> There are companies in certain developing countries who will skirt the rules on providing consulting and auditing/monitoring to the same company.
Welcome to my live :) We 'hired' these experts since they came up with the lowest price offer for our certification. I have been through many certifications in the past, this was one was the most... shameful.
Pathetic grasp of English, IT in general and security controls specifically. We passed that in absolutely zero time, if you exclude the time spend having lunch and 'discussions' about the interpretation of the requirements.
This was PCI BTW.
Next was the local healthcare certification, done by an international auditing firm. Possibly even worst. Total paper tiger exercise. Total lack of understanding of current security standards. Nice ties & suits though and even better lunches to discuss (you guessed it) the interpretation of the requirements.
I get why these guys get the jobs: they know the right people and look the part. But boy, would it not be nice if experts could do these jobs.
Welcome to my live :) We 'hired' these experts since they came up with the lowest price offer for our certification. I have been through many certifications in the past, this was one was the most... shameful.
Pathetic grasp of English, IT in general and security controls specifically. We passed that in absolutely zero time, if you exclude the time spend having lunch and 'discussions' about the interpretation of the requirements.
This was PCI BTW.
Next was the local healthcare certification, done by an international auditing firm. Possibly even worst. Total paper tiger exercise. Total lack of understanding of current security standards. Nice ties & suits though and even better lunches to discuss (you guessed it) the interpretation of the requirements.
I get why these guys get the jobs: they know the right people and look the part. But boy, would it not be nice if experts could do these jobs.