I have written before about the need to prevent viruses entering a corporate system via employees’ thumb drives, and that the profusion of portable storage devices makes this a priority for businesses. Now SC Magazine reports that a number of Apple’s Video iPods have been discovered to be carrying the Windows virus RavMonE.exe. I see that Apple is not ISO27001-certified. Perhaps, if it were, this wouldn’t have happened.
This article, about the accelerating take up of ISO 27001 in the UAE, reflects our own experience with our own consultancy clients – for the 3 to 4 local organizations that have either achieved – or are on the threshold of – ISO 27001 certification, there are another eight who have a project under way, and twelve more who are considering it.
In other words, the nearly 3,000 organizations worldwide who are so far certified to the standard are just the tip of the iceberg. When people talk about ISO 27001 as the ‘new ISO 9000′, it is the inevitable steep upturn in certifications – and the consequent recognition that certification will become a basic cost of doing business – to which they refer.
I’ve said often that ISO 27001 will experience the same level as take up as ISO 9001 did, and now it appears that others are coming to the same view. In an article announcing that the Federal Reserve Bank of New York is the first US institution to achieve the standard, Victor Garza asks whether ISO 27001 will be the new ISO 9001.
It will.
Sales of The Case for ISO 27001, Nine Steps to Success and of our ISO 27001 Toolkit have been growing so fast that we can already see how important this standard is becoming. We’ll soon be in “What? You’re not ISO 27001-certified?” territory.
Following on from the last post below, here is the proof. The IT Governance Institute is gearing up to release its 2006 Global Status Report, which was supposed to be available for free downloading from late February – presumably out any day now. It gave a sneak preview to ZDNet Asia, which revealed some striking variations in boardroom awareness of IT issues. Unsurprisingly, India scores highly – it has been interesting to note that many of the recently announced ISO 27001 certifications have been from Indian businesses – but Japan is weird: only 26 percent of respondents from there reported that IT is discussed regularly (or more often) by the board, compared to 63 percent of respondents worldwide – but Japan has the highest number of successful ISO 27001 certifications in the world, and ISO 27001 certification requires some strategic board input.
Generally, the ITGI is encouraged by progress since its last global survey in 2003. However, there remains a lot to do before most directors should sleep too easily at night:
‘The study also found that CEOs are responsible for governance over IT in only 24 percent of the organizations surveyed. As in 2003, CEOs and business executives are still hesitant to discuss IT governance. Shareholders should worry about this, because boards and CEOs are ultimately responsible for IT risk management and oversight over all major assets–including IT. Instead, the study found that CIOs are responsible for IT governance in 33 percent of organizations, and nobody is responsible in 6 percent of organizations.’
Congratulations to Attenda on gaining their ISO 27001 certification from the BSI. This makes them one of the first UK businesses to announce this achievement. For a managed services business having this in place is a must, so well done to them for being onto it quickly.
India has also seen its first ISO 27001 certification and the base of ISMS certifications did actually double last year – the total was 1,000 in December 2004, and it had reached 2,050 or so by early January 2006. I’d bet that there will be another 1,500 to 2,000 successful certifications this year – truly an increasingly essential standard.
In parallel, according to the United Kingdom Acceditation Service the number of accredited Certification Bodies in the UK for Information Security Management Systems has apparently risen over the past few months from half a dozen to 17, a clear sign that the issue is developing its own momentum – and good news, I hope, in terms of prices staying competitive!