Re: ISO 17799

[Alessandro Bottonelli <a.bottonelli () axis-net it>]

On Saturday 22 October 2005 09:45, siangmeng lim wrote:
> Can someone help me in guiding me how a ISO 17799 certification
> process is carry out ?
To be rigorous, there's no such thing as an ISO 17799 certification, 
ISO 17799 being a "guideline" - you can certify vs. BS7799:2 which is 
the document with the "shall" (whereas the ISO doc replaces "shall"s 
with "should"s ...).

> How should any organization approach this 
> task if they have an intention to have their IT systems,
BS7799 (or as of Oct 15 -- ISO 270001) does not certify "IT Systems" 
but rather organizations. It may sound like philosophy or semantics 
-- but it makes a difference!

> various 
> depts in the organizations to have a certain level of control and
> management of information ? Is there a difference in approaches and
> deliverables if it is a private company vs a gov agency ?
Since I *do* this for a living... I may sound interested -- yet I 
honestly think you should hire an experienced professional for such a 
task. It may save time, effort, and money in the long run.

My 2 Eurocents...

-- 
Alessandro Bottonelli,
CISSP & BS7799 Lead Auditor
Axis-Net
Tel. +39 02 93595859
Web. http://www.axis-net.it