Use Team Concepts

It is important that the IWC ISSO understand that IWC's CIAPP is a company program. To be successful, the ISSO cannot operate independently, but as a team leader, with a team of others who also have a vested interest in the protection of the company's information and information systems.

It is important to remember that if the CIAPP and/or InfoSec functions are divided among two or more organizations (e.g., other asset protection such as physical security of hardware under the Security Department), there will naturally be a tendency for less communication and coordination. The ISSO must be sensitive to this division of functions and must ensure that even more communication and coordination occurs between all the departments concerned.

The CIAPP must be sold to the management and staff of IWC. If it is presented as a law that must be followed or else, then it will be doomed to failure. The ISSO will never have enough staff to monitor everyone all the time, and that's what will be needed. For as soon as the ISSO's back is turned, the employees will go back to doing it the way they want to do it. Everyone must do it the "right CIAPP way" because they know it is the best way and in their own interests, as well as in the interest of IWC.

In IWC, as in many companies today, success can only be achieved through continuous interdepartmental communication and cooperation, and through forming specialists from various organizations into integrated project teams to solve company problems. The ISSO should keep that in mind. Teaming and success go together in today's modern corporation.