Mixed bag. ISO27001 when taken seriously and implemented throughout a company that means well and has the resources to do so will at least guarantee some level of process to be present. This then needs to be backed up with actual IT and security knowledge to be effective, and that is more often than not where the problems are.
So as a rule we treat an ISO 27001 certificate not so much as a checkbox item meaning we can skip certain parts of our audit, but as a nice-to-have which may help speed up the interview process because we at least know what terminology to use.
In practice there is too little difference between companies with or without such certification to see it as anything other than a marketing tool.
So as a rule we treat an ISO 27001 certificate not so much as a checkbox item meaning we can skip certain parts of our audit, but as a nice-to-have which may help speed up the interview process because we at least know what terminology to use.
In practice there is too little difference between companies with or without such certification to see it as anything other than a marketing tool.