Liticode recommends the ISO standards for information security compliance. The ISO standards have one key advantage over any of the other generally accepted information security standards: they are industry neutral. HIPAA and its ilk are healthcare oriented. PCI-DSS, SOX, and GLBA are financials. NIST is too much of what we’ve come to expect from a bureaucracy a decade behind in information security. This means that ISO results can be compared across companies and still return an apples to apples comparison. We still offer other certifications for industry specific clients, like the ones listed above, but we recommend all mature companies obtain ISO certification. We like ISO because to be compliant, and be certified compliant, is not easy. Almost any business can pass an industry standard review, but it takes a well organized, solid company to obtain ISO certification. We strongly recommend it as a yard stick for mergers & acquisitions.
Liticode provides ISO certification services using our own methods that incorporate previous successful certifications efforts in the global community, not just our backyard. Our engineers and analysts help companies from Southeast Asia to Canada measure, adapt, and certify as ISO compliant companies. We walk companies through the certification process including in-depth examination, project management, and any necessary enhancements to existing security practices. We work diligently and methodically following a well worn path from information gathering to analysis and gap assessments. Clients adapt new practices, replace outdated methods, and add business operations to support the high standard of ISO.
ISO certification isn’t for every company, because it requires a backend support system of administrators and engineers to meet the task requirements. Companies that aren’t complex or mature enough to achieve all the requirements don’t get a pass. There is no “N/A” answer in any column. It takes a minimum of three months, and can be a multi-year process, depending on how much change is needed at the client sites. It takes at least one senior analyst and one junior analyst steadily working with a client over the duration and scope, and that means it isn’t to be undertaken lightly.
It’s also a positive sign of maturity. ISO certification is a badge of achievement and professionalism, and can differentiate one among many, or make a company significantly more attractive to investors. If every merger and acquisition went through certification prior to being absorbed, there would be a lot less excitement in M&A.
We’ll go anywhere in the world to help your company obtain certification. Give us a call.