Discussion-1:
Microsoft has the ISO 27001 certification. One of the fundamental reasons the ISO 27001 is very important for organizations like Microsoft is because it helps the organization in basically competing with the Amazon web service and other cloud-based competition. It also helps them in edging out the customers when it comes to ensuring a different level of reliability that Microsoft can offer and therefore it is not only helps the organization in marketing itself in a better way but it also helps organizations in retaining its current market share and at the same time expanding its own customer base to the outside world. This can be a business-to-business customer base or a business to customer business model. Another very important reason why Microsoft would benefit usually from the certification as it’s ability to assure it’s customers at the highest level of quality standards that it is maintaining within itself where it’s offering it service as an infrastructure-based platform to its customer.
In a large organization with Microsoft risk management becomes very important in handling different types of problems that are internal as well as external and certifications help the organization in ensuring that they are complying with the latest standards and rules and structuring problem-solving solutions in a manner that is within the compliance with the rules and with respect to the outside world. This is because there is a definite audit that is taking place in the organization in a periodic manner. This therefore helps the organization in having a certain standard maintained and therefore makes enterprise risk management easier for the organization as when one part of the organization raises the bar, all the other parts of the organization will have to comply and meet those standards.
Discussion-2:
The ISO 27001 is a set of rules and a framework that aims to set standards for security. Even though it is no legal requirement for the organization, it addresses the legal obligations of a company arising from security requirements. The current organization I am working for has not acquired the ISO 27001 certification even though we implement most of the procedures and guidelines. The cost of certification was deemed unnecessary, as I am working for a small technology start-up. If the company wanted to get ISO 27001, they would implement the framework by implementing mandatory records, policies, and practices to become compliant and inviting a third-party accredited auditor to verify. If the company passes the audit, then the ISO 27001 certificate is issued.
There are various benefits that organizations can receive because of complying with business and legal requirements. Whether public or private, organizations must strive to be compliant with ISO 27001. First of all, certification ensures the proper implementation and compliance of proportionate and adequate security control that helps enhance information protection. The ISO 27001 certification contributes to the improvement of a structured structure approach in addressing security issues (Culot et al., 2021). It also improves security measures since it is derived from best practices. ISO 27001 will help identifies a person responsible for every task and adds an advantage to the business since it becomes more productive after stating required information risks and responsibilities. It can help the organization minimize the number of security audits and costs of being audited, which are expensive. It also helps with company image and reputation as a secure company. Last but not least, it can prevent costly fines as it ensures the company took necessary steps to protect customer data and implemented measures for a data breach.
Upon acquiring the ISO certification, the organization can win new business and clients in their competition who does not have the certification. This is an important point as there is a trend of many companies are choosing to be certified, and according to (Disterer, 2013) ISO 27001 certification is gaining adoption in Europe and Asia. Therefore not being certified might handicap a company against competitors who have been certified. It might even preclude bidding if customers like banks and governments require ISO 27001 certification. A company might choose to ignore certifications but will eventually pay but not following best practices and structured approach outlined by ISO 27001 certification, or falling short of competitors because of not being certified or pay significant fines for not implementing legally required security measures that are addressed by ISO 27001.
Need two replies for discussion 1 & 2 of 150 words each post. A substantive post will do at least two of the following: