"For Best View, Please Open this Website on Laptop / Desktop Or Mobile"

10 April 2014 / Others

Terrorist Outfit Seeks ISO 27001:2013 certification

Application Controls Audit


I generally write long and boring stuff about obscure standards and esoteric practices. Sometimes, I do get bored of this and want to write some fiction. I tried to be Sir Arthur Conan Doyle here. This post is my attempt at faking a news report! TORA BORA: An infamous terrorist outfit has decided to implement and get certified on ISO 27001:2013 as information related to critical projects it undertakes keep getting leaked to outsiders. “Over the last two years, all of our confidential project information seems to be getting into the hands of the police and unsavoury agencies. This leads to large losses. We have decided to protect all project related information and the best way to do this seems to be to get certified on ISO 27001:2013. Plus, we really got a good deal.”, a person close to the deal mentioned on condition of anonymity. The work has already started in full swing with one of leading consulting organisation sending its team onsite to define the scope of ISO 27001. The elated sales representative who was responsible for the deal spoke to our correspondent, “We have won this engagement over some stiff competition. Our loose ethics coupled with some of our senior partners having extensive experience in the area of guns swung the deal in our favour”, he said, adding that “We have now started touting this business vertical as our expertise, because, clearly, no other consulting organisation can boast of this kind of experience now. Also, we have taken this project up as a loss-leader. Our only incentive was not being shot between the eyes. We hope to make boatloads of money from other terrorist outfits citing this as a use-case scenario. I hope to receive a hefty bonus for opening up a new vertical for my company.” The project manager who has been assigned to this project, clearly worried, agreed to speak to our correspondent. “ We are having some difficulty in defining the scope of the organisation. While the information leaks from so-called sleeper cells, they are outside the scope of our engagement as the information is too confidential to be shared even with us. Hence, we are going to certify the home of the outfit leader and hope that it will solve all the problems the terrorist outfit faces. We have however recommended that they should look at all sleeper cells as stage two of this engagement.” Meanwhile, the consultants deployed on ground by the project manager seem to be at a loss as they are unable to identify the key people with whom to conduct interviews. One of them escaped certain death by diving to the ground. It is believed that the situation got out of hand when he tried to ask an operative about documented operating procedures for using firearms. “We are facing problems as defining the geographical boundaries has not yet happened. We receive vague answers whenever we ask this question to the senior team. Some of them have told us to put the entire mountain range as a part of the scope. This, we think, will not be a prudent idea as it will increase the number of man days we have to spend onsite considerably.”, a consultant said. The certification bodies who have been retained for this engagement have insisted on having a valid address and are not willing to accept a mountain range as the address. They say that they have to print it on the certificate and if they go ahead and print the mountain range, it will only make them appear stupid. Our war and ISO 27001 correspondent will be covering this news from on the ground and will provide you regular updates.