Alan Calder on IT Governance, information security & ISO 27001

The most recent survey from the International Organization for Standardization (ISO) reveals that there are now 898,000 ISO9001 certifications worldwide, a 16% increase on the previous year.

It also reveals that there are now 5,800 ISO/IEC 27001 certifications worldwide – only two years after the international standard was published.

In the information age, information security (think cybercrime, data protection, identity theft, cyberwar for starters) is probably more important than quality assurance – how long will it take until there are more ISO27001 certifications worldwide than for ISO9001? In answering this question, consider that ISO27001 is now a basic requirement for public sector contracts in Japan, is going that way in the UK, and provides an internationally recognized umbrella standard for meeting word-wide information-related compliance requirements as well as providing a practical, risk-based approach to managing information security in today’s world.

I’ve said often that ISO 27001 will experience the same level as take up as ISO 9001 did, and now it appears that others are coming to the same view. In an article announcing that the Federal Reserve Bank of New York is the first US institution to achieve the standard, Victor Garza asks whether ISO 27001 will be the new ISO 9001.

It will.

Sales of The Case for ISO 27001, Nine Steps to Success and of our ISO 27001 Toolkit have been growing so fast that we can already see how important this standard is becoming. We’ll soon be in “What? You’re not ISO 27001-certified?” territory.