search

dwyl / ISO-27001-2013-information-technology-security

:closed_lock_with_key: Probably the most boring-but-necessary repo on GitHub. If you care about the security/privacy of your data...! :white_check_mark:
156 stars 42 forks source link

Compliance certification #23

Open RobAWilkinson opened 7 years ago

RobAWilkinson commented 7 years ago

Did you all hire an external firm to do a final audit of policies?

nelsonic commented 7 years ago

@RobAWilkinson good question!

First of all let me make it clear that I would (personally) gladly pay for an external audit so that we could use the "stamp of approval" on our website & client pitches. However the most of our clients do not pay attention to security (despite my best efforts to "educate" them). And we aren't going to approach banks and other companies who do require security auditing because "Big" companies don't tend to work with smaller web firms.

We handed over our policies and completed an extensive questionnaire and then our client (who required ISO 27001 compliance) confirmed that we were compliant. They did not require us to undergo the full certification. As a small company we cannot really justify spending $10-20k on a third-party audit unless we are certain that it will have an ROI. we do however have decent security "hygiene" in our team(s) and £10M in liability insurance so for now we are not doing a an external audit.

mndayizeye commented 6 years ago

Yes. Goodto every one how are willing to be with us

mndayizeye commented 6 years ago

Its OK for us let making clear it will be( personal) pay lecture all audit before complete the businesses