from a friend or coworker.

If you believe an email or message is a phishing attack, simply delete it or send it as an attachment to Email@Domain.edu. Ultimately, common sense is your best defense.

Do you need help managing cybersecurity at your educational institution? Contact one of our experts about cybersecurity assessments and fractional ISO services. 

Supplier Spotlight: Columbia Advisory Group

In conversation with Steve Erwin: Trends and Challenges for IT security in education
Our own Steve Erwin, Senior Vice President & Chief Technology Officer talks about present day trends and challenges for IT security in Education with E&I Cooperative Services. Click here for detailed interview.

Read More: https://www.eandi.org/resources/ei-blog/supplier-spotlight-columbia-advisory-group/

New Texas A&M University System RELLIS Campus IT Services Awarded To Columbia Advisory Group

New-Texa--A-M-University-System-RELLIS-Campus-IT-Services-Awarded-To-Columbia-Advisory-Group

Columbia Advisory Group (CAG) was selected as the nimble IT support service partner needed for the newly formed RELLIS Campus. TAMUS selected CAG after reviewing responses to a thorough Request for Proposal.

COLLEGE STATION, TexasJan. 8, 2019 /PRNewswire/ — Located eight miles from Texas A&M University College Station campus, the newly formed RELLIS Campus sits on 2,000 acres and offers classes to students pursuing degrees at campuses across Texas. As a pioneer in this shared-campus model, TAMUS needed to find a nimble IT support service partner to integrate student recruitment, enrollment, tuition payment, course scheduling, reporting, administrative and other IT needs across multiple parent campuses and data systems. After reviewing responses to a thorough Request for Proposal, TAMU System selected Columbia Advisory Group (CAG) as a partner in this new campus venture.

“CAG’s team of IT experts are accustomed to the aggressive timelines and rigorous and evolving demands that an innovative project of this type will naturally entail. Their higher-ed focused IT services team will enable us to move quickly to provide integrated service to both our students and our member campuses,” said Mark Stone, Chief Information Officer for Texas A&M University System.   

The contract also includes future integration of learning management systems (LMS) and single sign-on (SSO) capabilities.  The campus will feature high-tech, high-impact research facilities for technology development, testing and commercialization and a collaborative education complex to offer multiple academic degrees from many universities within the A&M System and Blinn College, as well as offer opportunities for workforce skills training to the surrounding communities. David McLaughlin, CEO of CAG, says, “Since the RELLIS campus is a completely new entity for TAMU System, this project required innovative thinking and a deep knowledge of higher ed processes and technology. Our team is ready to adapt quickly as the campus grows and needs evolve.”

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a highly experienced Information Technology (IT) consulting firm. With 100+ years of combined technology experience and business acumen, CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments. By focusing on simple, meaningful and practical solutions combined with straight-forward analysis and recommendations, CAG’s team has experience in many regulatory and economic environments with companies and organizations of all sizes. CAG not only offers a deep understanding of IT, but its solutions are software and hardware agnostic. Whether a client is high growth or economically challenged, CAG can adapt to the complexities and nuances of that business. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. 

About the A&M System

The Texas A&M University System is one of the largest systems of higher education in the nation, with a budget of $4.2 billion. Through a statewide network of 11 universities and seven state agencies, the Texas A&M System educates more than 150,000 students and makes more than 22 million additional educational contacts through service and outreach programs each year. System-wide, research and development expenditures exceeded $946 million in FY 2015 and helped drive the state’s economy.

E&I Cooperative Services Selects Columbia Advisory Group for IT Services

DALLAS, Nov. 28, 2018 /PRNewswire/ — Columbia Advisory Group (CAG) announced today that E&I Cooperative Services (E&I), the largest member-owned, non-profit purchasing cooperative serving the needs of education nationwide, has expanded its portfolio of contracts by adopting a CAG contract for Information Technology services. The contract, which was awarded by Texas A&M University-Commerce in a competitive solicitation process, will help E&I members in higher education and K-12 build, manage, and optimize IT infrastructure and services across their institutions, including hardware, software, cloud, enterprise applications, and more.

Specifically, members will be able to access CAG’s expert support for application management, cloud services, ERP implementation, Student Information Systems, Learning Management Systems, audio visual design, service desk support, and many other IT services, on a per project or fixed-fee contract basis.

“CAG brings exceptional consulting, strategy, data security and IT support services in a way that is flexible and scalable in every area of information technology—and at cost-effective rates,” said Keith Fowlkes, Vice President for Technology at E&I. “We are proud to work with a company with such a proven track record in education and many other sectors. They provide excellent full-service IT support to Texas A&M University-Commerce, and we recognized that the contract can significantly benefit many of our member institutions that have similar needs,” he concluded.

