top | item 45455446

(no title)

Grikbdl | 5 months ago

> In theory, being ISO27001 means that you're environment follows best practices and has a somewhat sane security posture.

Nah, it just means you have defined, documented processes and document that you stick to them. They actual processes can be shit and maybe you also have something on the side the auditors don't get shown, but ultimately the certification is a total joke. Source: Worked at a place that got certified despite being a security joke.

discuss

johannes1234321|5 months ago

> ultimately the certification is a total joke.

Yes and no. Even if it is a joke there is one thing it qualifies: You at least spent time looking at the process. This already is a gain over complete wild west.

1oooqooq|5 months ago

that makes absolutely no sense at all.

do you mean you rather be lied to than not be lied to?

quicksilver03|5 months ago

That looks more like SOC2 than ISO-27001 though.

lima|4 months ago

It's the same with ISO27001. A bad actor can always weasel their way through.