Posted: Tue Jun 06, 2017 5:48 pm Post subject: auditing Information Security Management in ITIL
Information Security Management is one of the process areas in ITIL (Service Design phase). We are about to conduct a mini-assessment or audit on a client. And on this process area ONLY. Could someone shed some light on any template we can use? What are the generic high-level steps you would undertake to perform the mini audit?
Joined: Sep 16, 2006 Posts: 3553 Location: London, UK
Posted: Thu Jun 15, 2017 4:48 pm Post subject:
Since there are no globally recognised templates for doing ISo27001, how can any one shed light on what template you should use without providing you the template - thereby doing your work for you ?
Second, we donot know what your customer has in regards to IT, IT Service Management, IT Data Manageemnt, IT Estate - Domain management - AD or what,. We also do not know which part of the world the company is located and how the country's local data protection are or are not.
In addition, you should know what to do as the high level steps for assessing a company's adherence to ISO27001 and what is missing and what is to be done next.
There -- you have the generic high level steps
Finally, I am not angry. I am embarrassed for your client. They have hired what was suppose to be a professional organisation capable of doing the ISO27001 assessment; however, they get you instead.
Oh. And I am not a consultant - neither are you by the way _________________ John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum