Global professional services firm with 120,836 employees and $55.4B annual revenue; headquartered in Sydney, Australia; offers penetration testing, red teaming, and security testing services; operates in assurance, tax, advisory, and consulting sectors; competes with Deloitte and KPMG.
ISO 22301: Business Continuity Management
Origin
ISO 22301 was developed and published by the International Organization for Standardization (ISO) in 2012, with a major revision released in 2019. It emerged from the need for a globally recognized standard for business continuity management systems (BCMS), replacing the earlier British standard BS 25999-2. The standard was created to help organizations of all sizes and sectors prepare for, respond to, and recover from disruptive incidents that could threaten their operations.
Industry Value
Note: ISO 22301 is actually a business continuity management certification, not specifically a cybersecurity/IT certification, though IT resilience is often a key component. Organizations value ISO 22301 certification because it demonstrates a systematic approach to identifying potential threats and maintaining critical business functions during disruptions. The certification is particularly important for organizations that must prove operational resilience to clients, regulators, and stakeholders. It provides a competitive advantage by showing commitment to minimizing downtime, protecting revenue streams, and ensuring service delivery even during crises—whether those involve cyber incidents, natural disasters, or other operational disruptions.
ISO/IEC 27001: Information Security Management System Certification
Origin
ISO/IEC 27001 was developed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), first published in 2005 and most recently updated in 2022. It evolved from the British Standard BS 7799, which was created in the 1990s by the UK government and industry experts to address growing information security concerns. The standard was developed to provide organizations with a systematic framework for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS), helping them protect sensitive data in an increasingly digital business environment.
Industry Value and Importance
ISO/IEC 27001 is globally recognized as the gold standard for information security management, valued because it demonstrates an organization's commitment to protecting confidential information through risk-based controls and continuous improvement. The certification is particularly important for organizations handling sensitive data, as it helps them comply with legal and regulatory requirements, win contracts (especially with government entities and large enterprises), and build customer trust. Many industries require or strongly prefer vendors with ISO 27001 certification, as it provides independent verification that appropriate security controls are in place, reducing the risk of data breaches and ensuring business continuity in the face of evolving cybersecurity threats.
- Bank of America
- American International Group
- Chase
- Goldman Sachs
- Prudential Financial
- IBM
- United Technologies
- Ford Motor Co
- Johnson & Johnson
- Caterpillar
- Dell
- Merck
- Exxon
- CIT Group
- Interpublic Group
- Chevron
- Exelon
- Johnson Controls
- Freddie Mac
- American Express
- Allergan
- Cisco Systems
- Thomson Reuters
- OneMain Holdings
- Phillip Morris International
- PNC Financial Services Group
- Xerox
- Walt Disney
- Platform Specialty Products Corporation
- Thermo Fisher Scientific
- Alere Inc.
- Mondelez International
- XL Capital
- 3M Co.
- Acronic Inc.
- Laureate Education
- Inc.
- El Dupont de Nemours
- L3 Technologies
- Schlumberger
- Hertz Global
- Raytheon
- Assurant Inc.
- Ingersoll-Rand
- Ecolab
- Ball Corporation
- Cigna Corporation
- Viacom
- CBS Inc.
- Goodyear Tire
- Endo International