こういうISO27001をとっている会社でも規約を守れていない会社があるっていう話。まぁ例外条件にしちゃえばぶっちゃけいいんですけどねぇ

Almost half of businesses that claim compliance with ISO 27001 are sharing privileged user accounts and breaking other standard guidance, according to a survey of IT managers.
Some 47 percent of firms in the UK said they were compliant with the standard. But forty-one percent of these said that they were using various non-compliant practices.
Bad practice by privileged users is putting European data at "high risk", according to the 'Privileged user management -- it's time to take control' report. These practices included use of default user names and passwords, the granting of wider access than is necessary, failure to monitor the users, and an ignorance around the existence of privileged users in the first place.
Two hundred and seventy European IT managers, including 45 in the UK, were interviewed for the survey that was conducted by Quocirca.

Almost half ISO 27001 'compliant' firms break with security | Hackers Center Blogs