Search
Topics
  Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Downloads
· FAQ
· Feedback
· Forums
· Papers
· Statistics
· Surveys
· Top 10
· Topics
· Web Links
· Your Account

Who's Online
There are currently, 22 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

ISO17799 Search



Languages
Select Interface Language:


ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.

Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.

ISO 27001, ISO 27002 & ISO17799 User Group: Forums

17799.Com :: View topic - Auditing
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Auditing

 
Post new topic   Reply to topic    17799.Com Forum Index -> BS7799 / ISO 27001 Certification Issues
View previous topic :: View next topic  
Author Message
Arviragus
Newbie
Newbie


Joined: Dec 17, 2004
Posts: 22
Location: Ontario, Canada
PostPosted: Sat Dec 18, 2004 1:32 am    Post subject: Auditing Reply with quote
I have a question that pertains to the requirement for an ISMS to include an audit methodology and schedule (General requirement 4.3.3 and 6.4).

I've got the methodology down and document fine, however, I'm not sure what the standard requires in the scheduling. To be more precise, I'm not sure if the schedule is supposed to a) highlight the control and audit across the organization (i.e. A.5.2 - Information Classification - and then select random documents from various groups and see if they comply wiuth the control requirements), or b) select a specific department and then audit any releveant controls in that group (i.e. HR or IT).

Anyone have any ideas?
_________________
Cheers,
Arviragus

"Paranoia is the only sane approach. In this business, you would be crazy not to be paranoid."
Back to top
View user's profile
AndyB
Newbie
Newbie


Joined: Apr 19, 2005
Posts: 3
PostPosted: Tue Apr 19, 2005 11:18 pm    Post subject: Reply with quote
Whichever approach you want is good, as long as it is documented and the practice is followed. Both your options work as we use a mix of the two depending on department size and area of controls involved. The hardest part in ensuring that you area of personal resoponsibility is also audited to check that you are doing things right, unless you have access to another BS7799 internal auditor.


Andyb
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    17799.Com Forum Index -> BS7799 / ISO 27001 Certification Issues All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.8 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem, sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops © 2003 http://www.nukecops.com

Forums ©

 
The ISO 17799 Implementation Forum: A BS7799 / ISO27001, ISO17799 and ISO 27000 User Group
All logos and trademarks are property of their respective owner. Comments are property of their posters. The rest © 2005 ISO17799 / ISO 27002 Forum
AKA: BS 7799, SPE 20003, SS 627799, JIS X 5080, AS/NZS 4444, ISO 27001. Other links: UKAS accreditation body. SV
Website source phpnuke.org (c) 2003, and is Free Software under GNU / GPL licence. All Rights Are Reserved.