As IT Governance recently launched its market-leading ISO27001 online packaged solutions, I was prompted to carry out some research on this international information security Standard. I was primarily interested in the rate of its adoption and how (if at all) the business drivers for implementing ISO27001 have changed in the context of proliferating cyber attacks and increasingly security-conscious, and therefore more demanding, customers.
ISO27001: A steady global growth
Despite ISO27001’s status as the leading international cyber security framework, there is a shortage both of recent growth statistics and of consolidated information on its impact. Latest research on the number of worldwide ISO27001 certificates only dates back to 2012, but it’s worth noting that even since then, certification to the Standard has shown a steady global growth rate of 13%, and some regions have registered a much greater growth rate: uptake of the Standard in Africa has increased by 60%, in Central America by 37%, and in Europe, the Middle East and North America by 21%, 23% and 27% respectively.
While I hope it won’t be too long until the ISO updates their statistics, I am glad there are some other sources that provide ISO27001 insight. Unsurprisingly, the most interesting and trustworthy information comes from the ISO27001 adopters themselves. www.iso270012013.info reports on a companies that have recently been certified to ISO27001:2013, and other companies have released press announcements sharing their successes.
How do adopters perceive ISO27001?
I may have been sold on the benefits of ISO27001 long ago (my company is also certified to the Standard!), but I was most interested to review what other organisations’ perception of ISO27001 is. What matters most to them? Is it the improved security, the confidence gained from using international best practice, or the business advantage gained by being able to tender for specific projects and distinguish themselves from the competition? In most cases, it is all of those reasons together, which is, I believe, what makes ISO27001 such a widely-adopted framework for cyber security.
So, without further ado, here is what ISO27001 adopters’ companies are saying:
“With infrastructure and services that include robust data protections for all customers, enterprises like Google are able to invest in security measures that might be challenging for businesses to attain on their own…As one of the world’s most widely recognized standards, ISO 27001 certifies the compliance of the systems serving Google Analytics and Google Analytics Premium. Assurances like these provide users with additional confidence and peace of mind when they use Google Analytics.” Google Analytics
“We knew that ISO27001 was not an easy standard to gain certification to. But we were also sure that Esri UK ‘reinventing the wheel’ as far as devising a management system for information security would have less value to us than adopting the ISO27001 framework, the global standard everyone knows and respects.” ESRI UK (Read ESRI’s full case study)
“Something else that we learnt at Eagle is that ISO27001 is a mind-set as much as a management standard. By seeing which important business processes fit into an ISMS, we were able to strengthen our whole approach to management. We would never go back to ‘ad hoc’ management strategies and the whole team wants to apply the ISO management system standards to everything that Eagle strives to achieve. We have found a winning formula for success.” Eagle (Read Eagle’s full case study)
“We wanted to measure ourselves against the most widely accepted security management framework. We also wanted an objective third-party assessment on the systematic way we manage sensitive company and customer information. Earning ISO certification confirms OneNeck is following internationally accepted best practices. It also demonstrates to our customers that we’ve built an ‘audit-ready’ Information Security Management System they can trust.” OneNeck® IT Solutions
“This certification further underscores that in both philosophy and action, we share accountability with our customers for their success. In addition to power and cooling, the physical security we provide to defend against potential vulnerabilities against the servers and data we house in our facilities is top notch and non-negotiable. This certification formally recognizes it.” CyrusOne
“Achieving ISO27001 certification provides marketers around the globe assurance that ExactTarget’s technology and processes meet the highest global standards. As the largest pure play marketing SaaS provider, ExactTarget is proud to be among the first marketing technology platforms in the world to earn this level of certification.” ExactTarget
If you’re not yet convinced of the advantages that ISO27001 certification brings, see our information pages on the ISO27001 benefits.
For those of you who are already ISO27001 converts and want to prepare for certification as quickly as possible, our four structured ISO27001 online implementation solutions will enable you to do this at a speed and budget appropriate to your individual needs and preferred project approach.