There are currently, 22 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Select Interface Language:
ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.
Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.
ISO 27001, ISO 27002 & ISO17799 User Group: Forums
Posted: Thu Mar 03, 2005 2:55 am Post subject: Certificacion Question
I am thinking in certificate my ISMS with BS 7799:2 but there is something i dont undertand.
Imagine i have finished a published my policies, i have made a risk assesment and i have select the controls i need from ISO 17799.
After that i have programmed the implementation of all the the controls. (In two years for example) ¿Do i have to implement all the controls before going to the certification or is it enough with the risk management programm?
Joined: Dec 17, 2004 Posts: 22 Location: Ontario, Canada
Posted: Sat Mar 12, 2005 2:35 am Post subject: Good start...
It sounds like you have made a great start and are on the right path, but having the paper work in place isn't sufficient by itself (remember Plan-Do-Check-Act). You might want to conduct a pre-audit to identify if what you have in place is sufficient and move on from there. _________________ Cheers,
"Paranoia is the only sane approach. In this business, you would be crazy not to be paranoid."
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum