This is so amazing. Loved the comparison. Its a tricky situation. Most of the companies think about the compliance for business point of view. If they are compliant to a particular standard, they will be approved for further business. In PCI DSS also I have seen, payment gateways needs to show their compliance to PCI DSS framework before 1st transaction is hit (mostly based on the test data). One way to bridge this gap is to get compliance from a good auditor and then the enforcing entity (like a bank or payment brand) can do their own security checks after the compliance.
In some ways, the "security" companies set up this mindset with their ads.
What I saw at the top of a Google SERP today, "ISO 27001 Compliance - Get Certified Faster
The only All-in-One ISO 27001 compliance and audit solution with expert-guided automation. Breeze through an ISO audit with our audit prep and management tools and integrations."
What an amazing approach! Been questioning myself many many times. A challenging question though is which mindset to choose when compliance with a standard is not just a requirement or nice to have but an absolute business enabler. In other words, if you ate not compliant with standard X, you cannot sell to anyone. Is a balance achievable in that case, especially when the standard is old-fashioned?
This is so amazing. Loved the comparison. Its a tricky situation. Most of the companies think about the compliance for business point of view. If they are compliant to a particular standard, they will be approved for further business. In PCI DSS also I have seen, payment gateways needs to show their compliance to PCI DSS framework before 1st transaction is hit (mostly based on the test data). One way to bridge this gap is to get compliance from a good auditor and then the enforcing entity (like a bank or payment brand) can do their own security checks after the compliance.
In some ways, the "security" companies set up this mindset with their ads.
What I saw at the top of a Google SERP today, "ISO 27001 Compliance - Get Certified Faster
The only All-in-One ISO 27001 compliance and audit solution with expert-guided automation. Breeze through an ISO audit with our audit prep and management tools and integrations."
Maybe security shouldn't be a "breeze" ...
What an amazing approach! Been questioning myself many many times. A challenging question though is which mindset to choose when compliance with a standard is not just a requirement or nice to have but an absolute business enabler. In other words, if you ate not compliant with standard X, you cannot sell to anyone. Is a balance achievable in that case, especially when the standard is old-fashioned?