ISO/IEC 27001 for company certification

**junnix** · 02-20-2012, 01:42 PM

Hello Istoryans,

Anyone here have experience their company is applying for ISO/IEC 27001?
Your inputs are greatly appreciated.

thanks.

**Devian** · 02-20-2012, 02:14 PM

what do u like to know?

**junnix** · 02-20-2012, 03:17 PM

Originally Posted by Devian

what do u like to know?

The process and what IT personnel should prepare.

**Devian** · 02-20-2012, 04:05 PM

get a consultant. it will help your company prepare and guide you what to do on the process especially if first time. After certification, you can be on your own.

get a copy of the standard and review all processes as this does not involve the IT dept only.

Ex: from BS 7799-1:2005

10.10.4 Administrator and operator logs

Control - System Administrator and system operator activities should be logged.

Implementation - logs should include time, information about the event, account involved, process involved

System Administrator and operator logs should be reviewed on a regular basis.

Are you doing it? Do you have the logs? Is it complete per requirements? Are you reviewing it regularly? Show evidence!

---that's all you have to do....read the standard and implement what is required in order to comply.

**junnix** · 02-21-2012, 07:37 AM

Thanks Devian for the Info.

**Devian** · 02-21-2012, 11:50 PM

no problem.

you can ask me anytime.

Thread: ISO/IEC 27001 for company certification

Thread Tools

Search Thread