ISO/IEC 27000
Christophe Feltus
Member of the ISO Working Group on Identity Management
Member of the ISO Study Group on ICT Governance
Public Research Centre Henri Tudor,
29, Rue John F. Kennedy
L-1855 Luxembourg
christophe.feltus@tudor.lu
Outline
Beyond ISO 38500
Scope
Objectives
6 principles
Model for Corporate Governance of ICT
This standard provides a framework for effective governance of IT, to assist those at
the highest level of organizations to understand and fulfil their legal, ethical and
moral obligations in respect of their organizations use of IT. The framework
comprises definitions, principles and a model.
Performance
A.10.3.1 Capacity management
Internal auditing
Clause 6 Internal ISMS audits
Conclusions
This rough analysis shows that ISO/IEC 27001 and ISO/IEC 17799 have many
relationships with ICT governance.
New ICT governance standard should be taken into account these similarities
thoroughly so that inconsistent overlapping can be prevented.
This is very important especially if it will be possible to certify against this new
standard so that combined audits with both ISO/IEC 27001 and ICT governance
standard can be conducted in a logical and cost-effective way.
Source :
ISO/IEC 38500 : Corporate governance of information technology
ISO/IEC 27000 family
Inspecta Certification report for ISO/IEC 38500