Call me a dinosaur (that’s OK, since its the weekend and dressed down to work in the garden) but …
Now it may be that some “standard” (such as ISO27001) has a number of clauses and its possible to be in compliance with some and not with others, and so fall into the delusion that you are “82% compliant” with the standard. This gets back to the silliness of exams where you are not expected to be able to answer all the questions and so the pass mark was 65%. In actuality its a recipe for disaster; if you’re only required to have 65% of the items complaint to “pass” then the standard is a joke.
It brings to mind the advert for the disinfectant that “kills 99% of all known germs“. OK, but that remaining 1% is highly deadly and highly infectious.. And then what about the Rumsfeld Class III germs?
No, really, would you let a military expedition or a group of mountaineers attempting to scale Mt Everest with only the “passing grade” – 65% – of the equipment (be if food, ammunition, ropes, insulated clothing, whatever) that they needed?
So there’s this marriage ceremony and the groom only manages to get 65% of the way to the church; is that a passing grade? Ask the bride what she thinks.
No, compliance is binary.
- Job Description for Quality Assurance Compliance (informationassurence.wordpress.com)
- Perils of Social Media and Compliance (arnoldit.com)
- Is ISO 27001 Worthwhile for Your Business? (deurainfosec.com)
- Leading ISO 27001 Roadmap Refreshed – Takes Guesswork Out of Information Security Certification Process (prweb.com)
- Four key benefits of ISO 27001 implementation (iso27001standard.com)
- Is ISO 27001 Right for Your Company? – New On-Demand Webinar Offers Answers from Pivot Point Security – A Champion of the Information Security Standard (prweb.com)