At IT Governance, we have long known that compliance with the ISO 27001 information security management standard is essential for all US companies that wish to do business with the rest of the world. This requirement is fuelled by the ever growing threat of cyber crime and the increasing awareness of the data privacy rights of all individuals in target markets globally.
To win and maintain international business, your firm needs to demonstrate that it takes cybersecurity and data privacy seriously, and fully complies with all of the relevant laws and regulations.
This is particularly true for US technology companies, many of which deliver services and products using online web-based channels. Modern Internet marketing and sales methodology demands the acquisition of large databases of customers’ personal data. In return for purchasing goods and services, these customers expect that their data will be secured, stored, and used in an appropriate manner. From the big guys like Microsoft or Salesforce.com to the little guys trading internationally on Ebay, ensuring the data security and privacy of customers is just as important as delivering a great product.
I noticed a recent news release from InsideView, a CA-based market intelligence company, which announced “InsideView Expands ISO/IEC 27001:2013 Certification to Include ISO/IEC 27018”. This somewhat innocuous headline is hiding a really big message that is buried in the second paragraph:
Protection of personal information has become a globally recognized priority. Emerging regulations and frameworks, such as European Union Data Protection Directive and the US Department of Commerce Privacy Shield, will require data processors to provide specific protections and rights of access regarding personal information.
“This extension of our information security management system to include the ISO 27018 controls for personal data shows that InsideView is leading the market in preparation for new privacy regulations,” said Jenny Cheng, Chief Product Officer at InsideView.
If you are not aware of the importance of ISO 27001, I can recommend that you purchase and read the textbook: IT Governance – An International Guide to Data Security and ISO27001/ISO27002, Sixth Edition.
For those of you tasked with helping your organization achieve ISO 27001 compliance, please see our ISO27001 Foundation and Lead Implementer Combination Online training course.
Designed for delegates in the USA, this fully accredited, practitioner-led course provides an introduction to ISO/IEC 27001 and equips you to lead an ISO 27001 ISMS project.