June 18, 2010

Last Updated on January 19, 2024

I spoke this week at an event where I was discussing how globalization is impacting information security and used the McDonald’s at the Louvre in Paris as a very sad example of how we are unfortunately losing our regional cultures. On the plus side, that same McDonald’s and the 31,000 other McDonald’s around the world can teach us a lot about information security.
As a person who enjoys dining and tries to eat healthy – I’m not a really big fan of eating at McDonald’s.  That being said, I’m amazed by any company that can feed 47,000,000 (that’s million!) people per day in 31,000 restaurants across 120 countries and have their dining experiences all be so remarkably consistent.  When you consider the cultural differences, supply chain logistics, and the fact that over 1,500,000 employees are involved in the process … it’s an incredibly remarkable feat (especially when you consider that the vast majority of their employees don’t have a lot of education).  How do they do it?
McDonalds has developed nearly flawless, continuously improving, systems for EVERYTHING.  How burgers are cooked, the way the combo meals are packaged, the ratio of ice to soda in each cup, nothing is left to chance.  They have identified every possible process that could be systematized and then they’ve gone through the process of creating, documenting, implementing, and continuously improving each of those systems.  So what does this have to do with information security?  Everything.
We would all significantly benefit from developing an Information Security “playbook” like McDonald’s has for their business that defines the “system” that we need to put in place and the information security processes that we need to operate and optimize.  Fortunately, the basic framework exists: ISO-27001.  It’s an Information Security Management System supported by ~ 134 key processes (ISO-27002) that an organization needs to account for when securing their information and critical processes.  Better yet, it’s a system that has already been vetted by thousands.
So the next time you are struggling with the challenges of knowing you’re secure and proving you’re compliant … think about McDonald’s.  Is your challenge more daunting than serving 47,000,000 people every day in  31,000 restaurants in 120 countries?