Hot take: ISO standards do not meaningfully matter to me, because an extremely impoverished, unbanked person cannot freely access their contents from a smartphone or library computer.
Therefore, I go out of my way to avoid referring to them or relying on them in anyway.
@soatok ISO standards are behind a fuckin paywall?
jesus christ
They're industrial standards. There's an underlying assumption that you're not going to be able to make use of them without massive amounts of capital equipment, and a further assumption that if you're not able to make use of them, they're probably not very interesting or relevant to you.
Maybe those assumptions are flawed. But they're at least not surprising.
@geoffl @publius @aires @matildalove @soatok You have no need to view the standard. If a product/service complies they can present you a valid certificate.
@emilion @itisiboller @geoffl @publius @aires @matildalove @soatok eh? It isn't up to the auditor to say if the scope is not acceptable. If the business has defined the scope and applicable controls (via a risk management process), then the auditor audits against that. This is why seeing the SoA is important.
The scope is on the cert, but not the controls that have been selected.
Now, the auditor could raise a non-conformity against the risk management process if it was piss-poor.
@puck @itisiboller @geoffl @publius @aires @matildalove @soatok "ISO 27001 Statements of Applicability (SOAs)—a confidential compliance report type—are available upon request."
@puck @itisiboller @geoffl @publius @aires @matildalove @soatok Such as Hetzner. If this is a deal breaker vote with your legs.
Soatok Dreamseeker
Matilda Love
Aires
publius
groff 🇺🇦
Emilion
Martin Boller 
Andrew