There are currently, 22 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Select Interface Language:
ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.
Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.
ISO 27001, ISO 27002 & ISO17799 User Group: Forums
Joined: Dec 17, 2004 Posts: 22 Location: Ontario, Canada
Posted: Sat Dec 18, 2004 1:32 am Post subject: Auditing
I have a question that pertains to the requirement for an ISMS to include an audit methodology and schedule (General requirement 4.3.3 and 6.4).
I've got the methodology down and document fine, however, I'm not sure what the standard requires in the scheduling. To be more precise, I'm not sure if the schedule is supposed to a) highlight the control and audit across the organization (i.e. A.5.2 - Information Classification - and then select random documents from various groups and see if they comply wiuth the control requirements), or b) select a specific department and then audit any releveant controls in that group (i.e. HR or IT).
Anyone have any ideas? _________________ Cheers,
"Paranoia is the only sane approach. In this business, you would be crazy not to be paranoid."
Whichever approach you want is good, as long as it is documented and the practice is followed. Both your options work as we use a mix of the two depending on department size and area of controls involved. The hardest part in ensuring that you area of personal resoponsibility is also audited to check that you are doing things right, unless you have access to another BS7799 internal auditor.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum