Cybersecurity Facts¹
- There is a cyber-attack every 39 seconds worldwide.
- Cybersecurity statistics show that the total damage caused by cybercriminals is estimated to have reached $6 trillion in 2022.
- Cybersecurity stats reveal that small firms invest less than $500 on cybersecurity on average.
Who is A2LA and How are We Involved With Cybersecurity?
Established in 1978, A2LA is the only independent, non-profit, internationally recognized accreditation body in the United States that offers a full range of comprehensive accreditation services.
The Federal Risk and Authorization Management Program (FedRAMP) relies on A2LA accreditation to ISO/IEC 17020 as the sole source provider for the qualification of their Third-Party Assessment Organizations (3PAO). The 3PAOs conduct assessments of Cloud Service Providers (CSPs) who host government data. A2LA also has a Cybersecurity Inspection Body (ISO/IEC 17020) program which includes cybersecurity schemes, such as PCI, SOC, and NIST.
Why is Third Party Accreditation Important in the Cybersecurity Field?
Organizations often test and inspect their own products and declare that they meet the standard in a process known as self-declaration. Self-declaration is a common practice in the cybersecurity field, but the lack of impartiality creates a risk to the end users that applicable requirements may not be fully met. A2LA offers third party, expert-led, independent evaluations of cybersecurity assessment organizations. Through these unbiased audits, there is an increased level of confidence in the technical knowledge and capabilities of the assessors. This standardized process leads to greater trust in the results provided by accredited organizations.
Inspection Accountability
Beyond training, what is the process for continual assessment of the competence of inspection agencies? Accreditation is a cyclical process to confirm consistent technical competence within the organization to the relevant ISO standard and program specific requirements. Federal and state governments, as well as private sector organizations, are confident the assessments provided by these accredited organizations are accurate and reliable.
ISO/IEC 17020 Standard
ISO/IEC 17020 provides the standards for the operation of an organization performing inspections. The requirements define and document the competencies needed for all personnel involved in inspection activities. They also address equipment needs, recordkeeping, inspection procedures, management reviews, audits, impartiality, and corrective and preventive actions.
Accreditation is Needed in the Industry
This well-recognized standard should be added to rules governing cybersecurity, to read: Cybersecurity inspection agencies must be accredited to the ISO/IEC 17020 standard. The assessment and accreditation process must be performed by a nonprofit accreditation body that is a signatory to the International Laboratory Accreditation Cooperation (ILAC) Mutual Recognition Arrangement (MRA) operating in conformance with the ISO/IEC 17011 standard.
If you’re ready to earn greater trust in the inspection results provided by your organization, contact A2LA or request a quote today.
¹50+ Alarming Cybersecurity Statistics 2022 Facts and Trends That Users Need to Know. (2022, September 15). Retrieved October 25, 2022, from https://www.enterpriseappstoday.com/stats/cybersecurity-statistics.html