Listen to this article
* – This article has been archived and is no longer updated by our editorial team –
Below is our recent interview with John DiMaria, Global Product Champion for Information Security and Business Continuity at BSI Group:
Q: Could you provide our readers with a brief introduction to BSI?
A: BSI (British Standards Institution) is the oldest and largest standards body in the world and co-founders of the ISO. BSI equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. From assessment, certification and training to software solutions, advisory services and supply chain intelligence, BSI provides the full solution to facilitate business improvement and help clients drive performance, manage risk and grow sustainably. BSI’s influence spans across virtually every industry sector around the globe which includes Aerospace, Automotive, Built Environment, Food, Retail, Healthcare, and all businesses related to IT.
Q: You’ve recently announced NIST Cybersecurity Framework Certification; could you tell us something more?
A: BSI’s program is an organizational certification. We have been working on this certification program for years, having first proposed the idea at a NIST workshop on the framework in April 2016, which drew strong support from industry and other participants at the meeting. The Cybersecurity Framework certification is a result of three years of data and industry feedback that included two presentations at NIST workshops and a formal public RFI. The CSF is not meant to be a standalone framework but should be used in conjunction with a security program that is already in place. The BSI certification integrates NIST CSF with ISO/IEC 27001 certification and validates the wider information security program, facilitating the organization’s comprehensive risk management system and communication.
Recommended: Morgan Hill Partners – Innovative Business Partner For Technology And Tech-Enabled Companies
Q: What does the NIST CSF certification program offer to organizations?
A: The issue of framework use was discussed at a NIST advisory committee meeting in March, during which Government Accountability Office researchers reported on how the voluntary nature of the framework makes measuring its use challenging. BSI certification will weigh in on longstanding questions of measuring cyber framework effectiveness and is one step closer to developing international harmonization. The CSF certification offers an approach to demonstrate compliance and effectiveness, thus providing one path of accountability industry can adopt, negating the need for burdensome regulation that regulators have been debating over the last couple of months. As a third-party independent certification program, NIST CSF Certification will allow organizations and companies to demonstrate compliance with ISO 27001 and having achieved at least “tier 3” of the NIST framework’s four tiers of implementation, among other measures making the certification acceptable internationally. We will also be launching a training course on framework use and integration with ISO 27001 standards in the coming months.
Q: What is unique about BSI and how does it stand out from competition?
A: For over 100 years we have driven best practice in businesses around the world, with over 80 offices in more than 30 countries. BSI has been at the forefront of information security from the introduction of the first information security standard in 1995. With our work with NIST and, subsequently, developing the CSF certification program, BSI continues to play a leading role creating standards for data governance and information security. We’ve been involved in its development and the ISO technical committee ever since. BSI is also the co-author of CSA(Cloud Security Alliance) STAR certification for cloud service providers. We use our knowledge and expertise to ensure our delivery teams are the best trained in the industry to deliver training and audits against leading international standards in the information security arena. The BSI brand is known all over the world with over 100 years of rich history and integrity. It is truly considered a stamp of excellence. This is not just part of what we do (like many organizations) this is ALL that we do. When you are certified by BSI you are dealing with the authors of the standards and are truly passionate about what they stand for, not just an organization that hangs a shingle to profit from them. By being a Royal Charter Company, BSI defines its commitment to improving businesses and contributing to sustainability around the world. As a not-profit, distribution organization, every dollar is invested back into the business to ensure continued improvement and maintaining our high quality of services and integrity.
Q: What are your plans for next four months?
A: Over the next several months, we will be responding to the incredible amount of interest in the program, completing applications and delivering the first round of program assessments. Training courses are being finalized, as well as informational webinars. It is expected that we will be presenting a case study with one of the first certified companies at the NIST workshop in September.
Activate Social Media:
