[sgarland]

Which is bullshit, because the auditors ALWAYS miss stuff, even things I would think are painfully obvious. It’s a cottage industry that allows the C-Suite to assure investors that they have taken all necessary precautions, so when they get hacked they can point and say “we were certified!”

[vishnugupta]

I completely agree with you that they are mostly used as CYA. However, I'm speaking from practical standpoint where if you have to work in certain industries (banking, health, finance etc.,) the first thing you are asked is if you have XYZ certification.

[rcarmo]

It’s not a cottage industry. It is literally the law if you need to operate in some regions.