Enter your details below and we'll get back to you.
Maintaining Compliance with any Information Security Standard is often a long and winding journey. You never quite know what is over the horizon or around the bend, so what things should we look out for when the times comes for that difficult second audit?
‘To lose one parent may be regarded as a misfortune; to lose both looks like carelessness’. So said Oscar Wilde. Of course, he was referring to human relationships rather than info-security audits and, like Mr Worthing in ‘The Importance of Being Ernest’, sometimes it is no one’s fault when a second misfortune strikes. But in the case of repeat info-security audits, we can see from the common failure points that there are lessons to be learned.
Common failure points in repeat assessments are:
A repeat info-security assessment tells you that whatever you did first time round was not sufficient to keep your organisation compliant. Like an MOT, a security audit is only a ‘snapshot’ of an environment at a given time. All too often, a security assessment is seen as a ‘tick box’ exercise rather than a programme of ongoing maintenance. For more on developing an effective Info-Security strategy, read our blog on ‘Navigating the minefield of info-security compliance’.