Welcome to this, the seventh edition of The ISO27000 Newsletter, designed to keep you abreast of updates and developments with respect to the ISO 17799 information security standard.
The information contained in this newsletter is free to our subscribers and provides guidance on practical issues, plus commentary on recent Information Security incidents.
Included in this issue are the following topics:
ISO17799 - MORE FREQUENTLY ASKED QUESTIONS
1) Which ISO17799 controls are most important?
That largely depends upon the individual organization. However, ISO17799 does give some guidance, in the form of 'legislative essentials' and 'common best practice' under the IS "starting point" section. These are:
- intellectual property rights (12.1.2)
- information security policy document (3.1.1)
- reporting security incidents (6.3.1)
- allocation of information security responsibilities (4.1.3)
- information security education and training (6.2.1)
- business continuity management (11.1)
- safeguarding of organizational records (12.1.3)
- data protection and privacy of personal information (12.1.4)
2) ISO/IEC Guide 62?
This is basically for those bodies operating certification schemes. It contains the general requirements applicable to them.
3) Can I republish articles from ISO17799 News internally, on our company intranet, or even on our external internet site?
Subject to a reference (in the form of a link) to our web site, yes.
4) How do I become a certified auditor?
The International Register for Certified Auditors (http://www.irca.org) operates a certification scheme for ISMS auditors.
5) Who are the Accredited Certification bodies for the standard?
There are a growing number. However, the following are amongst them: BSI, Certification Europe, DNV, JACO IS, KEMA, KPMG, SFS-Sertifiointi Oy, SGS, STQC, SAI Global Limited, UIMCert GmbH
6) What is a Certification body?
An accredited certification body is a third party organization that assesses/certifies the IS management system against the standard (part 2).
7) Can I discuss ISO17799 with other people online?
A new forum has recently been created at: http://groups.yahoo.com/group/iso17799security/.
8) How does this standard fit with ISO 9000?
BS7799 is actually being "harmonized" with other management standards, including ISO 9000 and ISO 14000. Watch this space!