ISO 27001 is not only about safeguarding corporate information assets – it is also a godsend for organisations struggling to deal with regulatory compliance demands.
SOX, HIPAA, Gramm-Leach-Bliley, SB 1386, OPPA and others generate a welter of often overlapping requirements, which can quickly create a huge drain on management resources. However, ISO 27001 provides a highly effective way of cutting through this burden, resulting in very real efficiencies, as this case study shows:
“My audit preparation time dropped from about 2 months to under two days for the Federal Financial Institutions Examination Council (FFIEC) audit (done by the people who were concerned about SOX controls.)”
“My time spent with the auditors was reduced by 50% over a three week time span.”
Show that to people who question whether getting certified creates an ROI.