“Unlike ISO 17799, however, the SAS 70 is not a "best practices" standard. Instead, it documents the controls in place that satisfy the company's internal control objectives.” This CSO's worldly insights could not be more true.
Implementation of 7799 standards and a comprehensive ISMS provides your organization with a security & privacy governance framework… a one-stop best practices solution for cultural security and privacy issues across the globe. Measuring documented controls across Lines of Business and International Business Units requires a single benchmark. Without a pervasive global information security standard within the organization, employees and management can’t determine if they are improving, or where they are most vulnerable to new threats. Auditors can’t certify if controls are working without a published and well-established set of processes and procedures for checking the validity and evidence of information security.
CSO’s facing a myriad of new Operational Risks are quickly adopting the use of thoroughly tested or proven controls and best practices that span countries and cultures. More importantly, they have also discovered that supply-chain risk extends the reach of their management systems well beyond their own boardroom.