Dropsafe

by Alec Muffett

WANT: UK #ISO27001 ISMS certification body who understands tech startup culture? #SiliconRoundabout

The shopping list of potential assessors is at UKAS, but amongst those I would like to engage one which understands:

  • What AWS and EC2 are.
  • What a VPN does.
  • That SSL mostly-protects usernames and passwords from passing over the wire in the clear.
  • That developers use laptops not desktops.
  • That nobody has an office.
  • That documentation lives on a Wiki.
  • That phonecalls are invariably via Skype.
  • That nobody uses Windows.
  • That nobody uses Word.
  • That useful antimalware on Macintosh is a thorny question.
  • And moreso on Linux.

…and a pile of stuff which everyone I nowadays work with seems to take for granted.

Has anyone experience of such hipster cluefulness amongst assessors, please?

Comments

4 responses to “WANT: UK #ISO27001 ISMS certification body who understands tech startup culture? #SiliconRoundabout”

  1. Ben

    Also required: tech bloggers who understand that SOME developers work in an office, use SharePoint, other IP telephony solutions (including land-lines), use Windows, Word and just wish they could use Macintosh or Linux at work (but Solaris will do for now).

    Get a clue Alec; not everyone works like you, nor does everyone work like me. And just because they don’t work like you, doesn’t make them lesser or clueless developers.

    I’m getting tired of the assumption that ‘hipster cluefulness’ is the only way to have value in IT.

    Reply
    1. alecm

      Seems like I struck a nerve. Living in a cubicle, Ben? I spent 17 years in Sun, so I know what it is like.

      And now I don’t do that, and I have a need for someone who understands.

      Most of the 27001 brigade whom I have met are straight out of the mainframe era, and have a related mindset.

      Key questions include “how do you manage printout” – which is relevant, yes, but nowadays less so than the authentication on the cloud-hosted Git repo.

      Reply
  2. Ben

    No, thankfully I’ve never been stuck in a cube-farm. I have a desk in a reasonably nice open plan office (with sensible head-phones rules and decent co-workers).

    My point (and probably your’s too) is that there are too many assumptions being made about what defines ‘developer’ and ‘sensible/effective working practises’. And it appears that all sides of the ‘debate’ suffer from a certain level of ‘my way is the only way’-syndrome.

    Reply
  3. Dave Walker

    Been there :-).

    I’ve not done 27001 certification (it seems to be OK maintaining 27001 compliant documentation and practices without the certification overhead, provided you’re OK with pasting a ton of boilerplate on every proposal), but an idea I haven’t tested would be to look for folk on http://www.iasme.co.uk/ and then see if they also do standard 27001.

    If you try this route, I’d be interested to hear how you get on.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts