Author: Gary Hibberd
Date: 16th February 2021
Were you ever in the Boy Scouts or Girl Guide? How long were you in, and how many badges did you collect? Is it all about the badges? Of course not.
Badges are great, of course. They are a visible representation that you’ve participated in a particular challenge or activity that has helped you grow and demonstrate knowledge and experience attained through practice and application. There are badges for just about everything. From “Artist Activity” to “Water Activities”, there’s a badge to demonstrate skills and knowledge obtained over time.
Badges are everywhere, even in the army. Medals and accolades are bestowed upon people who have demonstrated great courage and applied wisdom and knowledge to overcome adversity. From the ‘stripes’ worn by the lower ranks to the Major Generals’ epaulettes, we look for indications of knowledge, skill and experience.
Accreditations – Earning your Stripes
In business, these accolades and badges are no less important. You could argue they are more critical, as we strive to identify suppliers and partners who can help us achieve our goals and objectives. Accreditations exist to give us a fighting chance to determine who to listen to, and who to ignore.
Taking Cyberfort as an example, we have achieved standards such as ISO 27001 (Information Security), Cyber Essentials Plus, ISO 9001 (Quality Management), and PCI DSS (Payment Card Industry Data Security Standard). Alongside this, our technical Penetration Testing teams are CREST and CHECK level testers.
It’s fair to say; we’ve got a few badges. But we’re not just badge collectors. We believe in the importance of clearly demonstrating to our clients the difference between Cyberfort and our competitors. This is why we invest so heavily in obtaining and retaining these certifications and awards.
Why is this important for you?
If you’re looking for a partner, then chances are you’re looking for one that knows what they’re doing. But in this increasingly complex world, how are you going to know what to look out for?
You’re looking for the badges they wear, and the accreditations and awards they have been won.
Suppose you, yourself are looking for a partner or new supplier. In that case, you should be asking about their accreditations and awards as it will give you some indication about the companies knowledge, skill and expertise in the chosen field that you need services. I can’t speak for all industries and sectors, as there are too many to mention. Still, generally speaking, these are the questions you should be asking of any current or future supplier, irrespective of what they do for you (Accountants to Web services).
- What International Standards do you hold? (e.g. ISO9001, ISO27001 etc)
- What is the scope of the accreditation or what does it cover? *
- Who are you accredited by?
- What other certifications and awards do you and your team have?
- Can you see a copy of their certificates?
It’s essential to ask about the ‘scope’ of the accreditation because some organisations will seek to be accredited for only a small part of their business, which could be misleading to you. I’m sure they don’t do it on purpose(!), but I have, for example, seen Data Centres claim to be PCI DSS certified. However, when you ask what the scope is or what the certification covers, you may found only 4 of the 12 areas are covered (that’s like “half-a-badge” if you were in the Scouts, and that’s not much use to anyone).
Companies that have attained ISO standards, awards and accreditations quite rightly should shout about them. They are not easy to obtain, and they are not easy to maintain. As a consumer, they give you the confidence that the business you’re working with has made this investment in demonstrating their credibility. There is a cost in keeping a high level of demonstrable compliance, and not allowing your standards to slip is key to retaining your ‘badges’ (for example there is an external audit you have to go through on an annual basis).
If you’re looking for a new supplier, ask them the questions above and see what response you get back. For some suppliers, you may not be interested. It depends upon the level of assurance you need. Accreditations and awards give you the confidence that the business you’re dealing with can be trust, and that they will always be there when you need them.
If you’re a supplier of services, and you’re looking to grow your business and be seen as different in the market place, then maybe now is the time to look a little closer at those accreditations? After all, if you’re not prepared to take these matters seriously, perhaps your customers will start asking you some difficult questions? Are you ready for this?
As the Boy Scouts motto goes; We should all “Be Prepared”.
Cyberfort Deep Dives
Cyberfort’s cybersecurity consultants explore issues in cyber threat intelligence, incident planning and data security. Read our whitepapers to help make decisions that benefit your business.
Find out more >