A Framework Is a Foundation
- When you adopt a framework, you’re walking a road that many have walked before you, and they have all shared their experience.
- Frameworks help clients interpret the results of third-party assessments. If an assessment finds a compliance deviation, the client can decide whether that deviation has any material impact for it.
- By serving as a security benchmark, the framework also provides a way to measure how secure the organization actually is.
“The framework is a benchmark in which the direction is clear, even if you make judgements about how to follow it.”
As the chief information security officer for Group IT covering Capgemini’s Asia Pacific region, Kalpesh Doshi oversees the security of internal infrastructure, internal applications, and client deliverables, which includes ensuring that the deliverables are fully compliant. Part of this work involves tracking security certifications. “We use ISO 27001 for information security and the ISO 22301 framework for business continuity,” says Doshi.