November 2019 – Governance, Risk, & Compliance

Difference between Accreditation and Certification

Posted on November 24, 2019November 25, 2019 by Shobhit Mehta

Many people use ‘Accreditation’ and ‘Certification’ interchangeably, but they are not the same. Certification is a technical review that assesses the security mechanisms and evaluates their effectiveness. Accreditation is management’s official acceptance of the information in the certification process findings. For example, if a company is planning to undergo an ISO 27001 certification. The company…

[Before] Third-Party Risk Management

Posted on November 10, 2019November 10, 2019 by Shobhit Mehta

I was going through ISO 27001 and COBIT to understand the Third-Party (or vendors) Risk Management process in detail. And though both the frameworks provide enough guidance on ensuring the proper due diligence on the vendors, I could not find any material on what happens before the vendors are onboard – how does the Information…