According to Travis Ball, Chief Procurement Officer at Texas A&M University-Commerce, “From Banner and Oracle support to an audio/visual refresh of our student center, CAG has proven to be a dedicated and professional partner in our IT success. We highly recommend the CAG team to any educational institution needing expert support.”

“With this exciting, new contract addition, we are more equipped than ever to offer our members the IT services and support they need to improve their operations while optimizing spend,” said Gary D. Link, Senior Vice President, Contracts at E&I. “Our ultimate goal is to continuously bring value beyond lowered costs, and we are confident that CAG will provide tremendous value to our members.”

E&I’s full contract portfolio can be found here.

About E&I

E&I Cooperative Services (E&I) is the only member-owned, non-profit purchasing cooperative solely focused on serving education and related facilities. E&I delivers expertise, solutions, and services through a diverse portfolio of competitively solicited contracts and value-added services. By leveraging the knowledge and purchasing power of its nationwide membership, E&I helps higher education and K-12 institutions reduce costs, optimize supply chain efficiencies, and save time on the RFP process. The Cooperative’s member-driven competitive solicitation process has been validated by the National Institute of Governmental Purchasing (NIGP) as complying with generally accepted procurement standards. For more information, please visit www.eandi.org.

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a highly experienced Information Technology (IT) consulting firm. With 100+ years of combined technology experience and business acumen, CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments. By focusing on simple, meaningful and practical solutions combined with straight-forward analysis and recommendations, CAG’s team has experience in many regulatory and economic environments with companies and organizations of all sizes. CAG not only offers a deep understanding of IT, but its solutions are software and hardware agnostic. Whether a client is high growth or economically challenged, CAG can adapt to the complexities and nuances of that business. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com

About Texas A&M University-Commerce

Founded in 1889, Texas A&M University-Commerce is a member of The Texas A&M University System. Located in Northeast Texas, A&M-Commerce is home to more than 12,000 students, four academic colleges, a thriving graduate school, and more than 140-degree programs. As the region’s focal point of higher education, A&M-Commerce offers students facilities ranging from the world-class Keith D. McFarland Science Building and University Planetarium to the Sam Rayburn Student Center, to a fully equipped recreational facility and music hall. The university also has convenient locations in Corsicana, downtown Dallas, Midlothian, McKinney, Mesquite, and Rockwall.

Columbia Advisory Group Awarded ISO 9001:2015 Quality Certification for Delivery of IT Services

DALLAS, Oct. 16, 2018 /PRNewswire/ — Effective September 21, 2018, Columbia Advisory Group (CAG) was certified for delivery of IT services under International Organization for Standardization

ISO 9001 is the international standard that specifies requirements for a quality management system (QMS). Organizations apply the standard to demonstrate their ability to consistently provide products and services that meet customer and regulatory requirements. It is the most popular standard in the ISO 9000 series and the only standard in the series to which organizations can certify.

“We are pleased to have achieved this certification to ISO 9001:2015 and believe it speaks to the culture of ‘Continuous Improvement’ here at CAG,” states CAG Quality, Risk and Compliance Director Lori DeMello. “We are focused on exceeding our customer’s expectations in all areas and this certification speaks to that ongoing commitment.”

CAG Chief Technology Officer Steve Erwin explains what the certification will do for CAG and its customers: “ISO standards and processes make it easier to share technological advances and good management practices as well as to disseminate innovation. The widespread adoption of International Standards means that we can develop and offer services meeting specifications that have broad international acceptance in their sectors, allowing us to supply customers in many markets around the world.”

About ISO 9001:2015

ISO 9001 was first published in 1987 by the International Organization for Standardization (ISO), an international agency composed of the national standards bodies of more than 160 countries. The current version of ISO 9001 was released in September 2015.

About Columbia Advisory Group

Columbia Advisory Group (CAG) is a highly experienced Information Technology (IT) consulting firm. With 100+ years of combined technology experience and business acumen, CAG’s team has assessed and helped improve the performance of more than 300 technology organizations and IT departments. By focusing on simple, meaningful and practical solutions combined with straight-forward analysis and recommendations, CAG’s team has experience in many regulatory and economic environments with companies and organizations of all sizes. CAG not only offers a deep understanding of IT, but its solutions are software and hardware agnostic. Whether a client is high growth or economically challenged, CAG can adapt to the complexities and nuances of that business. Based in Dallas, Texas, CAG works extensively with clients throughout the U.S. For more information, visit www.columbiaadvisory.com