Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a)
The cloud and IT services intra-industry competition has propelled the interest, adoption, and obtainment of various security certifications, to include ISO 27001, and the age of acquisitions in the never-ending strive to provide the best-of-breed services to customers. Yet, these two actions leave the information security manager/professional in a difficult situation. The ever expanding addition of assets (to include human, physical, virtual, etc.) makes the process of maintaining a security certification all the more difficult and costly.
This session will look at the issues and difficulties companies face in managing their security certification programs (specifically ISO 27001, but could be applied to all security certifications) during acquisitions, the specific elements of the ISO 27001 certification that are affected, and examples of how security managers can approach these acquisition to ensure a healthy expansion of the security certification scope, making both the business and customers happy, while avoiding time and resource traps.