This is an automated archive.
The original was posted on /r/sysadmin by /u/BlackSquirrel05 on 2024-01-22 19:45:43+00:00.
I'm just wondering...
Boss for some reason all of a sudden wants to be ISO 27001 compliant... Thinks a place with no existing compliance dept, and just a handful of admins and engineers (One sec guy. Ahem) Can just be ISO compliant by... August for a medium size business... that's global. (Never mind a few other major projects that take months to work out during this time.)
I don't see the real benefit, and already if I point out how plenty of things are not ISO compliant (Cough Cough now wanting to just spin up some random shit in the cloud because... because... With no planning is for sure no ISO compliant with "just make local admins".)
So who here's business/gov't refuses to also do business with non-ISO compliant places?
Because well seems like a lot of man hours and money for what's looking to be just a dog and pony show... To say were doing it, but in reality just really gonna lie about it once we get into the nitty gritty.
Which then just makes me think... How many places are in fact just lying their asses off on said audits?
/quesrant