Re: Provider Accreditations: Do They Matter?
Thanks for this, Andrew. The maligning of Accreditationsm, Certifications, and Awards alike are an oft-mentioned topic... but at the same time, they're also typically mentioned off-hand (''they're board certified, but we all know that doesn't mean anything"), without any deeper delving into the topic. It's much appreciated to get a chance to clear the air on the matter for a change - and the fact that we already see some dissenting opinions here in the comments is proof enough that it's a topic worth discussing.
For what it's worth, I agree with you, Andrew. The truth is, that accreditation could be provided by anyone - and if you're dealing with fast-talkers, you may not even catch the providing organizations name. It's the old issue of 'who watches the watchers?'; there's no governance in place to assure high-quality or at least uniform guidelines... and even when there is, there's nothing to enforce people following them. So, no, a security accreditation doesn't mean that somebody has good security. It doesn't even truly mean they put all that much time into making sure it looks like they have good security. It does mean that some third party, someone, somewhere walked through their building and said 'yeah, this looks okay'. So accreditations are better than nothing, if only by a little bit.