Principal Consultant , London, UK
Achieving certifications can be quite expensive and time-consuming. A business needs to decide if it makes sense to invest the resources to achieve certification versus the business opportunities opened up by having certifications. For large global organizations there are benefits and business cases to achieving certification. For example, if a business wants to trade in Europe, then there is a requirement to comply with GDPR to earn the trust of European customers. Also, ISO 27001 is seen as a gold standard in information security by organizations not just in Europe but across the global. Does a business want to work with governments or healthcare providers? Again, these types of organizations will require businesses to meet specific information security standards/certifications such as CMMC & HIPAA to work in these sectors.
To read the entire article, please download the PDF below.
Firms often seek different certifications to security standards, and a variety have emerged to prepare the IT staff at companies to create more substantial barriers around each business’ data by following new information security standards.