About a year ago, a prospective customer said to me:
“You know, Mr. Neeff, everything we need for our ISO 27001 ISMS documentation is now available for free on the internet. And I’ll do the rest with ChatGPT.”

I love statements like that because I know exactly how much substance there is behind them.

Namely, NONE.

Anyone who says something like that considers an ISMS to be a paper tiger that brings no real added value. Sometimes this opinion is even confirmed.
By poorly qualified auditors who actually issue a certificate for an “on paper it works” ISMS.

The phrase often heard afterwards:
“Look, we’re certified – everything’s fine!”

And sometimes reality catches up with such loudmouths.
That’s exactly what happened in this case.

The auditor who originally issued the certificate was no longer available due to age. His successor quickly tore apart the ISMS, which had been cobbled together from the internet.
Shortly thereafter, my phone rang:

They were in danger of losing their certificate… could we “quickly” create some “proper documentation”?
We can’t. We don’t want to.

We can’t. We don’t want to.
We do things out of conviction.

And nothing has changed in that regard in the year since our first conversation.
So I had to refer the gentleman to ChatGPT. Because, as mentioned above, it can supposedly take care of “the rest.” Nevertheless, I told the prospective customer that we would of course be available if he wanted to pursue the matter seriously.

If ChatGPT is supposed to take care of “the rest” – good luck.
If you want real information security, get in touch with me.

Tags

Share post

More articles

The following report is so unbelievable that it could have come from the famous Paulaner garden – if I hadn’t known the person concerned for over 10 years. That’s how I know that what I’ve...
If we closely review the ISO 27001:2013 standard or the draft of the new 27001:2022, we see that the terms penetration testing and vulnerability scanning are not explicitly mentioned either as requirements or as a...
I hear this phrase more often than I’d like during initial consultations. And it highlights the exact problem: Most CEOs are familiar with ISO 27001—but don’t understand what it could really mean for their company....