One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 5944094 |
| Date de publication | 2022-07-26 10:03:09 (vue: 2022-07-26 00:05:48) |
| Titre | Half-a-dozen learning points from a \'27001 certification announcement |
| Texte |  This morning I bumped into a marketing/promotional piece announcing PageProof's certified "compliance" (conformity!) with "ISO 27001" (ISO/IEC 27001!). Naturally, they take the opportunity to mention that information security is an integral part of their products. The promo contrasts SOC2 against '27001 certification, explaining why they chose '27001 to gain some specific advantages such as GDPR compliance - and fair enough. In the US, compliance is A Big Thing. I get that. It occurs to me, though, that there are other, broader advantages to '27001 which the promo could also have mentioned, further valuable benefits of their newly-certified ISMS.I spot at least six general learning points here for organisations currently implementing ISO/IEC 27001: Elaborating on the broad business benefits of '27001 can be a creative and valuable activity in its own right. A well-designed and effective ISMS can achieve way more than protecting the confidentiality, integrity and availability of data, or satisfying GDPR and other compliance obligations. Although PageProof hints at some, it's unclear whether they truly appreciate its full potential but chose not to mention them in this promo. The eventual marketing/promotional value of '27001 certification is worth thinking-through. From the audience's perspective i.e. the organisation's third party stakeholders (particularly customers and prospects, plus partners, owners, regulators and other authorities), what worthwhile differences can they expect as a result of the certification? What are the main points that will truly resonate? How will successful certification be promoted, and how will it change the organisation's ongoing marketing, promotional and advertising activities - plus its operations (in order to satisfy if not exceed the market's expectations)? Rhetorical questions such as these may be raised and discussed at any point, ideally starting early-on in the ISMS design and implementation project, and gradually refined in the run-up to certification. Likewise, what about the internal corporate stakeholders - the managers, staff, contractors, consultants, interns etc.: how will the ISMS implementation project affect the workforce? What changes can they expect? What practical differences will the ISMS make? How can they get involved and help the process along (or at least avoid inadvertenly causing problems)? What are the key messages to be put across through internal communications at all stages of the project?Combining points 1-3 can help clarify the objectives of the ISMS - not just the detailed information risk and security objectives but more generally the business objectives, the rationale for doing all this stuff. What are the anticipated payoffs? Which of those be |
| Envoyé | Oui |
| Condensat | 27001 27001: about account achieve achievement across activities activity adding advantages advertising affect against all along also although analysis announced announcement announcing anticipated any applicable appreciate approach are audience authorities availability avoid before benefits better big bonus broad broader bumped business but can causing certification certified change changes chose clarify clear combining communications compliance confidentiality conformity congrats congratulations: consultants continue contractors contrasts control corporate cost costs costs: could creative currently customers dashboard data design designed detailed differences differently discussed doing dozen drawn drive early effective elaborating end enough ensuring etc even eventual evolve example exceed existence expect expectations explaining fair find five free from full further gain gdpr general generally generating get governance gradually half have help hence here hints historical how ideally identified implementation implementing implications important inadvertenly incidents indicator information inspiration instance instrumenting integral integrity internal interns involved isms iso iso/iec its just key kpis later learn learning least likewise main make managers markedly market marketing marketing/promotional marks may measure mention mentioned messages metric metrics more morning naturally needed new newly not now objectives obligations obvious occurs once one ongoing operational operations opportunity optimise order organisation organisations other out own owners pageproof part particularly partners party payoffs performance perspective piece plus point points potential practical prefer present privacy problems process processes products project promo promoted promotional prospects protecting put questions quick raised rationale raw read reason reducing refined regulators related report resonate result rhetorical right risk routine run satisfy satisfying say security should show six soc2 some specific spot staff stages stakeholders start starting stimulating strategies stuff successful such suggest systems take taking than thanks them there these thing think thinking third those though through top track truly turn ultimate unclear until updated usual valuable value various very way ways well what whatever whether which who why will workforce world worth worthwhile would you your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.