I do not make a pit of murder out of my heart. I consider 90% of the existing standards to be redundant, unnecessary and confusing, or as a colleague of mine once said: “As long as there are different sockets in Euopa, I don’t believe in standardization, certainly not in organization and management.”

This is true for most topics, but especially for organizational topics such as IT governance, records management, and somewhat less so for information security. What once started well and was launched with a lot of enthusiasm (I admit, I was part of it, too..) usually ends up in a flood of well-intentioned, but mostly completely overshooting requirements and specifications, olfactorically influenced by the stable smell of the authors. The reason for this lies primarily in the business model of ISO, but can of course also be explained by the general publishing frenzy in the academic environment, which produces only mass instead of class.

But now in practical terms: Do you use standards, and if so, how? Where do you see a benefit and where would you specifically advise against it? Please send us your opinion. We do not want theoretical feedback, but feedback and experience from real projects.