To certify or not to certify: That is the question

By Martin Quinn (Principal Consultant) 3 July 2014

Many of my customers and colleagues alike have been asking the same question in recent times, do you think we should get certification/certified? Or what value to you see in being certified? My answer is – it depends on your organization.

I have been an ISO27001 auditor for several years, I have also been involved in PCI certifications, APRA and I-RAP assessments in one form or another for almost 8 years, so have a good grasp of what is involved in the certification process.

So why would and organization want certification? Is it to meet a business requirement? Is it to gain a competitive edge over the competition? Is it a legislative requirement? Is it to become more efficient and effective?

Most organisations fall into one of the above categories.

No business wants to scrutinize the way they operate and be answerable to a 3rd party just for kicks – there needs to be a strong reason.

That said, certification does provide a lot of positive outcomes for an organization.

Businesses, which are certified, have proof positive that they operate in a defined, managed and repeatable method, and an external, unbiased body has verified this method.

The value that this provides, is two fold for:

Prospective customers

  • reduced costs in due diligence (additional assurance that they can trust the business)
  • meet business requirements

Current customers

  • improves product and service quality and consistency
  • continuous improvement culture already in place

And many businesses who proceed to obtain certification often have a better understanding of how their business operates through understanding the relationships between stakeholders and technical capabilities, making for a more efficient, and often collaborative approach in meeting their business objectives.

As stated earlier, Intact Security has extensive experience across many governance, or compliance regimes. Where we provide value is through assisting businesses, to prepare for and achieve these requirements for certification in less time than it would for internal resources.

Drawing on this experience, Intact Security provides preparation advice, guidance and focus on what meets the certification requirements, in the context of your business, clearing a path to certification.

Intact Security offers a 1-hour free consultation to understand and advise whether your business is suitable and ready for certification. Please contact Intact Security today to book your consultationon on (02) 8070 0083.

Relax. Your security is Intact.

Author: Intact Security
Google

Posted on by Martin Quinn in Security Blog