- Fritz Jean-Louis, Director Information Security & Compliance, Info-Tech Research Group
- Your customers and potential customers are increasingly demanding assurance that you will meet their information security requirements.
- Responding to these assurance demands requires ever more effort from the security team, which distracts them from their primary mission of protecting the organization.
- Every customer seems to have their own custom security questionnaire they want you to complete, increasing the effort you have to expend to respond to them.
- Your security program can be a differentiator and help win and retain customers.
- Value rank your customers to right-size the level of effort your security team dedicates to responding to questionnaires.
- SOC 2 or ISO 27001 certification can be an important part of your security marketing, but only if you make the right business case.
Impact and Result
- CISOs need to develop a marketing strategy for their information security program.
- Ensure that your security team dedicates the appropriate amount of effort to sales by value ranking your potential customers and aligning efforts to value.
- Develop a business case for SOC 2 or ISO 27001 to determine if certification makes sense for your organization, and to gain support from key stakeholders.
This guided implementation is an eight call advisory process.
Guided Implementation #1 - Manage customer expectations for information security
Call #1 - Understand your customers and their security and privacy drivers.
Call #2 - Build a customer value ranking matrix.
Call #3 - Review options for satisfying customer expectations.
Guided Implementation #2 - Select a certification path
Call #1 - Review certification options and select a path.
Call #2 - Build a certification business case.
Guided Implementation #3 - Obtain and maintain certification