There are currently, 16 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
ISO17799 Search
Languages
Select Interface Language:
ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.
Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.
ISO 27001, ISO 27002 & ISO17799 User Group: Forums
17799.Com :: View topic - ISO27001/BS7799 Certification vs Sarbox Compliance
Posted: Thu Jun 22, 2006 1:52 am Post subject: ISO27001/BS7799 Certification vs Sarbox Compliance
Can anyone name an authoritative source that says that an ISO27001/BS7799 certification is an acceptable alternative to a SAS70 for Sarbox compliance purposes?
Yes, there is. PCAOB Audit Standard 2, which is freely available for download at pcaobus.org. It identifies a service auditors report (which is a type 2 SAS 70 report in the United States) as being the only acceptable report for inter-auditor communication. An ISO or BS 7799 certification has a completely different purpose, and does not necessarily address control objectives that are relavant to user organizations' internal controls over financial reporting. At best, it would only be good for informational purposes to a third party. Financial statement auditors would be prohibited from using any security "certification" for assessing control risk or SOX financial reporting controls.
There are also authoritative sources in the auditing world, but I will spare you the details.
I hope this helps.
Chris Schellman, CPA, CIA, CISA
Co-Founder
SAS 70 Solutions, Inc.
Posted: Sun Oct 18, 2009 11:20 am Post subject: SAS 70 vs ISO 27001 ?????
Could someone help me in order to know if I am able to use the ISO 27001 controls objectives for the SAS 70.
Actualy the company I work for has been ISO 27001 certified by the last month and for the following month it will be audit for the SAS 70.
I am trying to understand whether we could use the same controls objectives of the ISO 27001 for the SAS 70 IT general contols since 27001 is a very abroad standard?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Forum FAQ
Search
Usergroups
Profile
Log in to check your private messages
Log in
