April 13, 2008

How to Market Your Compliance

On any day of the week, at any time of the day, if you were to attempt a Google News (or any other news databank) search of the term “ISO compliance,” you will probably find at least one or two press releases from companies announcing their adherence to this international security standard.

Which suggests a question – if this many companies have announced their compliance, how many more companies have also brought their business practices in line with the ISO standard, and neglected to publicize their status?

More importantly, how many companies have chosen to ignore ISO altogether?

Compliance with the ISO data security standard is voluntary – unlike PCI and PABP, there are
no threats of million dollar fines or sending your CEO to Sing Sing to motivate the
IT department into action. But if your company has elected to use ISO as a governing
framework for information security regulatory compliance, why keep that news to yourself?

Every business that uses a computer to store or transmit information must create a framework
for compliance that satisfies an ever-growing number of security regulations. From
retail and finance to healthcare and education, companies in virtually every industry
are subject to multiple regulatory mandates. Their customers may assume that some
measures have been taken to assure secure transactions, even if they aren’t aware
of the specifics.

A press release, perhaps followed by a direct mail piece or an email notification, tells your customers, as well as your vendors and corporate partners, that their privacy and security are taken seriously, even if they wouldn’t know ISO from the USO.

No need to quote chapter and verse from the ISO guidebook, or list the security domains for which the standard provides best practices. It’s best to keep the announcement short and to the point:

1. We’ve selected ISO as a guideline for developing organizational security standards and effective security management practices.

2. We’ve taken the necessary steps, and devoted the necessary resources, to achieving ISO compliance.

3. Following this process, we have received acertified assessment of compliance to all appropriate ISO security standards. This certificate demonstrates the existence of a best practice-based information security infrastructure, and guarantees data confidentiality, authenticity, and integrity.

While this is not the type of press release that will likely make the newspaper or the business magazines, it will be noticed by anyone scanning the online business news at such sites at PRWeb and PRNewswire, and should also be available on your company website.

These days, everyone is concerned about data breaches and the security of their information. So it is wise to take advantage of every opportunity to tell the world that security is a critical component in your company infrastructure. If the press release provides a potential client with one more reason to select your company over your competition, it has done its job.