Hm, how come so many organisations rely on certification – by means of electronic certificates; the other kind is mindbogglingly empty paperwork – and don’t have a clue ..?
Deeper of course is the ‘problem’ that here we have a quite important piece of the ‘security’ (note the ”) puzzle, but one that is buried deep, very deep in technology. For most. And hence is out of view. But when there’s so much talk lately (for years, decades on end already – eras in Internettime) of (info)’security’ having to come aboard in Boards and this haven’t happened almost everywhere, we now see why (?): Infosec can, partially, be ‘solved’ way out of view. Like security around electricity. As already outlined long ago.
But, to conclude, it’s an And-And thing all the way throughout the organisation. One can dream, can’t one?
[If you immediately thought of Asley Madison, that’s your dirty mind …!]