- Fritz Jean-Louis, Director Information Security & Compliance, Info-Tech Research Group
- Your customers and potential customers are increasingly demanding assurance that you will meet their information security requirements.
- Responding to these assurance demands requires ever more effort from the security team, which distracts them from their primary mission of protecting the organization.
- Every customer seems to have their own custom security questionnaire they want you to complete, increasing the effort you have to expend to respond to them.
- Your security program can be a differentiator and help win and retain customers.
- Value rank your customers to right-size the level of effort your security team dedicates to responding to questionnaires.
- SOC 2 or ISO 27001 certification can be an important part of your security marketing, but only if you make the right business case.
Impact and Result
- CISOs need to develop a marketing strategy for their information security program.
- Ensure that your security team dedicates the appropriate amount of effort to sales by value ranking your potential customers and aligning efforts to value.
- Develop a business case for SOC 2 or ISO 27001 to determine if certification makes sense for your organization, and to gain support from key stakeholders.
This guided implementation is an eight call advisory process.
Guided Implementation #1 - Manage customer expectations for information security
Call #1 - Understand your customers and their security and privacy drivers.
Call #2 - Build a customer value ranking matrix.
Call #3 - Review options for satisfying customer expectations.
Guided Implementation #2 - Select a certification path
Call #1 - Review certification options and select a path.
Call #2 - Build a certification business case.
Guided Implementation #3 - Obtain and maintain certification
Call #1 - Define scope and controls.
Call #2 - Review auditor selection process.
Call #3 - Review steps to obtain and maintain certification.
After each Info-Tech experience, we ask our members to quantify the real time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this Blueprint, and what our clients have to say.