Alok.Tripathi

Organisations regularly invest in their information security management systems (ISMS). These investments are a cost-of-business and cover the basics of fulfilling regulatory, compliance and certification requirements. However, most organisations implement ISMS based on the ISO framework, creating policies and documentation that are static and unwieldy – this creates a challenging situation. Documents can be open to interpretation and lose any real value envisioned by the ISO framework. The whole audit exercise becomes time-consuming, costly and cumbersome. As we see cyber security move from a simple operational topic to a business requirement, ISO certification costs (which, on average, are €200k to…