Table Of Contents:
Then think of what never happens. There’s never been an embarrassing Santa PLC (Present Loving Claus) data leak. He never has supplier issues or reindeer breakdowns. He’s never had any big, public infosec failures. Everything always goes like clockwork.
Which makes us think that he must run a very tight ship indeed.
As part of that, he must have a fantastic (Santastic?) information security management system, or ISMS. We wondered if he’d be up for an interview, but it’s his busiest time of year. So instead, here’s a few best guesses from us on how Santa runs his ISMS.
Santa the information manager
Santa’s well known for keeping a comprehensive list of who’s been good and who hasn’t. So his ISMS is probably complemented by a Privacy Information Management System, or PIMS, to make sure he’s protecting all the Personally Identifiable Information he gathers.
Managing and sharing other kinds of information will probably be equally crucial. He must have strong weather forecast links. And his helpers will be in touch with airport control towers and military radar installations worldwide as he moves through different airspaces.
Most of their contact details will be confidential. Some will probably be top secret. His ISMS will make sure that information’s carefully secured. And it’ll make sure only the right elves, with the right clearances, can access it. It’ll probably lay out when they can access it too.
Safeguarding privacy information’s becoming more and more important. That’s why so many organisations are creating a PIMS to run alongside their ISMS.
Santa the warehousing guru
Santa must have a very substantial North Pole toys, games and other fun goods warehouse and distribution centre, perhaps with regional storage centres where he can stop and reload during the night. And he’ll need to keep careful track of all the goods he’s storing.
His record shows he’s very, very good at it. We suspect even Jeff Bezos is in awe of his distribution operation. And his ISMS will help set the parameters of his stock database. His data elves probably run it on classic confidentiality, integrity, availability, or CIA, principles.
It’ll keep all the important data (who each present is for, how good they’ve been, etc) confidential. It’ll maintain integrity at all times, so it always accurately records what’s in stock. And it’ll always be available when needed. Imagine the chaos if it crashed on Christmas Eve!
Santa the seasonal employer
We think the Santa organisation runs with a skeleton workforce for most of the year, then grows massively ready for Christmas. Elves flock to his North Pole base, while human brand representatives don the Santa mantle in shopping malls and leisure facilities worldwide.
His ISMS elves will need to make sure all those seasonal workers are aware of his infosec policies. And they’ve got to present that information in the right way. Nobody will read a fifty page security guide if they’re just doing a couple of shifts as a supermarket elf.
Some of those workers will return year after year. They’ll be confident they already know it all. They’ll probably need a separate re-induction track, updating them on what’s new without wasting everyone’s time telling them what they already know.
That’s the kind of resource management challenge a well-run ISMS will help you get ready for. You’ll work out who needs to know what and how you’ll make sure they know it well in advance.
Santa’s ISMS audit challenges
At the very least, we think Santa’s operation will be ISO 27001 certified. He probably maintains other certifications too. So he’ll need regular audits from a properly accredited certification body. Ideally, they should have experience of organisations like his.
Of course, there’s nobody quite like him! So finding the right auditors is the first challenge he’ll face. But given how smoothly his organisation runs, we think it’s one he overcame years ago. If we ever get to interview him, we’ll ask him about it.
Then there are the audits themselves. His auditors will combine visits to his main site with checks on his local operations. But his customer base and geographical reach are both huge. They’ll need a big, carefully managed team to audit him. It’ll be a pricey process.
Finding the right auditors is a very important part of the ISO 27001 certification process. It’s something we’re always happy to help our customers with.
Santa’s long-term goals (financial and otherwise)
We don’t know how Santa finances his operation. Nobody does. And that’s just as it should be. When you’re given a present, you don’t ask how much it cost. That’s the rudest response imaginable. It’s just not what Santa Claus is about.
That resonates with ISO 27001. The standard doesn’t mention financials either. Following it will protect your bottom line and help you win new business, but that’s a by-product. It’s not really there to protect your money. ISO 27001 exists to help you safeguard your information.
And it’s there for the long term. Following it will protect you repeatedly, consistently and perfectly. That’s just like Santa too. He began delivering presents long before any of us were around and he’ll be at it for centuries to come, repeatedly, consistently and perfectly.
We focus on helping our customers achieve infosec security, with certainty. And our platform will help your organisation stay secure for the long term.
Season’s greetings from all of us
So that’s our stocking full of infosec. We hope it’s helped you understand just how infosec-savvy Santa must be. And hopefully it’s given you some ideas for boosting your own organisation’s security, all year round.
We’ll be kicking off the New Year with some posts on how to start doing that. In the meantime, we’d like to wish you a very Happy Christmas indeed! All the very best for the rest of the festive season, from all of us at ISMS.online.