ISO certifications (specifically ISO 27001, ISO 27017, ISO 27018, & ISO 27701) are internationally recognized specifications for Information Security Management and even Privacy. These certifications provide a framework on how to manage and secure data and safeguard privacy with extensions such as ISO 27701.
To put it simply, these certifications provide assurance to your customers that a third party has independently verified that your company’s internal privacy program or security framework meets aligned industry standards.
Getting ISO certifications can be extremely expensive and time-consuming. So today let’s discuss the answer to the obvious question: Is all the time and effort to get certified worth it?
Many argue that a certification alone doesn’t prove a good security or privacy posture, but we think it is one important evidence in showing exactly that. Having an ISO certification doesn’t mean an organization won’t have a data breach, but it tells you that they’re committed in how they manage security and privacy and that they have a budget for it set aside.
Because we’re confident that security certifications mean a company is more invested in protecting customer data, having these certifications mean that their Ubiscore (privacy score) increases. Ubiscore automatically detects if an organization’s vendors provide these certifications and provides links to the evidence. Please note that Ubiscore also considers additional factors besides just security and privacy certifications when determining a final score. Again, a certification alone is not enough to prove organizational maturity but it is an important indicator.
Let’s look at an example of an organization that’s a great role model when it comes to privacy. On the Microsoft website, it says:
“At Microsoft, we value, protect, and defend privacy. We believe in transparency, so that people and organizations can control their data and have meaningful choices in how it is used. We empower and defend the privacy choices of every person who uses our products and services.”
Sounds great, right? The caveat is that any organization could have fancy copywriting like that on their website. It’s almost meaningless without any proof to back it up. Just because you read something on the Internet doesn’t mean it’s always true!
However, our platform can easily scour the web to find many links that prove Microsoft really does care about privacy protection. Just check out all the impressive Microsoft security certifications that Ubiscore was able to find in seconds below:
These certificates don’t just prove that an organization is committed to protecting privacy—they also prove that an organization keeps their risk programs up to date, since these certificates need to be “re-audited” and “re-certified” regularly to maintain the best cybersecurity practices. Not every organization provides these certificates, but the more transparency the better. Check out another good example from Amazon Web Services here:
If you want to test out your own vendor audit skills, why don’t you go back to that link in December? Will you be able to find an updated ISO 27001 certificate for AWS? As you probably saw for yourself the certificate is very close to the xpiration data as of writing this article.
Any company like Microsoft or Amazon that scores high in data protection is qualified to earn another certificate from us called UBICERT. UBICERT is still in beta and not an international standard/ISO. But its purpose is to help organizations have another objective trust metric. Think of it like a credit score (only for privacy) that will help organizations gain confidence from their customers and partners.
In short, both our Ubiscore and ISO certifications have lots of compelling advantages for your company, customers, and business growth, including:
- Showing you are committed to protecting customer data
- Showing you comply with privacy rules and regulations
- Helping you improve overall security posture and business processes
- Avoiding costly data breaches
- Sending positive signals to investors and shareholders
- Enhancing your brand reputation and winning new customers!
So, to answer the question of whether getting certified is worth it: yes 100%, we absolutely think so!
If you’re curious about your company’s Ubiscore and want to see links to any security certifications we can detect, be sure to get your free privacy score at the link below!
Test your company’s privacy practices, CLICK HERE to receive your instant privacy score now!