A "Defensible Standard of Care" is a hot topic these days around the Board of Directors Audit Committee conference table. Information Security standards are consistently being discussed by the CIO and CSO in the context of compliance. So where is the nexus? Why is it so critical to enabling the enterprise business resilience of a global institution?
The answers lie in the fundamental understanding that the Board of Directors and the "C" Suite are both working towards the same focal point. Their motive is almost identical. To be able to provide the evidence and the testimony that keeps their integrity and reputation intact. The ISO 27001 controls addresses this directly:
Clause A.15.1 Compliance with legal requirements
Objective: To avoid breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements.
