Businesses looking to improve their cyber security posture should consider obtaining their ISO 27001 certification. Designed by the International Organization for Standards (ISO), ISO 27001 is a family of standards that helps organisations create a strong information security management system (ISMS), or a system-wide approach by which they can manage the security of their assets. Certification with the Standard helps businesses articulate to their customers their respect for data protection and security best practices.
Organisations' demand for ISO 27001 certification is expected to grow over the next five years, particularly after the European Union's General Data Protection Regulation (EU-GDPR) comes into full effect in 2018. Once that happens, companies will have an incentive to leverage ISO 27001 certification to demonstrate their compliance with the Regulation. That is especially true if security budgets continue to grow slowly and if the security skills shortage persists.
Given the forecasted growth of ISO 27001, it's important to ask the following: what are the drivers and challenges companies commonly face when they certify with the Standard?
To answer that question, IT Governance surveyed organizations based in 53 countries.
In its ISO 27001 Global Report 2016, IT Governance explains that survey participants had a variety of motivations for implementing ISO 27001. 69 percent of respondents said they chose to obtain their certification to improve their information security posture, whereas 56 percent of organisations said ISO 27001 certification would help them achieve a competitive advantage. Additionally, more than half (55 percent) of respondents said that the most important benefit of implementing the Standard was improving information security across the organisation.
That's not to say obtaining one's certification is easy. In fact, 51 percent of organisations had problems convincing the board about the importance of information security and implementing ISO 27001, with more than two-fifths (41 percent) of respondents reporting problems in securing employee buy-in. In response to those challenges, 39 percent of organisations seeking certification decided to outsource their e-learning staff awareness programs to third parties.
There is no shame in obtaining external assistance and support to ensure ISO 27001 compliance, especially when it's with a company like Metacompliance.
Metacompliance specialises in policy management software. It consults with companies to recommend process and security training changes that can better protect them and their staff. To help implement those changes, the Metacompliance team might recommend one of their security awareness training e-learning modules, such as one that focuses around ISO 27001 compliance.
Learn about how Metacompliance's eLearning solutions can help your company secure employee and executive buy-in to ISO 27001.