Discussion
Do you look more positively on a company if you're considering a significant B2B purchase and the supplier has an ISO27001 information security certification (or require this)?
We've recently got this and it feels to me like the process to has been time consuming and resulted in writing lots of documentation. However, no concrete changes have been made (either process or technology) that make any (currently not very secure in some cases) systems more secure.
We've recently got this and it feels to me like the process to has been time consuming and resulted in writing lots of documentation. However, no concrete changes have been made (either process or technology) that make any (currently not very secure in some cases) systems more secure.
Does anyone have any experience with how "minimal" can you make 27001? - i.e. how far can you go in saying you tolerate the risk in an area that you're not comfortable being audited against and hence only have a few vague controls that don't really ensure you've "good security" but can easily be audited.
I think we have some confusion between senior management who think it's an easy to obtain marketing tool and IT who think we need to implement a list of best practices in all the areas (and need to do some significant work to beef up a lot of these) and we need to be a bit more clear about what we want this for. My thoughts are to get the certification as simply as we can and then identify risks we want to treat, treat them and gradually strengthen the policies once we've got this.
I think we have some confusion between senior management who think it's an easy to obtain marketing tool and IT who think we need to implement a list of best practices in all the areas (and need to do some significant work to beef up a lot of these) and we need to be a bit more clear about what we want this for. My thoughts are to get the certification as simply as we can and then identify risks we want to treat, treat them and gradually strengthen the policies once we've got this.
Gassing Station | Business | Top of Page | What's New | My Stuff