Microsoft Achieves ISO27001 Certification
Posted by John Verry on Mon, Nov 30, 2009 @ 02:53 PM
So the childish side of me wants to say I told you so ... but I'm above that so I won't.
It's been a while that we have been banging the ISO27001 drum. So the recent influx of significant cloud computing organizations like Microsoft and Salesforce.com is only a surprise in that they got on the wagons sooner than we thought they would.
What does this mean to you?
If you work for a company that needs to provide third party attestation -- quite a lot. It means the tipping point on 27001 being the de facto form of attestation is nearer than we thought -- likely less than 18 months. So if you don't yet have an initiative in place - it's probably time to do so.
Where third party attestation is not required its less clear what this means. Best guess is that ISO27001 will become somewhat "de rigueur" in that you will have to rationalize why you chose not to align yourself with the standard to key stakeholders and management (rather than the converse). I think it's hard to rationalize against leveraging a well vetted framework that simplifies Information Security by providing a method to our madness. Interestingly I had a conversation this week with the CISO of a $5 Billion entity that has no attestation requirements - yet he wants to move to ISO27001 for just that reason.
Or, review a Case Study for ISO 27001 by clicking here.