Last week I ran the RMIA’s online Enterprise Risk Management course. We had a great bunch of students, and at the end I asked each of them to think of 3 actions they would take away to implement after the course. To hold them accountable I paired them up and asked them to meet up with their “buddy” to report on their progress.
It is known that when you are held accountable for an action you are more likely to complete it.
In a similar way, ISO standards hold companies accountable for managing risks in areas that the business knows are important to them and where otherwise these risks may be overlooked or ignored when day-to-day demands constantly take priority.
Like an Accountability Buddy
The certification process for ISO standards becomes the business accountability buddy. A timeline for certification becomes the line in the sand, the standard helps you prepare to cross that line, and the annual surveillance activity helps you stay on the right side of it.
#ISO27001, #ISO9001, #ISO45001 and the like are voluntary standards. That means there is no one enforcing a company to follow them. However, as businesses mature, managers see the value in knowing that if the company meets the international standard, then they are managing the related risk properly. Think quality or health & safety, for example.
The one getting a lot of attention at the moment is ISO27001 for Information Security, Cybersecurity and Privacy Protection. With one cybercrime reported every 7 minutes in Australia, it makes sense that organisations are wanting to improve their systems for managing security of their information.
Does your company have accountability buddies to manage your big risks?