In today’s fast-paced digital world, trust isn’t just important; it’s essential. In this blog, Ciena’s Global Head of Security Governance, Risk, Compliance, & Customer Trust, Ashley Wyand, discusses how the Ciena Security team aims to exceed customer expectations by integrating proactive security measures, industry-leading frameworks, and transparent communication.

In part one of our blog series on our approach to providing the secure foundation our customers and partners expect and deserve, Ryan Hammer, Ciena’s Chief Information Security Officer (CISO), outlined how security and compliance are foundational to our operations. At Ciena, we recognize that our customers depend on us not only for cutting-edge networking solutions but also for the confidence that their data, systems, and partnerships are secure.

A commitment to security

Trust is the foundation of every strong customer relationship, and on the Ciena Security Team, we’ve made it a priority to maintain a proactive and dynamic security program. Our Confidently Compliant approach is designed to integrate diverse regulatory, contractual, and industry standards while safeguarding customer data, systems, and interests.

To achieve this, we’ve established a dedicated Security Compliance Readiness team whose mission is to create, maintain, and continuously improve a robust security control environment. This includes:

  • Driving risk-managed information and data governance
  • Managing and aligning with our Unified Control Framework (UCF)
  • Developing and maintaining a Ciena Customer Trust Center
  • Strengthening relationships with customer and partner CISOs, regulators, and industry bodies
Strong information governance = Strong data protection

Information is one of our most valuable assets, and we treat it with the same level of care as our physical infrastructure.  Our Information Governance program is designed to ensure that data - whether it pertains to customer information, employee records, intellectual property, or operational documentation - is effectively managed, stored, and protected throughout its lifecycle.

We have clear policies and processes to guide the creation, classification, access, sharing, retention, and secure disposal of information. These governance activities are aligned with global regulatory requirements, industry standard practices, and customer contracts to ensure our approach is consistent, compliant, and secure across the board.

Our governance practices include:

  • Data classification frameworks help to ensure sensitive information is correctly labeled and handled
  • Data retention schedules that follow applicable laws, regulations, and contractual needs
  • Strict access controls allowing the right people to have the right access for the right amount of time
  • Secure storage and transmission protocols to reduce the risk of unauthorized access
The Unified Control Framework: Our security backbone

Security is a top priority for our customers, which is why we developed the Unified Control Framework (UCF) to ensure we meet – and often strive to exceed – security expectations across regulatory, contractual, and industry standards.

The UCF is the backbone of Ciena’s security compliance program, helping us track, manage, and report on alignment with world-class standards and frameworks, including:

  • ISO 27001/2
  • NIST Cybersecurity Framework (NIST-CSF)
  • Center for Internet Security (CIS) v8 controls

At its core, the UCF is a “framework of frameworks,” built on the Security Controls Framework (SCF), which unifies 1,200+ security controls into one cohesive system. This enables us to manage multiple requirements efficiently, avoid duplicating work, and use evidence from one compliance activity to satisfy similar obligations in another.

Every control in the UCF acts as a checkpoint and guardrail to keep operations aligned with policy—and to alert us if something deviates.

Technology that powers compliance

To manage such a complex environment, we use an industry leading Governance, Risk and Compliance (GRC) platform. This cloud platform enables us to manage not only the entire UCF but also:

  • Security Risk Management
  • Policy Exceptions
  • Data Privacy (in partnership with our Legal team)

This tooling and process allows us to organize, track, and manage compliance activities seamlessly, helping us adapt quickly to evolving requirements.

Focusing on what matters most

With so many controls available, we concentrate on those most relevant to Ciena—driven by authoritative sources in three categories:

  1. Regulatory Requirements: More than 50 global regulations, including GDPR, SOX, SEC Cybersecurity Rule, and telecom-specific security laws
  2. Contractual Obligations: Customer-specific requirements built into contracts, often including the right to audit our compliance
  3. Industry Standards: Globally recognized benchmarks like ISO 27001/2, NIST-CSF, and CIS v8

This targeted approach ensures we focus on controls that truly matter to our customers and our business.

Understanding the needs of our customers means listening, responding, and exceeding expectations. That’s where our Security Customer Trust & Sales Enablement team comes in. This dedicated group:

  • Responds to customer inquiries and due diligence requests
  • Completes detailed security questionnaires and RFPs/RFIs
  • Conducts enterprise security risk assessments
  • Produces white papers, webinars, and other educational content
  • Manages our publicly accessible Security Trust Center on Ciena.com

Since its launch in 2022, this team has been instrumental in creating transparency around Ciena’s security posture, making it easier for customers and partners to perform their due diligence—and feel confident in our capabilities.

Why compliance is more than a requirement—it’s a competitive advantage

Some view compliance as a “necessary evil.” On the Ciena Security team, we see it as a strategic enabler. Our compliance program:

  • Tracks and meets customer contractual requirements, including audit rights
  • Maintains key industry certifications like ISO 27000
  • Demonstrates operational excellence to prospective customers and partners

Ultimately, a strong compliance program empowers every part of Ciena – from manufacturing and R&D to sales, marketing, and corporate operations – to operate with Confidence that we’re delivering on our customer commitments on Security.  It’s not just about meeting the standard – it’s about setting the standard for trust, transparency, and security excellence.

Moving forward together

At Ciena, we are committed to building trust through transparency, reliability, and security. Our Confidently Compliant approach ensures that every aspect of our operations – from information governance to compliance tracking – is designed to protect what matters most: your business.  Being Confidently Compliant isn’t just about passing audits – it’s about building trust through transparency, reliability, and striving for security excellence.

If you’d like to learn more about how Ciena’s security program supports your success, visit our Security Trust Center on Ciena.com or reach out to our Security Customer Trust & Sales Enablement team today.

Ciena’s Security Compliance Readiness Manager, David Moses, contributed to the authoring of this blog.