auditing Information Security Management in ITIL
Information Security Management is one of the process areas in ITIL (Service Design phase). We are about to conduct a mini-assessment or audit on a client. And on this process area ONLY. Could someone shed some light on any template we can use? What are the generic high-level steps you would undertake to perform the mini audit?
I did read it... In fact multiple times
You state that you are doing a assessment of ISO27001 which is Information Security management
You ask for the forum members to provide you templates
You ask for the forum members to identify the generic high level steps that make up the audit
Hence my question
if you don't know how to do the audit - wtf is your organisation being paid to do something it does not know how to do
If you want people in the forum to assist you - are you going to pay them ?
Are you subcontracting this work to the ITIL Community Forum. I am sure the owners wouldn't mind that
My advice - look at ISO 27001 requirements and audit against that.
You state that you are doing a assessment of ISO27001 which is Information Security management
You ask for the forum members to provide you templates
You ask for the forum members to identify the generic high level steps that make up the audit
Hence my question
if you don't know how to do the audit - wtf is your organisation being paid to do something it does not know how to do
If you want people in the forum to assist you - are you going to pay them ?
Are you subcontracting this work to the ITIL Community Forum. I am sure the owners wouldn't mind that
My advice - look at ISO 27001 requirements and audit against that.
John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
Again, jumping the gun.UKVIKING wrote:I did read it... In fact multiple times
You state that you are doing a assessment of ISO27001 which is Information Security management
You ask for the forum members to provide you templates
You ask for the forum members to identify the generic high level steps that make up the audit
Hence my question
if you don't know how to do the audit - wtf is your organisation being paid to do something it does not know how to do
If you want people in the forum to assist you - are you going to pay them ?
Are you subcontracting this work to the ITIL Community Forum. I am sure the owners wouldn't mind that
My advice - look at ISO 27001 requirements and audit against that.
When I said 'shed some light on template' it could also mean providing references to articles or sections from ISO documents or diagrams found on the web.
You got temper mate. Thats not a characteristic of a good auditor or any professional and you will never succeed with your clients if you respond to people the way you do.
Apn888
Since there are no globally recognised templates for doing ISo27001, how can any one shed light on what template you should use without providing you the template - thereby doing your work for you ?
Second, we donot know what your customer has in regards to IT, IT Service Management, IT Data Manageemnt, IT Estate - Domain management - AD or what,. We also do not know which part of the world the company is located and how the country's local data protection are or are not.
In addition, you should know what to do as the high level steps for assessing a company's adherence to ISO27001 and what is missing and what is to be done next.
There -- you have the generic high level steps
Finally, I am not angry. I am embarrassed for your client. They have hired what was suppose to be a professional organisation capable of doing the ISO27001 assessment; however, they get you instead.
Oh. And I am not a consultant - neither are you by the way
Since there are no globally recognised templates for doing ISo27001, how can any one shed light on what template you should use without providing you the template - thereby doing your work for you ?
Second, we donot know what your customer has in regards to IT, IT Service Management, IT Data Manageemnt, IT Estate - Domain management - AD or what,. We also do not know which part of the world the company is located and how the country's local data protection are or are not.
In addition, you should know what to do as the high level steps for assessing a company's adherence to ISO27001 and what is missing and what is to be done next.
There -- you have the generic high level steps
Finally, I am not angry. I am embarrassed for your client. They have hired what was suppose to be a professional organisation capable of doing the ISO27001 assessment; however, they get you instead.
Oh. And I am not a consultant - neither are you by the way
John Hardesty
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter
ITSM Manager's Certificate (Red Badge)
Change Management is POWER & CONTROL. /....evil laughter