Certificacion Question

iki · Newbie Joined: Mar 02, 2005 Posts: 21

hi,

I am thinking in certificate my ISMS with BS 7799:2 but there is something i dont undertand.
Imagine i have finished a published my policies, i have made a risk assesment and i have select the controls i need from ISO 17799.

After that i have programmed the implementation of all the the controls. (In two years for example) ¿Do i have to implement all the controls before going to the certification or is it enough with the risk management programm?

Thanks

Arviragus · Posted: Sat Mar 12, 2005 2:35 am Post subject: Good start...

It sounds like you have made a great start and are on the right path, but having the paper work in place isn't sufficient by itself (remember Plan-Do-Check-Act). You might want to conduct a pre-audit to identify if what you have in place is sufficient and move on from there.
_________________
Cheers,
Arviragus

"Paranoia is the only sane approach. In this business, you would be crazy not to be paranoid."

Equus08 · Newbie Joined: Mar 17, 2005 Posts: 3

Implementation is critical to verify effectiveness of the selected controls based on the results of your risk assessment.

Documenting the policies and procedures and conducting the risk assessment process are just "some" of the activities.

ARVIRAGUS is right in higlighting the PDCA cycle.

Cheers!


Create an account	Home · Topics · Downloads · Your Account · Submit News · Top 10


The ISO 17799 Implementation Forum: A BS7799 / ISO27001, ISO17799 and ISO 27000 User Group All logos and trademarks are property of their respective owner. Comments are property of their posters. The rest © 2005 ISO17799 / ISO 27002 Forum AKA: BS 7799, SPE 20003, SS 627799, JIS X 5080, AS/NZS 4444, ISO 27001. Other links: UKAS accreditation body. SV Website source phpnuke.org (c) 2003, and is Free Software under GNU / GPL licence. All Rights Are Reserved.