About a year ago, a prospective customer said to me:
“You know, Mr. Neeff, everything we need for our ISO 27001 ISMS documentation is now available for free on the internet. And I’ll do the rest with ChatGPT.”
I love statements like that because I know exactly how much substance there is behind them.
Namely, NONE.
Anyone who says something like that considers an ISMS to be a paper tiger that brings no real added value. Sometimes this opinion is even confirmed.
By poorly qualified auditors who actually issue a certificate for an “on paper it works” ISMS.
The phrase often heard afterwards:
“Look, we’re certified – everything’s fine!”
And sometimes reality catches up with such loudmouths.
That’s exactly what happened in this case.
The auditor who originally issued the certificate was no longer available due to age. His successor quickly tore apart the ISMS, which had been cobbled together from the internet.
Shortly thereafter, my phone rang:
They were in danger of losing their certificate… could we “quickly” create some “proper documentation”?
We can’t. We don’t want to.
We can’t. We don’t want to.
We do things out of conviction.
And nothing has changed in that regard in the year since our first conversation.
So I had to refer the gentleman to ChatGPT. Because, as mentioned above, it can supposedly take care of “the rest.” Nevertheless, I told the prospective customer that we would of course be available if he wanted to pursue the matter seriously.
If ChatGPT is supposed to take care of “the rest” – good luck.
If you want real information security, get in touch with me.
Tags
Share post
Thomas Neeff
Thomas Neeff