Information security is for life, not just a certificate

Yoo Cheng Hwee told a HCMC conference on information security that more than 80% of of companies trying to implement an ISO 27001 ISMS had failed because they thought of the exercise as a one-off investment, rather than just the start of a life-long commitment to systematically and continuously improving information security.

He’s absolutely spot-on.

He went on to say that strong management support and tailored operational processes were essential to success. There are a few others as well (as I describe in Nine Steps to Success), but strong management support is undoubtedly the most important.