ISO 27001 (https://en.wikipedia.org/wiki/ISO/IEC_27001) certifies that information security is properly managed at a company or organisation. But the process of obtaining it is costly and time-consuming so I wanted to ask people who have experience with it: is it worth it?If you're a company doing B2B sales, how often do prospective customers ask about the certificate? Does it ever make or break a deal? When did you decide that it's time to get it done?
Thanks!