When The Open Group develops a new standard, we take an end-to-end view of the ecosystem all the way through from customer requirements, developing consensus standards to certification and procurement. We aim to deliver standards that meet a need in the marketplace and then back those up with certification that delivers an assurance about the products or in the case of people certification, their knowledge or skills and experience. We then take regular feedback on our standards, maintain them and evolve them according to marketplace needs.
O-ISM3 can be implemented as a top-down methodology to manage an entire information security program, or it can be deployed more tactically, starting with just a few information security processes. As such, it can deliver value to information security organizations of varying sizes, maturity levels, and in different industries.
The Open Group Conference, San Diego: I’ve found these conferences over the past five years an invaluable venue for meeting and collaborating with CIOs, enterprise architects, standards stewards and thought leaders on enterprise issues. It’s one of the few times when the mix of technology, governance and business interests mingle well for mutual benefit.
Business decision makers aren’t interested in the details, but they want to know important IT decisions being made in their business are in the hands of true professionals. Certification verifies the qualities and skills IT executives have with regards to the effective deployment, implementation and operation of IT solutions.
Supply chain risk needs focus to be able to address the concern. If everything is “a supply chain risk,” then we can’t focus our efforts and hone in on a reasonable, achievable, practical and implementable set of practices that can lead to better supply chain practices for all, and a higher degree of confidence among purchasers.