Archive for July, 2012

Alignment vs Compliance vs Certification

I have had a series of conversations recently where the concepts of alignment, compliance and certification of ISO 27001 were very confused. Certification was seen as horribly costly and alignment was held out as a good enough goal that was entirely achievable.

In this particular environment they were already ‘aligned’ and had achieved most of what they needed to do to be ‘compliant’ but were still scared of the impact of certification. I ended up having to come to a common set of definitions of alignment, compliance and certification to explain to a variety of security specialists and business stakeholders what they were discussing to try and defuse the fear that was starting to set in. Here are the definitions I ended up with.


Twitter RSS