Given ISO 9001:2015, we see new emphasis on executive involvement, who may even be the Chief Risk Officer (CRO) someone with lots of experience, most probably in IT, operations, legal or accounting.

Now let’s look at IT side of the risk business, where the CRO will need allies who grew up in computer science or something similar (philosophy?).  Since IT is integral to all processes and project, we think that this is where we think most risks will reside.  The CRO’s best friend may be the CEH, the Certified Ethical Hacker. Continue reading →