In terms information security standards, certification is against ISO 27001, which is the specification for an ISMS (Information Security Management System). The scheme is actually fairly mature, having existed with respect to BS7799-2 previously. And of course, 27001 has certain alignments in term of process with ISO 9001, which again, adds a degree of maturity.
With respect to BS7799-2, there is in fact a mechanism in place to hasten transfer of the certification, so by no means do those already certified against this has to start from scratch.
Certification itself is becoming increasingly popular, as security is more often viewed as an enabler, and as a market differentiator. There are in fact several registers of certified organizations around, but unfortunately, as certifications are granted nationally by different bodies, there is no complete global resource.
No comments:
Post a Comment