Thus, managers cannot rely simply on a statement from their Chief Information Officer – 'Security? Everything is fine! ' – without risking the company’s and their personal future. Steinhafel was the first CEO of a major corporation to lose his job due to a data leak. He is a former CEO of Target, the second biggest discount retailer in the USA. Gregg Steinhafel illustrated this involuntarily. Managers are held accountable for security incidents, even if they have no information security expertise. This article summarizes the relevant facts and points out topics that testing and development teams have to work on. They impact testers, developers, and release managers. The standard covers requirements applying to all organizations and ones relevant only for organizations with in-house software development and integration projects. Late in 2013, the International Organization for Standardization released a new version of its ISO 27001 information security standard. Published in testing experience, December 2014 What Developers and Testers need to know about the ISO 27001 Information Security Standard