← Back to all posts

People are your most Valuable Asset. But Data comes in a close runner up.

People are your most Valuable Asset. In our business we sing this from the rooftops – and we passionately believe it! But Data comes in a close runner up. Our world trades in data and it underpins everything we do. Being so valuable, the demand for protecting its integrity is a key priority to organisations.

Just last week I read a story where an AI Agent deleted the entirety of a company’s Data! What? All of it? That headline conjures images of Skynet and the Rise of the Machines! But that’s another story for another day.

This piece is about managing risks and how our increasing dependency of data now ensures managing data security alongside a myriad of other risks is on boardroom agendas across the world.

Cybersecurity breaches, ransomware, and data privacy failures can cause financial loss and reputational damage faster than many traditional operational risks.

I’m certainly not suggesting that more traditional QHSE risks are overshadowed but the risks of data security need at least an equal billing.

To start your defence of data security there are entry level standards, such as the IASME backed Cyber Essentials scheme. Progressing your defence, the globally recognised benchmark for Information security management systems is ISO 27001.  


ISO 27001 certification instils confidence in stakeholders that an organisation manages their information security risk effectively.

But we all know managing the risk is more than getting a certificate for the reception wall. We also know that, (have I said this before?), people are our most valuable asset. So clearly competent and confident people implementing and managing certifications, QHSE or IS, is vital.

Where all practitioners need their management system knowledge and auditor skills, championed by the CQI (Chartered Quality Institute), the demands of managing information security defences require a more specific skillset. Careers in this sector are understood and championed by sector trade bodies like CIISec (Chartered Institute of Information Security).


Combining knowledge of the technical rigours of the information sector and the systems knowledge and skills of auditors create a highly desirable mix. A resource will this skillset will deliver real value to the business from your certifications.

So well trained, confident people, armed with an organisations commitment to managing business risk effectively through their ISO certifications is a rigorous defence. Information security is ever more likely to be near the top of those business risks and presents as an ever-changing villain.

I think my tagline “People are your most Valuable Asset” still holds water.

Why not take a look at our CIISec ISO 27001:2022 Lead Auditor course we have scheduled for the 15-19 June click here for more information or contact us.

by iqms Learning LtdMay 06 2026