In a recent blog, Kevin Townsend, founder of ITsecurity.com, addresses the commonly held misapprehension that an organization is compliant if it is secure. In his article he quotes Lars Davies, CEO of Kalypton as follows:
‘The problem comes from the fact that compliance and security are not commutative,’ he told me. ‘One does not necessarily infer the other. Compliance infers security. Security does not infer compliance… Compliance tells you what you need to achieve. Good security is simply one of a set of components that you need to achieve the goal.’
Information security is necessary but not sufficient for compliance in information management. Undeniable delivers compliance assured and usually does so with nett cost savings.