Why your ISO 27001 is failing and what you can do about it

You are currently viewing Why your ISO 27001 is failing and what you can do about it

If you are trying to onboard or grab a new customer, a customer who you have been going after for a while, a customer who can quickly bring good fortune to the organization and then when you are almost sure that the deal is going to be yours, they ask if you are ISO 27001 certified?

You were not expecting this question and also didn’t want to lose the customer. So you do a simple thing, you assure them of the said certification, and now you start looking for the best consultant that you can find. Then they find someone to help them get the customer on board. Yes, you heard it right. It is not just really about the standard yet.

You have implemented all the policies and procedures. You now ask your employees in a very subtle yet very sharp way to follow the documentation. You pass the audit, and easily, you get the customer. The story must have ended here, right?

It actually does not. A question arises WHY? It is because, up until now, it was all just about winning the customer. Out of all the customers for whom we have implemented ISO 27001, almost 80% of the clients that were interested in implementing ISO or any of the other standards as their client could not easily trust the posture of security till they received the certificate of compliance.

ISO 27001 will be effective only if you diligently follow all the types of good practices. Not in just the first year to pass the audit but also continue. We have seen organizations being rigorous and sincere with their security practices, and it was just to get the certificate and then be easily negligent.

ISO 27001 is a very effective standard if implemented and followed religiously. Let’s see the reason.

It quickly covers all the factors of information security.

It protects information and ensures that the people are also protected.

The standard provides you with enough room to set up a control in a way that suits your business.

It lets you set up your own objectives, and you can also review them as you go on.

It also lets you address and identify all the types of risks and also helps you treat them with the different variety of controls it offers.

To quickly reap the benefits of the standard, we just need to ensure that it is being implemented for all the right reasons and not just to satisfy the customer’s needs.

Most organizations lack awareness among their employees. Organizations must make it a point to spread the maximum level of understanding. This will easily ignite a sense of responsibility among all the people.

You just have to remember one good or essential security practice that can save your organization from a lot of trouble, and if you follow what has already been executed, then you will soon start to see what a good execution can unlock.

Leave a Reply