Information insecurity
Organisations are increasingly exposed for having serious information security failings, which can lead to the theft of customer data. It’s making me ask: why isn’t the use of the ISO/IEC 27001 Information Security Management standard (and the wider ISO/IEC 27000 series) more prevalent?
In the 1990s, when I worked for a huge computer services company, it became de rigueur to be ISO 9001 (Quality Management) certified. Large organisations back then would insist that suppliers were certified and those that weren’t simply lost business as a result.
Do organisations today insist on suppliers being ISO 27001 compliant and if not, why not? Greg Kendall