— Procesje (@Procesje) February 17, 2014
Nicely summing up a widespread complaint. E.g., against ISO 2700x. One should be forbidden to call those ‘Best’, as they are average, at best.
Because they’re adopted by the ones with no imagination of their own so implementations will fall short of average, thus in mass lowering the average even further.
And Best has never been Best in the first place. ‘tWas a compromise, as it had to cover so much, over so many contributors at its inception already. Remember, BS7799 ..!? And on and on in review rounds, committees decided over changes. A camel is a horse designed by a committee. And it all had to be applicable to as many industries as you can dream up. Another flattener par excellence. Standards work, where there is little variation required. Here, much variation, tailoring to each and every implementation over and over again, is a prerequisite for any success. I might continue.
Luckily for you, the new ISO27001:2013 of last October, is a huge improvement…. To the panic of the knights of busywork, one cannot anymore rely on following the herd as described, prescribed, because, at last, the prescription tends to Use Your Own Brain. Principle-based at last ..! For some elements. Tuning required, not by the (C)ISO (office) (only), but by the Business itself. Oh dear! The implementation efforts… Consultants’ dreams.
Well, get the lowdown of this, from experts [disclaimer: don’t own anything of them]. Just wanted to post the tweet and my take on it.