There were, according to the most recently published ISO certification survey, nearly 13,000 organisations worldwide certified to ISO27001 by the end of 2009. This is an increase of about 40% over the number certified the year before and reflects what I have said on many occasions – the number of certificates will go up exponentlally as more and more organisations work their way through their initial PDCA cycles, often lasting a year or more, prior to their first successful certification audit.
And, as organisations turn to their supply chains and partners, looking for equivalent approaches to information security management, so the pressure for compliance mounts on every organisation that has confidential, valuable or personal information to look after.
Cyber risks, which emerge from the UK’s recently published National Defence Strategy as the most critical risk facing the UK economy over the next five years, are best defended against by deploying ISO27001 – which is why the standard is increasingly known as the ‘Cyber Security Standard’. The fact that ISO27001 is also international best practice for meeting a wide range of information, computer and data security regulations and laws makes its ever more rapid adoption inevitable.