Quiz Entry - updated: 2026.07.14
Why does information-security auditing and certification matter — what three motivations drove the major regulations behind it?
Audits exist to avoid financial mismanagement (protecting investors), to prevent health damage (protecting patients/consumers), and to create confidence for customers.
* The three certification motivations and their landmark regulations: investor protection (SOX), patient protection (FDA), customer confidence (ISO). *
Three motivations, each tied to a landmark regulation:
| Goal | Regulation | Origin |
|---|---|---|
| Avoid financial mismanagement / protect investors | SOX 2002 (Sarbanes-Oxley) | Reaction to accounting scandals (Enron, Tyco, WorldCom) that cost investors billions and eroded confidence in US markets |
| Avoid health damage / protect patients | FDA (Food & Drug Administration) | Protects public health by ensuring safety/efficacy of drugs, food, devices |
| Create confidence for customers | ISO certification (e.g. ISO 9001) | Internationally recognized certification proving products/services meet defined standardization and quality requirements |
Go deeper:
Sarbanes–Oxley Act — Wikipedia — SOX 2002 als Reaktion auf Enron/WorldCom; Anlegerschutz, PCAOB, CEO/CFO-Zertifizierung.
ISO/IEC 27001 — Wikipedia — International anerkannte Zertifizierung, die Kundenvertrauen schafft.