ISO 27001 Why Bother?

It’s a right royal pain to get audited.  So why bother?

Here are some reasons why your business should invest:

  • Certificate on the wall.  Certification is bid candy and supports the bid process.  It helps provide credibility in the company to stakeholders.
  • Customer perception.  Some customers audit the company; having a set of policies and formal certification helps the audit process.
  • Raise the bar internally.  Forcing external certification helps to ensure that some of the basic information security controls are present.  While a 27001-compliant framework could be followed, having an external audit helps to encourage senior management support.
  • Raise the bar with suppliers. Formal certification is a useful lever to ensure that suppliers comply with good security practice, particularly where the contract is weak in this area.
  • Reputation protection. If something goes wrong and information is inappropriately compromised ISO 27001 certification can be one of the mitigation factors to demonstrate proper governance was in place.

All parties recognise that compliance is not security and that simply obtaining certification does not mean that all risks are managed or that information systems are secure.  The position taken is that certification is a small step in the overall information security strategy.

The costs

The company does not have a dedicated budget to secure information systems; its business priorities are not to secure information systems and senior management do not see information security as a top business risk.  The company management has agreed to this certification budget:

  • Annual external audit    £5,000
  • Internal resource             Half FTE
  • Management time          One meeting every two months
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s