Security Basics mailing list archives
Re: ISO 17799
From: Alessandro Bottonelli <a.bottonelli () axis-net it>
Date: Thu, 24 Nov 2005 23:46:14 +0100
On Saturday 22 October 2005 09:45, siangmeng lim wrote:
Can someone help me in guiding me how a ISO 17799 certification process is carry out ?
To be rigorous, there's no such thing as an ISO 17799 certification, ISO 17799 being a "guideline" - you can certify vs. BS7799:2 which is the document with the "shall" (whereas the ISO doc replaces "shall"s with "should"s ...).
How should any organization approach this task if they have an intention to have their IT systems,
BS7799 (or as of Oct 15 -- ISO 270001) does not certify "IT Systems" but rather organizations. It may sound like philosophy or semantics -- but it makes a difference!
various depts in the organizations to have a certain level of control and management of information ? Is there a difference in approaches and deliverables if it is a private company vs a gov agency ?
Since I *do* this for a living... I may sound interested -- yet I honestly think you should hire an experienced professional for such a task. It may save time, effort, and money in the long run. My 2 Eurocents... -- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor Axis-Net Tel. +39 02 93595859 Web. http://www.axis-net.it
Current thread:
- Re: ISO 17799 Alessandro Bottonelli (Nov 25)
- Re: ISO 17799 aj rembert (Nov 28)