IDG Answers is a community of experts who are passionate about technology. Ask a question or answer one below.
Indeed!! As we know something is better than nothing. If a company is having ISO 27001 certification it means they fulfill all standard criteria required to meet security level. In other side Better Business Bureau gives all business vews and affiliated company can get more trust than other one.
ISO standards are created by global consensus with end users actively participating. They're also reviewed and updated on an ongoing basis to ensure relevancy. The family of ISO management standards, which includes ISO 27001 for Information Security, are all about processes, which means they are equally relevant for small and large organisations. All great reasons why the likes of ISO 27001 have become internationally recognised and respected...
Whilst ISO 27001 is a great all-rounder, ISO recognise the need for more specialist standards too. In fact, they have just released ISO 27032 which provides guidelines for cybersecurity.
Achieving certification to ISO 27001 is far more than simply gaining a membership. It requires a third-party Certification Body to come in and check the organisation meets the requirements of the standard. You must also have a re-audit every year to ensure you still complying and continually improving. As such, it is a much more powerful message to clients.
Google have had their Google Apps for Business certified to ISO 27001 to demonstrate their information security credentials to clients, helping to alleviate concerns you have mentioned.
Right behind them is Microsoft. How many chances do businesses get to compete on a level playing field with the likes of Microsoft and Google? ISO 27001 can provide that sort of credibility to cloud computing providers.
I hope that provides some food for thought. If you would like to read up more on ISO 27001, i've written the following article.
It should. ISO is a rigid set of standards. While not the ISO certification that you are specifically refering to, ISO 27001 has been a gold standard for security standards for some time, and if a company (Google for instance) is ISO 27001 certified, it sends a message to me that they take security very seriously. I definitely respect ISO certification, and given the choice between two companies, one with ISO and one without, I would go with the one that is ISO certified. Check this out to get an idea how comprehensive the procedures and audit checklists are: