The appetite for nationally recognised accreditation can be in no doubt – in its first six months, the Institute of Information Security Professionals (IISP) has received five times the number of applications it expected for its first year.

And that major bluechip companies such as Royal Bank of Scotland and BP are overcoming their usual reticence on security issues to participate in the fledgling institute’s job-swap mentoring service, adds further weight to the case.

Information security is no longer a fringe role understood only in terms of the IT department. And information security directors increasingly have a role across all business areas and report direct to the board.

But while attracting members to the institute is a good start, that is the easy part. What will be crucial, if the IISP is to make the most of such early success, is the design of the accreditation process itself.

The institute is the first organisation of its kind in the UK. Similar ventures that exist in the US are of limited scale and influence because the accreditation they provide lacks sufficient credibility to be adopted as an industry standard on a par with equivalents in, for example, the engineering sector.

So establishing the IISP as a trusted authority is crucial. And building flexibility into the accreditation process will also be vital if it is to provide a valid reflection of the breadth of skills and experience of fully competent information security directors.

At its best, national accreditation sets a trusted level of basic competence and forms the foundation of a recognised profession.

At its worst it limits experience and imagination, stultifying professional progress and creating a lowest common denominator qualification system with little genuine value outside its own parameters.

Demand suggests the IISP has an important role to play.

It is now up to the deft construction of the accreditation itself to ensure the institute delivers on the promise.

What do you think? Email us at: feedback@computing.co.uk