I almost missed it! Earlier this month, I noted that over 2,800 organizations had been certified compliant with ISO 27001 or the equivalent national standards. Well, the number has just crept over 3,000 mark and seems to be increasing exponentially (I really ought to graph it at some point). It's no secret that I've been an ardent fan of BS 7799 and the standards it has spawned for well over a decade, since before it even became a British Standard. I've been predicting for years that it would take off, rather like the ISO 9000 series quality assurance standards did. Well, we're still on the up-curve but all the signs are positive. I reckon, before too long, we'll start to see organizations compelling their first tier suppliers to confirm their ISO 27001 certifications as a condition of bidding for information security-relevant products and services ... and they in turn will conmfront the second tier ... and soon it will be a basic condition of entry into certain markets. "The military" and government departments will probably lead the way, closely followed by financial and information services companies.
More on the ISO 27000-series standards here