In his ComputerWeekly blog David Lacey gives welcome airtime to the need for ISO security certification to be the cornerstone of an enterprise security programme. With organisations like Camelot, Misys, Nokia, The Co-operative Bank, COLT, Serious Fraud Office and Halifax Bank of Scotland already certified in the UK, we are surely going to see a wave of others following suit.
David notes that “closing the loop”, as he puts it, is presently quite a manual and time-intensive process, and muses on what the future might bring for managing the compliance process. I am pleased to say that at the forthcoming Infosecurity Europe show we will announce at least part of the answer, in the shape of the world’s first automated ISO 27001 compliance management system, which we have developed jointly with Gael, the UK’s leader in compliance management technologies.
Many other, complementary systems will doubtless follow, which will be excellent news for all of us concerned about information security management. Not only will these further simplify the task of building a best practice ISMS, but, crucially, they should make it far easier to uphold compliance after certification.